From: Theodore Ts'o Date: Wed, 13 Jun 2012 19:29:13 +0000 (-0400) Subject: Fix blhc (Build Log Hardening Check) warnings X-Git-Tag: v1.42.5~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1986ecb6fc68427db7579d409929939117e45ff;p=thirdparty%2Fe2fsprogs.git Fix blhc (Build Log Hardening Check) warnings The Build Log Hardening Check is a debian tool which scans the output of a package build making sure that the security hardening flags are used when compiling and linking all of binaries in a package. For the most part we were passing CFLAGS, CPPFLAGS, and LDFLAGS down to the compiler and link commands, but there there were one or two exceptions. In addition, there where a few places in "make install" where the V=1 option was not being honored, which triggered blhc warnings since it couldn't analyze those commands. The e2fsck.static was the only binary that was not getting built and packaged with the hardening flags, but I've fixed all of the blhc warnings so in the future it will be obvious if we regress. Signed-off-by: "Theodore Ts'o" --- diff --git a/MCONFIG.in b/MCONFIG.in index 0c7452204..fa2b03eff 100644 --- a/MCONFIG.in +++ b/MCONFIG.in @@ -35,15 +35,19 @@ datadir = @datadir@ @ifGNUmake@ V = @ifGNUmake@ ifeq ($(strip $(V)),) @ifGNUmake@ # E = @echo +@ifGNUmake@ # ES = echo @ifGNUmake@ # Q = @ @ifGNUmake@ E = @E@ +@ifGNUmake@ ES = @ES@ @ifGNUmake@ Q = @Q@ @ifGNUmake@ else @ifGNUmake@ E = @\# +@ifGNUmake@ ES = \# @ifGNUmake@ Q = @ifGNUmake@ endif @ifNotGNUmake@ E = @E@ +@ifNotGNUmake@ ES = @ES@ @ifNotGNUmake@ Q = @Q@ CC = @CC@ diff --git a/configure b/configure index b741112e7..732119efc 100755 --- a/configure +++ b/configure @@ -713,6 +713,7 @@ BSDLIB_CMT ELF_CMT HTREE_CMT Q +ES E LINK_BUILD_FLAGS SYMLINK_RELATIVE @@ -4434,11 +4435,13 @@ then { $as_echo "$as_me:${as_lineno-$LINENO}: result: Disabling verbose make commands" >&5 $as_echo "Disabling verbose make commands" >&6; } E=@echo + ES=echo Q=@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: Enabling verbose make commands" >&5 $as_echo "Enabling verbose make commands" >&6; } E=@\\# + ES=\\# Q= fi @@ -4446,12 +4449,14 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: Disabling verbose make commands" >&5 $as_echo "Disabling verbose make commands" >&6; } E=@echo +ES=echo Q=@ fi + # Check whether --enable-compression was given. if test "${enable_compression+set}" = set; then : enableval=$enable_compression; if test "$enableval" = "no" @@ -11304,7 +11309,7 @@ if test "$USE_INCLUDED_LIBINTL" = "yes" ; then fi if test $cross_compiling = no; then - BUILD_CFLAGS="$CFLAGS" + BUILD_CFLAGS="$CFLAGS $CPPFLAGS" BUILD_LDFLAGS="$LDFLAGS" else BUILD_CFLAGS= diff --git a/configure.in b/configure.in index aa4c777b0..7373e8e99 100644 --- a/configure.in +++ b/configure.in @@ -212,18 +212,22 @@ if test "$enableval" = "no" then AC_MSG_RESULT([Disabling verbose make commands]) E=@echo + ES=echo Q=@ else AC_MSG_RESULT([Enabling verbose make commands]) E=@\\# + ES=\\# Q= fi , AC_MSG_RESULT([Disabling verbose make commands]) E=@echo +ES=echo Q=@ ) AC_SUBST(E) +AC_SUBST(ES) AC_SUBST(Q) dnl dnl handle --enable-compression @@ -1230,7 +1234,7 @@ dnl dnl Build CFLAGS dnl if test $cross_compiling = no; then - BUILD_CFLAGS="$CFLAGS" + BUILD_CFLAGS="$CFLAGS $CPPFLAGS" BUILD_LDFLAGS="$LDFLAGS" else BUILD_CFLAGS= diff --git a/debian/rules b/debian/rules index 1f6e7b4a8..cf8e070c1 100755 --- a/debian/rules +++ b/debian/rules @@ -258,9 +258,11 @@ endif ifneq ($(ismips),) mkdir -p ${mipsbuilddir} ${mipsbuilddir64} cd ${mipsbuilddir} && AWK=/usr/bin/awk \ - ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} CFLAGS="${CFLAGS}" + ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} \ + CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" cd ${mipsbuilddir64} && AWK=/usr/bin/awk \ - ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} CFLAGS="${CFLAGS}" + ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} \ + CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" endif mkdir -p ${STAMPSDIR} @@ -293,11 +295,13 @@ ifeq ($(DEB_BUILD_ARCH),$(DEB_HOST_ARCH)) if type diet > /dev/null 2>&1 ; then \ cd ${staticbuilddir} && AWK=/usr/bin/awk \ ${topdir}/configure ${STATIC_CONF_FLAGS} \ - ${WITH_DIET_LIBC} CFLAGS="${CFLAGS}"; \ + ${WITH_DIET_LIBC} CFLAGS="${CFLAGS}" \ + CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"; \ else \ cd ${staticbuilddir} && AWK=/usr/bin/awk \ ${topdir}/configure ${STATIC_CONF_FLAGS} \ - CFLAGS="${CFLAGS}"; \ + CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" \ + LDFLAGS="$(LDFLAGS)"; \ fi else cd ${staticbuilddir} && AWK=/usr/bin/awk CC="${DEB_HOST_GNU_TYPE}-gcc" \ @@ -342,6 +346,7 @@ ${BUILDBFSTAMP}: ${CFGBFSTAMP} $(MAKE) -C ${bfbuilddir} V=1 libs $(MAKE) -C ${bfbuilddir}/e2fsck V=1 all $(MAKE) -C ${bfbuilddir}/misc V=1 all + $(MAKE) -C ${bfbuilddir}/resize V=1 all touch ${BUILDBFSTAMP} build-static: ${BUILDSTATICSTAMP} @@ -354,9 +359,9 @@ ${BUILDSTATICSTAMP}: ${CFGSTATICSTAMP} clean: dh_testdir rm -rf ${STAMPSDIR} - [ ! -f ${stdbuilddir}/Makefile ] || $(MAKE) -C ${stdbuilddir} distclean - [ ! -f ${bfbuilddir}/Makefile ] || $(MAKE) -C ${bfbuilddir} distclean - [ ! -f ${staticbuilddir}/Makefile ] || $(MAKE) -C ${staticbuilddir} distclean + [ ! -f ${stdbuilddir}/Makefile ] || $(MAKE) -C ${stdbuilddir} V=1 distclean + [ ! -f ${bfbuilddir}/Makefile ] || $(MAKE) -C ${bfbuilddir} V=1 distclean + [ ! -f ${staticbuilddir}/Makefile ] || $(MAKE) -C ${staticbuilddir} V=1 distclean rm -rf ${stdbuilddir} ${bfbuilddir} ${staticbuilddir} ${mipsbuilddir} ${mipsbuilddir64} rm -f debian/*.substvars dh_clean @@ -378,10 +383,10 @@ install-std: build dh_installdirs mkdir -p ${tmpdir}/sbin - $(MAKE) -C ${stdbuilddir} install DESTDIR=${tmpdir} \ + $(MAKE) -C ${stdbuilddir} V=1 install DESTDIR=${tmpdir} \ INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true # static libs and .h files - $(MAKE) -C ${stdbuilddir} install-libs DESTDIR=${tmpdir} LDCONFIG=true + $(MAKE) -C ${stdbuilddir} V=1 install-libs DESTDIR=${tmpdir} LDCONFIG=true # statically-linked fsck ${INSTALL_PROGRAM} $(E2FSCK_STATIC) ${tmpdir}/sbin @@ -410,13 +415,13 @@ install-udeb: build dh_testdir dh_testroot - $(MAKE) -C ${bfbuilddir} install-shlibs-libs-recursive DESTDIR=${udebdir} \ + $(MAKE) -C ${bfbuilddir} V=1 install-shlibs-libs-recursive DESTDIR=${udebdir} \ INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true - $(MAKE) -C ${bfbuilddir}/e2fsck install DESTDIR=${udebdir} \ + $(MAKE) -C ${bfbuilddir}/e2fsck V=1 install DESTDIR=${udebdir} \ INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true - $(MAKE) -C ${bfbuilddir}/misc install DESTDIR=${udebdir} \ + $(MAKE) -C ${bfbuilddir}/misc V=1 install DESTDIR=${udebdir} \ INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true - $(MAKE) -C ${bfbuilddir}/resize install DESTDIR=${udebdir} \ + $(MAKE) -C ${bfbuilddir}/resize V=1 install DESTDIR=${udebdir} \ INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true rm -rf ${udebdir}/usr diff --git a/e2fsck/Makefile.in b/e2fsck/Makefile.in index c51bfdb6a..a52bbe168 100644 --- a/e2fsck/Makefile.in +++ b/e2fsck/Makefile.in @@ -136,7 +136,7 @@ e2fsck.profiled: $(PROFILED_OBJS) $(PROFILED_DEPLIBS) gen_crc32table: $(srcdir)/gen_crc32table.c $(E) " CC $@" - $(Q) $(BUILD_CC) $(BUILD_CFLAGS) -o gen_crc32table \ + $(Q) $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) -o gen_crc32table \ $(srcdir)/gen_crc32table.c crc32table.h: gen_crc32table @@ -216,11 +216,11 @@ installdirs: install: $(PROGS) $(MANPAGES) $(FMANPAGES) installdirs $(Q) for i in $(PROGS); do \ - echo " INSTALL $(root_sbindir)/$$i"; \ + $(ES) " INSTALL $(root_sbindir)/$$i"; \ $(INSTALL_PROGRAM) $$i $(DESTDIR)$(root_sbindir)/$$i; \ done $(Q) for i in ext2 ext3 ext4 ext4dev; do \ - echo " LINK $(root_sbindir)/fsck.$$i"; \ + $(ES) " LINK $(root_sbindir)/fsck.$$i"; \ (cd $(DESTDIR)$(root_sbindir); \ $(LN) $(LINK_INSTALL_FLAGS) e2fsck fsck.$$i); \ done @@ -228,25 +228,25 @@ install: $(PROGS) $(MANPAGES) $(FMANPAGES) installdirs for j in $(COMPRESS_EXT); do \ $(RM) -f $(DESTDIR)$(man8dir)/$$i.$$j; \ done; \ - echo " INSTALL_DATA $(man8dir)/$$i"; \ + $(ES) " INSTALL_DATA $(man8dir)/$$i"; \ $(INSTALL_DATA) $$i $(DESTDIR)$(man8dir)/$$i; \ done $(Q) for i in $(FMANPAGES); do \ for j in $(COMPRESS_EXT); do \ $(RM) -f $(DESTDIR)$(man5dir)/$$i.$$j; \ done; \ - echo " INSTALL_DATA $(man5dir)/$$i"; \ + $(ES) " INSTALL_DATA $(man5dir)/$$i"; \ $(INSTALL_DATA) $$i $(DESTDIR)$(man5dir)/$$i; \ done $(Q) for i in ext2 ext3 ext4 ext4dev; do \ - echo " LINK $(man8dir)/fsck.$$i.8"; \ + $(ES) " LINK $(man8dir)/fsck.$$i.8"; \ (cd $(DESTDIR)$(man8dir); \ $(LN) $(LINK_INSTALL_FLAGS) e2fsck.8 fsck.$$i.8); \ done install-strip: install $(Q) for i in $(PROGS); do \ - echo " STRIP $(root_sbindir)/$$i"; \ + $(ES) " STRIP $(root_sbindir)/$$i"; \ $(STRIP) $(DESTDIR)$(root_sbindir)/$$i; \ done diff --git a/lib/ext2fs/Makefile.in b/lib/ext2fs/Makefile.in index f9200fa60..0d9ac2194 100644 --- a/lib/ext2fs/Makefile.in +++ b/lib/ext2fs/Makefile.in @@ -463,7 +463,7 @@ $(OBJS): subdirs gen_crc32ctable: $(srcdir)/gen_crc32ctable.c $(E) " CC $@" - $(Q) $(BUILD_CC) $(BUILD_CFLAGS) -o gen_crc32ctable \ + $(Q) $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) -o gen_crc32ctable \ $(srcdir)/gen_crc32ctable.c crc32c_table.h: gen_crc32ctable diff --git a/lib/uuid/Makefile.in b/lib/uuid/Makefile.in index caa13f78a..7329467e9 100644 --- a/lib/uuid/Makefile.in +++ b/lib/uuid/Makefile.in @@ -86,8 +86,8 @@ tst_uuid: tst_uuid.o $(DEPSTATIC_LIBUUID) uuid_time: $(srcdir)/uuid_time.c $(DEPLIBUUID) $(E) " LD $@" - $(Q) $(CC) $(ALL_CFLAGS) -DDEBUG -o uuid_time $(srcdir)/uuid_time.c \ - $(LIBUUID) + $(Q) $(CC) $(ALL_CFLAGS) $(LDFLAGS) -DDEBUG -o uuid_time \ + $(srcdir)/uuid_time.c $(LIBUUID) uuid.3: $(DEP_SUBSTITUTE) $(srcdir)/uuid.3.in $(E) " SUBST $@" diff --git a/misc/Makefile.in b/misc/Makefile.in index cc0b93901..06921264f 100644 --- a/misc/Makefile.in +++ b/misc/Makefile.in @@ -410,7 +410,7 @@ blkid.1: $(DEP_SUBSTITUTE) $(srcdir)/blkid.1.in $(Q) $(SUBSTITUTE_UPTIME) $(srcdir)/blkid.1.in blkid.1 e2freefrag.8: $(DEP_SUBSTITUTE) $(srcdir)/e2freefrag.8.in - @echo " SUBST $@" + $(E) " SUBST $@" @$(SUBSTITUTE_UPTIME) $(srcdir)/e2freefrag.8.in e2freefrag.8 filefrag.8: $(DEP_SUBSTITUTE) $(srcdir)/filefrag.8.in @@ -427,44 +427,44 @@ installdirs: install: all $(SMANPAGES) $(UMANPAGES) installdirs $(Q) for i in $(SPROGS); do \ - echo " INSTALL $(root_sbindir)/$$i"; \ + $(ES) " INSTALL $(root_sbindir)/$$i"; \ $(INSTALL_PROGRAM) $$i $(DESTDIR)$(root_sbindir)/$$i; \ done $(Q) for i in $(USPROGS); do \ - echo " INSTALL $(sbindir)/$$i"; \ + $(ES) " INSTALL $(sbindir)/$$i"; \ $(INSTALL_PROGRAM) $$i $(DESTDIR)$(sbindir)/$$i; \ done $(Q) for i in ext2 ext3 ext4 ext4dev; do \ - echo " LINK $(root_sbindir)/mkfs.$$i"; \ + $(ES) " LINK $(root_sbindir)/mkfs.$$i"; \ (cd $(DESTDIR)$(root_sbindir); \ $(LN) $(LINK_INSTALL_FLAGS) mke2fs mkfs.$$i); \ done $(Q) (cd $(DESTDIR)$(root_sbindir); \ $(LN) $(LINK_INSTALL_FLAGS) tune2fs e2label) $(Q) if test -n "$(FINDFS_LINK)"; then \ - echo " LINK $(root_sbindir)/findfs"; \ + $(ES) " LINK $(root_sbindir)/findfs"; \ (cd $(DESTDIR)$(root_sbindir); \ $(LN) $(LINK_INSTALL_FLAGS) tune2fs $(FINDFS_LINK)); \ fi $(Q) for i in $(UPROGS); do \ - echo " INSTALL $(bindir)/$$i"; \ + $(ES) " INSTALL $(bindir)/$$i"; \ $(INSTALL_PROGRAM) $$i $(DESTDIR)$(bindir)/$$i; \ done $(Q) for i in $(LPROGS); do \ - echo " INSTALL $(libdir)/$$i"; \ + $(ES) " INSTALL $(libdir)/$$i"; \ $(INSTALL_PROGRAM) $$i $(DESTDIR)$(libdir)/$$i; \ done $(Q) for i in $(SMANPAGES); do \ for j in $(COMPRESS_EXT); do \ $(RM) -f $(DESTDIR)$(man8dir)/$$i.$$j; \ done; \ - echo " INSTALL_DATA $(man8dir)/$$i"; \ + $(ES) " INSTALL_DATA $(man8dir)/$$i"; \ $(INSTALL_DATA) $$i $(DESTDIR)$(man8dir)/$$i; \ done $(Q) $(RM) -f $(DESTDIR)$(man8dir)/mkfs.ext2.8.gz \ $(DESTDIR)$(man8dir)/mkfs.ext3.8.gz $(Q) for i in ext2 ext3 ext4 ext4dev; do \ - echo " LINK mkfs.$$i.8"; \ + $(ES) " LINK mkfs.$$i.8"; \ (cd $(DESTDIR)$(man8dir); \ $(LN) $(LINK_INSTALL_FLAGS) mke2fs.8 mkfs.$$i.8); \ done @@ -472,14 +472,14 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs for j in $(COMPRESS_EXT); do \ $(RM) -f $(DESTDIR)$(man1dir)/$$i.$$j; \ done; \ - echo " INSTALL_DATA $(man1dir)/$$i"; \ + $(ES) " INSTALL_DATA $(man1dir)/$$i"; \ $(INSTALL_DATA) $$i $(DESTDIR)$(man1dir)/$$i; \ done $(Q) for i in $(FMANPAGES); do \ for j in $(COMPRESS_EXT); do \ $(RM) -f $(DESTDIR)$(man5dir)/$$i.$$j; \ done; \ - echo " INSTALL_DATA $(man5dir)/$$i"; \ + $(ES) " INSTALL_DATA $(man5dir)/$$i"; \ $(INSTALL_DATA) $$i $(DESTDIR)$(man5dir)/$$i; \ done $(Q) if test -f $(DESTDIR)$(root_sysconfdir)/mke2fs.conf; then \ @@ -488,13 +488,13 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs true; \ else \ if grep -q ext4dev $(DESTDIR)$(root_sysconfdir)/mke2fs.conf ; then \ - echo " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \ + $(ES) " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \ $(INSTALL_DATA) mke2fs.conf \ $(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-new; \ echo "Warning: installing mke2fs.conf in $(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \ echo "Check to see if you need to update your $(root_sysconfdir)/mke2fs.conf"; \ else \ - echo " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \ + $(ES) " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \ mv $(DESTDIR)$(root_sysconfdir)/mke2fs.conf \ $(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-old; \ $(INSTALL_DATA) mke2fs.conf \ @@ -506,18 +506,18 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs echo " "; \ fi; \ else \ - echo " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \ + $(ES) " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \ $(INSTALL_DATA) mke2fs.conf \ $(DESTDIR)$(root_sysconfdir)/mke2fs.conf; \ fi install-strip: install $(Q) for i in $(SPROGS); do \ - echo " STRIP $(root_sbindir)/$$i"; \ + $(E) " STRIP $(root_sbindir)/$$i"; \ $(STRIP) $(DESTDIR)$(root_sbindir)/$$i; \ done $(Q) for i in $(USPROGS); do \ - echo " STRIP $(sbindir)/$$i"; \ + $(E) " STRIP $(sbindir)/$$i"; \ $(STRIP) $(DESTDIR)$(sbindir)/$$i; \ done