This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
commit 2125e8dd7388e2adb9b6c837f4832fe8f0f63b25 Author: Guillem Jover <guil...@debian.org> Date: Mon Sep 18 00:54:25 2017 +0200 Dpkg::Vendor::Debian: Merge build flag methods into a single private method This reduces code redundancy, and makes it possible to reuse common code for various feature areas. --- debian/changelog | 2 + scripts/Dpkg/Vendor/Debian.pm | 217 +++++++++++++++++++----------------------- 2 files changed, 100 insertions(+), 119 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8eeff2e..fa941b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -80,6 +80,8 @@ dpkg (1.19.0) UNRELEASED; urgency=medium - Do not execute code when importing Dpkg::Control::FieldsCore. - Use substr instead of a regex to match the first line characters in when parsing control files in Dpkg::Control::HashCore. + - Merge build flag methods into a single _add_build_flags private method + in Dpkg::Vendor::Debian. * Documentation: - Document currently accepted syntax for changelogs in deb-changelog(5). Closes: #858579 diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 833176b..4b5436e 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -78,10 +78,7 @@ sub run_hook { $$textref .= "Bug-Ubuntu: https://bugs.launchpad.net/bugs/$bug\n"; } } elsif ($hook eq 'update-buildflags') { - $self->_add_qa_flags(@params); - $self->_add_reproducible_flags(@params); - $self->_add_sanitize_flags(@params); - $self->_add_hardening_flags(@params); + $self->_add_build_flags(@params); } elsif ($hook eq 'builtin-system-build-paths') { return qw(/build/); } else { @@ -101,20 +98,65 @@ sub _parse_feature_area { $opts->parse_features($area, $use_feature); } -sub _add_qa_flags { +sub _add_build_flags { my ($self, $flags) = @_; # Default feature states. my %use_feature = ( - bug => 0, - canary => 0, + qa => { + bug => 0, + canary => 0, + }, + reproducible => { + timeless => 1, + fixdebugpath => 1, + }, + sanitize => { + address => 0, + thread => 0, + leak => 0, + undefined => 0, + }, + hardening => { + # XXX: This is set to undef so that we can cope with the brokenness + # of gcc managing this feature builtin. + pie => undef, + stackprotector => 1, + stackprotectorstrong => 1, + fortify => 1, + format => 1, + relro => 1, + bindnow => 0, + }, ); + my %builtin_feature = ( + hardening => { + pie => 1, + }, + ); + + ## Setup + # Adjust features based on user or maintainer's desires. - $self->_parse_feature_area('qa', \%use_feature); + foreach my $area (sort keys %use_feature) { + $self->_parse_feature_area($area, $use_feature{$area}); + } + + require Dpkg::Arch; + + my $arch = Dpkg::Arch::get_host_arch(); + my ($abi, $libc, $os, $cpu) = Dpkg::Arch::debarch_to_debtuple($arch); + + unless (defined $abi and defined $libc and defined $os and defined $cpu) { + warning(g_("unknown host architecture '%s'"), $arch); + ($abi, $os, $cpu) = ('', '', ''); + } + + ## Area: qa # Warnings that detect actual bugs. - if ($use_feature{bug}) { + if ($use_feature{qa}{bug}) { foreach my $warnflag (qw(array-bounds clobbered volatile-register-var implicit-function-declaration)) { $flags->append('CFLAGS', "-Werror=$warnflag"); @@ -123,7 +165,7 @@ sub _add_qa_flags { } # Inject dummy canary options to detect issues with build flag propagation. - if ($use_feature{canary}) { + if ($use_feature{qa}{canary}) { require Digest::MD5; my $id = Digest::MD5::md5_hex(int rand 4096); @@ -133,28 +175,12 @@ sub _add_qa_flags { $flags->append('LDFLAGS', "-Wl,-z,deb-canary-${id}"); } - # Store the feature usage. - while (my ($feature, $enabled) = each %use_feature) { - $flags->set_feature('qa', $feature, $enabled); - } -} - -sub _add_reproducible_flags { - my ($self, $flags) = @_; - - # Default feature states. - my %use_feature = ( - timeless => 1, - fixdebugpath => 1, - ); + ## Area: reproducible my $build_path; - # Adjust features based on user or maintainer's desires. - $self->_parse_feature_area('reproducible', \%use_feature); - # Mask features that might have an unsafe usage. - if ($use_feature{fixdebugpath}) { + if ($use_feature{reproducible}{fixdebugpath}) { require Cwd; $build_path = $ENV{DEB_BUILD_PATH} || Cwd::cwd(); @@ -168,12 +194,12 @@ sub _add_reproducible_flags { } # Warn when the __TIME__, __DATE__ and __TIMESTAMP__ macros are used. - if ($use_feature{timeless}) { + if ($use_feature{reproducible}{timeless}) { $flags->append('CPPFLAGS', '-Wdate-time'); } # Avoid storing the build path in the debug symbols. - if ($use_feature{fixdebugpath}) { + if ($use_feature{reproducible}{fixdebugpath}) { my $map = '-fdebug-prefix-map=' . $build_path . '=.'; $flags->append('CFLAGS', $map); $flags->append('CXXFLAGS', $map); @@ -184,150 +210,96 @@ sub _add_reproducible_flags { $flags->append('GCJFLAGS', $map); } - # Store the feature usage. - while (my ($feature, $enabled) = each %use_feature) { - $flags->set_feature('reproducible', $feature, $enabled); - } -} - -sub _add_sanitize_flags { - my ($self, $flags) = @_; - - # Default feature states. - my %use_feature = ( - address => 0, - thread => 0, - leak => 0, - undefined => 0, - ); - - # Adjust features based on user or maintainer's desires. - $self->_parse_feature_area('sanitize', \%use_feature); + ## Area: sanitize # Handle logical feature interactions. - if ($use_feature{address} and $use_feature{thread}) { + if ($use_feature{sanitize}{address} and $use_feature{sanitize}{thread}) { # Disable the thread sanitizer when the address one is active, they # are mutually incompatible. - $use_feature{thread} = 0; + $use_feature{sanitize}{thread} = 0; } - if ($use_feature{address} or $use_feature{thread}) { + if ($use_feature{sanitize}{address} or $use_feature{sanitize}{thread}) { # Disable leak sanitizer, it is implied by the address or thread ones. - $use_feature{leak} = 0; + $use_feature{sanitize}{leak} = 0; } - if ($use_feature{address}) { + if ($use_feature{sanitize}{address}) { my $flag = '-fsanitize=address -fno-omit-frame-pointer'; $flags->append('CFLAGS', $flag); $flags->append('CXXFLAGS', $flag); $flags->append('LDFLAGS', '-fsanitize=address'); } - if ($use_feature{thread}) { + if ($use_feature{sanitize}{thread}) { my $flag = '-fsanitize=thread'; $flags->append('CFLAGS', $flag); $flags->append('CXXFLAGS', $flag); $flags->append('LDFLAGS', $flag); } - if ($use_feature{leak}) { + if ($use_feature{sanitize}{leak}) { $flags->append('LDFLAGS', '-fsanitize=leak'); } - if ($use_feature{undefined}) { + if ($use_feature{sanitize}{undefined}) { my $flag = '-fsanitize=undefined'; $flags->append('CFLAGS', $flag); $flags->append('CXXFLAGS', $flag); $flags->append('LDFLAGS', $flag); } - # Store the feature usage. - while (my ($feature, $enabled) = each %use_feature) { - $flags->set_feature('sanitize', $feature, $enabled); - } -} - -sub _add_hardening_flags { - my ($self, $flags) = @_; - - require Dpkg::Arch; - - my $arch = Dpkg::Arch::get_host_arch(); - my ($abi, $libc, $os, $cpu) = Dpkg::Arch::debarch_to_debtuple($arch); - - unless (defined $abi and defined $libc and defined $os and defined $cpu) { - warning(g_("unknown host architecture '%s'"), $arch); - ($abi, $os, $cpu) = ('', '', ''); - } - - # Default feature states. - my %use_feature = ( - # XXX: This is set to undef so that we can cope with the brokenness - # of gcc managing this feature builtin. - pie => undef, - stackprotector => 1, - stackprotectorstrong => 1, - fortify => 1, - format => 1, - relro => 1, - bindnow => 0, - ); - my %builtin_feature = ( - pie => 1, - ); + ## Area: hardening + # Mask builtin features that are not enabled by default in the compiler. my %builtin_pie_arch = map { $_ => 1 } qw( amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64el powerpc ppc64 ppc64el s390x sparc sparc64 ); - - # Mask builtin features that are not enabled by default in the compiler. if (not exists $builtin_pie_arch{$arch}) { - $builtin_feature{pie} = 0; + $builtin_feature{hardening}{pie} = 0; } - # Adjust features based on user or maintainer's desires. - $self->_parse_feature_area('hardening', \%use_feature); - # Mask features that are not available on certain architectures. if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ or $cpu =~ /^(?:hppa|avr32)$/) { # Disabled on non-(linux/kfreebsd/knetbsd/hurd). # Disabled on hppa, avr32 # (#574716). - $use_feature{pie} = 0; + $use_feature{hardening}{pie} = 0; } if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') { # Stack protector disabled on ia64, alpha, hppa, nios2. # "warning: -fstack-protector not supported for this target" # Stack protector disabled on arm (ok on armel). # compiler supports it incorrectly (leads to SEGV) - $use_feature{stackprotector} = 0; + $use_feature{hardening}{stackprotector} = 0; } if ($cpu =~ /^(?:ia64|hppa|avr32)$/) { # relro not implemented on ia64, hppa, avr32. - $use_feature{relro} = 0; + $use_feature{hardening}{relro} = 0; } # Mask features that might be influenced by other flags. if ($flags->{build_options}->has('noopt')) { # glibc 2.16 and later warn when using -O0 and _FORTIFY_SOURCE. - $use_feature{fortify} = 0; + $use_feature{hardening}{fortify} = 0; } # Handle logical feature interactions. - if ($use_feature{relro} == 0) { + if ($use_feature{hardening}{relro} == 0) { # Disable bindnow if relro is not enabled, since it has no # hardening ability without relro and may incur load penalties. - $use_feature{bindnow} = 0; + $use_feature{hardening}{bindnow} = 0; } - if ($use_feature{stackprotector} == 0) { + if ($use_feature{hardening}{stackprotector} == 0) { # Disable stackprotectorstrong if stackprotector is disabled. - $use_feature{stackprotectorstrong} = 0; + $use_feature{hardening}{stackprotectorstrong} = 0; } # PIE - if (defined $use_feature{pie} and $use_feature{pie} and - not $builtin_feature{pie}) { + if (defined $use_feature{hardening}{pie} and + $use_feature{hardening}{pie} and + not $builtin_feature{hardening}{pie}) { my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs"; $flags->append('CFLAGS', $flag); $flags->append('OBJCFLAGS', $flag); @@ -337,8 +309,9 @@ sub _add_hardening_flags { $flags->append('CXXFLAGS', $flag); $flags->append('GCJFLAGS', $flag); $flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs"); - } elsif (defined $use_feature{pie} and not $use_feature{pie} and - $builtin_feature{pie}) { + } elsif (defined $use_feature{hardening}{pie} and + not $use_feature{hardening}{pie} and + $builtin_feature{hardening}{pie}) { my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs"; $flags->append('CFLAGS', $flag); $flags->append('OBJCFLAGS', $flag); @@ -351,7 +324,7 @@ sub _add_hardening_flags { } # Stack protector - if ($use_feature{stackprotectorstrong}) { + if ($use_feature{hardening}{stackprotectorstrong}) { my $flag = '-fstack-protector-strong'; $flags->append('CFLAGS', $flag); $flags->append('OBJCFLAGS', $flag); @@ -360,7 +333,7 @@ sub _add_hardening_flags { $flags->append('FCFLAGS', $flag); $flags->append('CXXFLAGS', $flag); $flags->append('GCJFLAGS', $flag); - } elsif ($use_feature{stackprotector}) { + } elsif ($use_feature{hardening}{stackprotector}) { my $flag = '-fstack-protector --param=ssp-buffer-size=4'; $flags->append('CFLAGS', $flag); $flags->append('OBJCFLAGS', $flag); @@ -372,12 +345,12 @@ sub _add_hardening_flags { } # Fortify Source - if ($use_feature{fortify}) { + if ($use_feature{hardening}{fortify}) { $flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=2'); } # Format Security - if ($use_feature{format}) { + if ($use_feature{hardening}{format}) { my $flag = '-Wformat -Werror=format-security'; $flags->append('CFLAGS', $flag); $flags->append('CXXFLAGS', $flag); @@ -386,23 +359,29 @@ sub _add_hardening_flags { } # Read-only Relocations - if ($use_feature{relro}) { + if ($use_feature{hardening}{relro}) { $flags->append('LDFLAGS', '-Wl,-z,relro'); } # Bindnow - if ($use_feature{bindnow}) { + if ($use_feature{hardening}{bindnow}) { $flags->append('LDFLAGS', '-Wl,-z,now'); } + ## Commit + # Set used features to their builtin setting if unset. - foreach my $feature (keys %builtin_feature) { - $use_feature{$feature} //= $builtin_feature{$feature}; + foreach my $area (sort keys %builtin_feature) { + foreach my $feature (keys %{$builtin_feature{$area}}) { + $use_feature{$area}{$feature} //= $builtin_feature{$area}{$feature}; + } } # Store the feature usage. - while (my ($feature, $enabled) = each %use_feature) { - $flags->set_feature('hardening', $feature, $enabled); + foreach my $area (sort keys %use_feature) { + while (my ($feature, $enabled) = each %{$use_feature{$area}}) { + $flags->set_feature($area, $feature, $enabled); + } } } -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/dpkg/dpkg.git