diff options
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | PKGBUILD | 10 | ||||
-rw-r--r-- | buildenv_ext.conf | 2 | ||||
-rw-r--r-- | optipng-exec.sh.in | 2 | ||||
-rw-r--r-- | pic.sh.in | 22 | ||||
-rw-r--r-- | pie.sh.in | 22 |
6 files changed, 60 insertions, 8 deletions
@@ -18,6 +18,8 @@ pkgbase = makepkg-optimize source = pgo.sh.in source = lto.sh.in source = graphite.sh.in + source = pic.sh.in + source = pie.sh.in source = upx-exec.sh.in source = optipng-exec.sh.in source = svgo-exec.sh.in @@ -35,11 +37,13 @@ pkgbase = makepkg-optimize source = pkgopts_ext.conf source = pkgopts-param_ext.conf source = compress-param_max.conf - sha1sums = da515153d456ed53f6744c3ce4e6dd9a9ea3b892 + sha1sums = c0f79e56db3a546aa7921e90f03c1dccfa02e2d7 sha1sums = 4078b286395e17bbcfbd14244ab48bbfce24988d sha1sums = 6b719a47146aedae186a7e63b6058507c4948d9f + sha1sums = 19c92b582e44c7b4d939fa8c3adabaca2b142b77 + sha1sums = f50b881245cfce6cd1cc120370fca07e180d2a94 sha1sums = a079a302708342cc0549f56e2b5e17f483fbbbd1 - sha1sums = 62bebfa9c71aea4107598d065e91e1ab8b6c43bc + sha1sums = e8358ced786a996a5763faa42f3541900b86647e sha1sums = 9c27d5cef8a12385b385b64e65fce39244e1be4b sha1sums = c93ebf06772fb34d5f707062ddec9faab0b9994f sha1sums = 1a815037390c67195ed831b7887884a42785010a @@ -50,7 +54,7 @@ pkgbase = makepkg-optimize sha1sums = 202d11e49a611bb400029512cf159a0f8645a6db sha1sums = 2e2cd8c680a86518652543fda9092bf2ab594660 sha1sums = 981eab856abb43c5e093620cdf4d8bfa2d690805 - sha1sums = a2d4cc385d2395ec35094f63dc17847e73bbd565 + sha1sums = 48dfa865011051441aa3b1b261ac076948a40b98 sha1sums = 357102cec0aa56d74955bbf66ae694db74627dab sha1sums = 1fc8035e64b739e20c70fbb4eaa5cb7aa1c63c90 sha1sums = 5d0cde13b50641371e4ec4d813d6b2dfae493889 @@ -13,7 +13,7 @@ replaces=('makepkg-optimize2' pacman-buildenv_ext-git) depends=('pacman-git') optdepends=('upx' 'optipng' 'nodejs-svgo') backup=(etc/makepkg-optimize.conf) -_buildenv=({pgo,lto,graphite}.sh.in) +_buildenv=({pgo,lto,graphite,pic,pie}.sh.in) _executable=({upx,optipng,svgo}-exec.sh.in) _tidy=({upx,optipng,svgo}.sh.in) _conf=({{c,cxx,make,ld,debug-make,cmake-}flags,{buildenv,destdirs,pkgopts{,-param}}_ext,compress-param_max}.conf) @@ -22,11 +22,13 @@ source=(${_buildenv[@]} ${_tidy[@]} ${_conf[@]} ) -sha1sums=('da515153d456ed53f6744c3ce4e6dd9a9ea3b892' +sha1sums=('c0f79e56db3a546aa7921e90f03c1dccfa02e2d7' '4078b286395e17bbcfbd14244ab48bbfce24988d' '6b719a47146aedae186a7e63b6058507c4948d9f' + '19c92b582e44c7b4d939fa8c3adabaca2b142b77' + 'f50b881245cfce6cd1cc120370fca07e180d2a94' 'a079a302708342cc0549f56e2b5e17f483fbbbd1' - '62bebfa9c71aea4107598d065e91e1ab8b6c43bc' + 'e8358ced786a996a5763faa42f3541900b86647e' '9c27d5cef8a12385b385b64e65fce39244e1be4b' 'c93ebf06772fb34d5f707062ddec9faab0b9994f' '1a815037390c67195ed831b7887884a42785010a' @@ -37,7 +39,7 @@ sha1sums=('da515153d456ed53f6744c3ce4e6dd9a9ea3b892' '202d11e49a611bb400029512cf159a0f8645a6db' '2e2cd8c680a86518652543fda9092bf2ab594660' '981eab856abb43c5e093620cdf4d8bfa2d690805' - 'a2d4cc385d2395ec35094f63dc17847e73bbd565' + '48dfa865011051441aa3b1b261ac076948a40b98' '357102cec0aa56d74955bbf66ae694db74627dab' '1fc8035e64b739e20c70fbb4eaa5cb7aa1c63c90' '5d0cde13b50641371e4ec4d813d6b2dfae493889' diff --git a/buildenv_ext.conf b/buildenv_ext.conf index 500b7ef8d5c9..7b254ca6adcf 100644 --- a/buildenv_ext.conf +++ b/buildenv_ext.conf @@ -1,3 +1,5 @@ #-- lto: Use link-time optimization #-- pgo: Generate or utilize profile guided optimization #-- graphite: Use Graphite loop optimizations +#-- pic: Use address space layout randomization for shared libraries +#-- pie: Use address space layout randomization for executables diff --git a/optipng-exec.sh.in b/optipng-exec.sh.in index eb7211161feb..13bf6dac30b9 100644 --- a/optipng-exec.sh.in +++ b/optipng-exec.sh.in @@ -1,6 +1,6 @@ #!/usr/bin/bash # -# optipng.sh - Optimize PNG image files +# optipng.sh - Confirm presence of optipng executable # [[ -n "$LIBMAKEPKG_EXECUTABLE_OPTIPNG_SH" ]] && return diff --git a/pic.sh.in b/pic.sh.in new file mode 100644 index 000000000000..485a6dd1a0b7 --- /dev/null +++ b/pic.sh.in @@ -0,0 +1,22 @@ +#!/usr/bin/bash +# +# pic.sh - Compile shared libraries with address space layout randomization +# + +[[ -n "$LIBMAKEPKG_BUILDENV_PIC_SH" ]] && return +LIBMAKEPKG_BUILDENV_PIC_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/option.sh" + +build_options+=('pic') +buildenv_functions+=('buildenv_pic') + +buildenv_lto() { + if check_buildoption "pic" "y"; then + CFLAGS+=" -fpic" + CXXFLAGS+=" -fpic" + LDFLAGS+=" -shared" + fi +} diff --git a/pie.sh.in b/pie.sh.in new file mode 100644 index 000000000000..d39a80c3fe26 --- /dev/null +++ b/pie.sh.in @@ -0,0 +1,22 @@ +#!/usr/bin/bash +# +# pie.sh - Compile executables with address space layout randomization +# + +[[ -n "$LIBMAKEPKG_BUILDENV_PIE_SH" ]] && return +LIBMAKEPKG_BUILDENV_PIE_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/option.sh" + +build_options+=('pie') +buildenv_functions+=('buildenv_pie') + +buildenv_lto() { + if check_buildoption "pie" "y"; then + CFLAGS+=" -fpie" + CXXFLAGS+=" -fpie" + LDFLAGS+=" -pie" + fi +} |