[dpkg] 157/192: Dpkg::Vendor::Debian: Merge build flag methods into a single private method
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:04:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit 2125e8dd7388e2adb9b6c837f4832fe8f0f63b25
Author: Guillem Jover <guillem at debian.org>
Date: Mon Sep 18 00:54:25 2017 +0200
Dpkg::Vendor::Debian: Merge build flag methods into a single private method
This reduces code redundancy, and makes it possible to reuse common code
for various feature areas.
---
debian/changelog | 2 +
scripts/Dpkg/Vendor/Debian.pm | 217 +++++++++++++++++++-----------------------
2 files changed, 100 insertions(+), 119 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 8eeff2e..fa941b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -80,6 +80,8 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
- Do not execute code when importing Dpkg::Control::FieldsCore.
- Use substr instead of a regex to match the first line characters in
when parsing control files in Dpkg::Control::HashCore.
+ - Merge build flag methods into a single _add_build_flags private method
+ in Dpkg::Vendor::Debian.
* Documentation:
- Document currently accepted syntax for changelogs in deb-changelog(5).
Closes: #858579
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 833176b..4b5436e 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -78,10 +78,7 @@ sub run_hook {
$$textref .= "Bug-Ubuntu: https://bugs.launchpad.net/bugs/$bug\n";
}
} elsif ($hook eq 'update-buildflags') {
- $self->_add_qa_flags(@params);
- $self->_add_reproducible_flags(@params);
- $self->_add_sanitize_flags(@params);
- $self->_add_hardening_flags(@params);
+ $self->_add_build_flags(@params);
} elsif ($hook eq 'builtin-system-build-paths') {
return qw(/build/);
} else {
@@ -101,20 +98,65 @@ sub _parse_feature_area {
$opts->parse_features($area, $use_feature);
}
-sub _add_qa_flags {
+sub _add_build_flags {
my ($self, $flags) = @_;
# Default feature states.
my %use_feature = (
- bug => 0,
- canary => 0,
+ qa => {
+ bug => 0,
+ canary => 0,
+ },
+ reproducible => {
+ timeless => 1,
+ fixdebugpath => 1,
+ },
+ sanitize => {
+ address => 0,
+ thread => 0,
+ leak => 0,
+ undefined => 0,
+ },
+ hardening => {
+ # XXX: This is set to undef so that we can cope with the brokenness
+ # of gcc managing this feature builtin.
+ pie => undef,
+ stackprotector => 1,
+ stackprotectorstrong => 1,
+ fortify => 1,
+ format => 1,
+ relro => 1,
+ bindnow => 0,
+ },
);
+ my %builtin_feature = (
+ hardening => {
+ pie => 1,
+ },
+ );
+
+ ## Setup
+
# Adjust features based on user or maintainer's desires.
- $self->_parse_feature_area('qa', \%use_feature);
+ foreach my $area (sort keys %use_feature) {
+ $self->_parse_feature_area($area, $use_feature{$area});
+ }
+
+ require Dpkg::Arch;
+
+ my $arch = Dpkg::Arch::get_host_arch();
+ my ($abi, $libc, $os, $cpu) = Dpkg::Arch::debarch_to_debtuple($arch);
+
+ unless (defined $abi and defined $libc and defined $os and defined $cpu) {
+ warning(g_("unknown host architecture '%s'"), $arch);
+ ($abi, $os, $cpu) = ('', '', '');
+ }
+
+ ## Area: qa
# Warnings that detect actual bugs.
- if ($use_feature{bug}) {
+ if ($use_feature{qa}{bug}) {
foreach my $warnflag (qw(array-bounds clobbered volatile-register-var
implicit-function-declaration)) {
$flags->append('CFLAGS', "-Werror=$warnflag");
@@ -123,7 +165,7 @@ sub _add_qa_flags {
}
# Inject dummy canary options to detect issues with build flag propagation.
- if ($use_feature{canary}) {
+ if ($use_feature{qa}{canary}) {
require Digest::MD5;
my $id = Digest::MD5::md5_hex(int rand 4096);
@@ -133,28 +175,12 @@ sub _add_qa_flags {
$flags->append('LDFLAGS', "-Wl,-z,deb-canary-${id}");
}
- # Store the feature usage.
- while (my ($feature, $enabled) = each %use_feature) {
- $flags->set_feature('qa', $feature, $enabled);
- }
-}
-
-sub _add_reproducible_flags {
- my ($self, $flags) = @_;
-
- # Default feature states.
- my %use_feature = (
- timeless => 1,
- fixdebugpath => 1,
- );
+ ## Area: reproducible
my $build_path;
- # Adjust features based on user or maintainer's desires.
- $self->_parse_feature_area('reproducible', \%use_feature);
-
# Mask features that might have an unsafe usage.
- if ($use_feature{fixdebugpath}) {
+ if ($use_feature{reproducible}{fixdebugpath}) {
require Cwd;
$build_path = $ENV{DEB_BUILD_PATH} || Cwd::cwd();
@@ -168,12 +194,12 @@ sub _add_reproducible_flags {
}
# Warn when the __TIME__, __DATE__ and __TIMESTAMP__ macros are used.
- if ($use_feature{timeless}) {
+ if ($use_feature{reproducible}{timeless}) {
$flags->append('CPPFLAGS', '-Wdate-time');
}
# Avoid storing the build path in the debug symbols.
- if ($use_feature{fixdebugpath}) {
+ if ($use_feature{reproducible}{fixdebugpath}) {
my $map = '-fdebug-prefix-map=' . $build_path . '=.';
$flags->append('CFLAGS', $map);
$flags->append('CXXFLAGS', $map);
@@ -184,150 +210,96 @@ sub _add_reproducible_flags {
$flags->append('GCJFLAGS', $map);
}
- # Store the feature usage.
- while (my ($feature, $enabled) = each %use_feature) {
- $flags->set_feature('reproducible', $feature, $enabled);
- }
-}
-
-sub _add_sanitize_flags {
- my ($self, $flags) = @_;
-
- # Default feature states.
- my %use_feature = (
- address => 0,
- thread => 0,
- leak => 0,
- undefined => 0,
- );
-
- # Adjust features based on user or maintainer's desires.
- $self->_parse_feature_area('sanitize', \%use_feature);
+ ## Area: sanitize
# Handle logical feature interactions.
- if ($use_feature{address} and $use_feature{thread}) {
+ if ($use_feature{sanitize}{address} and $use_feature{sanitize}{thread}) {
# Disable the thread sanitizer when the address one is active, they
# are mutually incompatible.
- $use_feature{thread} = 0;
+ $use_feature{sanitize}{thread} = 0;
}
- if ($use_feature{address} or $use_feature{thread}) {
+ if ($use_feature{sanitize}{address} or $use_feature{sanitize}{thread}) {
# Disable leak sanitizer, it is implied by the address or thread ones.
- $use_feature{leak} = 0;
+ $use_feature{sanitize}{leak} = 0;
}
- if ($use_feature{address}) {
+ if ($use_feature{sanitize}{address}) {
my $flag = '-fsanitize=address -fno-omit-frame-pointer';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('LDFLAGS', '-fsanitize=address');
}
- if ($use_feature{thread}) {
+ if ($use_feature{sanitize}{thread}) {
my $flag = '-fsanitize=thread';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('LDFLAGS', $flag);
}
- if ($use_feature{leak}) {
+ if ($use_feature{sanitize}{leak}) {
$flags->append('LDFLAGS', '-fsanitize=leak');
}
- if ($use_feature{undefined}) {
+ if ($use_feature{sanitize}{undefined}) {
my $flag = '-fsanitize=undefined';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('LDFLAGS', $flag);
}
- # Store the feature usage.
- while (my ($feature, $enabled) = each %use_feature) {
- $flags->set_feature('sanitize', $feature, $enabled);
- }
-}
-
-sub _add_hardening_flags {
- my ($self, $flags) = @_;
-
- require Dpkg::Arch;
-
- my $arch = Dpkg::Arch::get_host_arch();
- my ($abi, $libc, $os, $cpu) = Dpkg::Arch::debarch_to_debtuple($arch);
-
- unless (defined $abi and defined $libc and defined $os and defined $cpu) {
- warning(g_("unknown host architecture '%s'"), $arch);
- ($abi, $os, $cpu) = ('', '', '');
- }
-
- # Default feature states.
- my %use_feature = (
- # XXX: This is set to undef so that we can cope with the brokenness
- # of gcc managing this feature builtin.
- pie => undef,
- stackprotector => 1,
- stackprotectorstrong => 1,
- fortify => 1,
- format => 1,
- relro => 1,
- bindnow => 0,
- );
- my %builtin_feature = (
- pie => 1,
- );
+ ## Area: hardening
+ # Mask builtin features that are not enabled by default in the compiler.
my %builtin_pie_arch = map { $_ => 1 } qw(
amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386
mips mipsel mips64el powerpc ppc64 ppc64el s390x sparc sparc64
);
-
- # Mask builtin features that are not enabled by default in the compiler.
if (not exists $builtin_pie_arch{$arch}) {
- $builtin_feature{pie} = 0;
+ $builtin_feature{hardening}{pie} = 0;
}
- # Adjust features based on user or maintainer's desires.
- $self->_parse_feature_area('hardening', \%use_feature);
-
# Mask features that are not available on certain architectures.
if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ or
$cpu =~ /^(?:hppa|avr32)$/) {
# Disabled on non-(linux/kfreebsd/knetbsd/hurd).
# Disabled on hppa, avr32
# (#574716).
- $use_feature{pie} = 0;
+ $use_feature{hardening}{pie} = 0;
}
if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
# Stack protector disabled on ia64, alpha, hppa, nios2.
# "warning: -fstack-protector not supported for this target"
# Stack protector disabled on arm (ok on armel).
# compiler supports it incorrectly (leads to SEGV)
- $use_feature{stackprotector} = 0;
+ $use_feature{hardening}{stackprotector} = 0;
}
if ($cpu =~ /^(?:ia64|hppa|avr32)$/) {
# relro not implemented on ia64, hppa, avr32.
- $use_feature{relro} = 0;
+ $use_feature{hardening}{relro} = 0;
}
# Mask features that might be influenced by other flags.
if ($flags->{build_options}->has('noopt')) {
# glibc 2.16 and later warn when using -O0 and _FORTIFY_SOURCE.
- $use_feature{fortify} = 0;
+ $use_feature{hardening}{fortify} = 0;
}
# Handle logical feature interactions.
- if ($use_feature{relro} == 0) {
+ if ($use_feature{hardening}{relro} == 0) {
# Disable bindnow if relro is not enabled, since it has no
# hardening ability without relro and may incur load penalties.
- $use_feature{bindnow} = 0;
+ $use_feature{hardening}{bindnow} = 0;
}
- if ($use_feature{stackprotector} == 0) {
+ if ($use_feature{hardening}{stackprotector} == 0) {
# Disable stackprotectorstrong if stackprotector is disabled.
- $use_feature{stackprotectorstrong} = 0;
+ $use_feature{hardening}{stackprotectorstrong} = 0;
}
# PIE
- if (defined $use_feature{pie} and $use_feature{pie} and
- not $builtin_feature{pie}) {
+ if (defined $use_feature{hardening}{pie} and
+ $use_feature{hardening}{pie} and
+ not $builtin_feature{hardening}{pie}) {
my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs";
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
@@ -337,8 +309,9 @@ sub _add_hardening_flags {
$flags->append('CXXFLAGS', $flag);
$flags->append('GCJFLAGS', $flag);
$flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs");
- } elsif (defined $use_feature{pie} and not $use_feature{pie} and
- $builtin_feature{pie}) {
+ } elsif (defined $use_feature{hardening}{pie} and
+ not $use_feature{hardening}{pie} and
+ $builtin_feature{hardening}{pie}) {
my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs";
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
@@ -351,7 +324,7 @@ sub _add_hardening_flags {
}
# Stack protector
- if ($use_feature{stackprotectorstrong}) {
+ if ($use_feature{hardening}{stackprotectorstrong}) {
my $flag = '-fstack-protector-strong';
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
@@ -360,7 +333,7 @@ sub _add_hardening_flags {
$flags->append('FCFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('GCJFLAGS', $flag);
- } elsif ($use_feature{stackprotector}) {
+ } elsif ($use_feature{hardening}{stackprotector}) {
my $flag = '-fstack-protector --param=ssp-buffer-size=4';
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
@@ -372,12 +345,12 @@ sub _add_hardening_flags {
}
# Fortify Source
- if ($use_feature{fortify}) {
+ if ($use_feature{hardening}{fortify}) {
$flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=2');
}
# Format Security
- if ($use_feature{format}) {
+ if ($use_feature{hardening}{format}) {
my $flag = '-Wformat -Werror=format-security';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
@@ -386,23 +359,29 @@ sub _add_hardening_flags {
}
# Read-only Relocations
- if ($use_feature{relro}) {
+ if ($use_feature{hardening}{relro}) {
$flags->append('LDFLAGS', '-Wl,-z,relro');
}
# Bindnow
- if ($use_feature{bindnow}) {
+ if ($use_feature{hardening}{bindnow}) {
$flags->append('LDFLAGS', '-Wl,-z,now');
}
+ ## Commit
+
# Set used features to their builtin setting if unset.
- foreach my $feature (keys %builtin_feature) {
- $use_feature{$feature} //= $builtin_feature{$feature};
+ foreach my $area (sort keys %builtin_feature) {
+ foreach my $feature (keys %{$builtin_feature{$area}}) {
+ $use_feature{$area}{$feature} //= $builtin_feature{$area}{$feature};
+ }
}
# Store the feature usage.
- while (my ($feature, $enabled) = each %use_feature) {
- $flags->set_feature('hardening', $feature, $enabled);
+ foreach my $area (sort keys %use_feature) {
+ while (my ($feature, $enabled) = each %{$use_feature{$area}}) {
+ $flags->set_feature($area, $feature, $enabled);
+ }
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list