Mercurial > dropbear
view debian/rules @ 1861:2b3a8026a6ce
Add re-exec for server
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.
Overhead (memory and time) is yet to be confirmed.
At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 30 Jan 2022 10:14:56 +0800 |
| parents | 7b68e581985f |
| children |
line wrap: on
line source
#!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk #export DH_OPTIONS DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) STRIP =strip ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) STRIP =: nostrip endif CONFFLAGS = CC =gcc ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS))) CONFFLAGS =--disable-zlib CC =diet -v -Os gcc -nostdinc endif DIR =$(shell pwd)/debian/dropbear patch: deb-checkdir patch-stamp patch-stamp: for i in `ls -1 debian/diff/*.diff || :`; do \ patch -p1 <$$i || exit 1; \ done touch patch-stamp config.status: patch-stamp configure CC='$(CC)' \ CFLAGS='$(CFLAGS)'' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \ ./configure --host='$(DEB_HOST_GNU_TYPE)' \ --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \ --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ $(CONFFLAGS) build: deb-checkdir build-stamp build-stamp: config.status $(MAKE) CC='$(CC)' LD='$(CC)' touch build-stamp clean: deb-checkdir deb-checkuid test ! -r Makefile || $(MAKE) distclean rm -f libtomcrypt/Makefile libtommath/Makefile test ! -e patch-stamp || \ for i in `ls -1r debian/diff/*.diff || :`; do \ patch -p1 -R <$$i; \ done rm -f patch-stamp build-stamp config.log config.status rm -rf '$(DIR)' rm -f debian/files debian/substvars debian/copyright changelog install: deb-checkdir deb-checkuid build-stamp rm -rf '$(DIR)' install -d -m0755 '$(DIR)'/etc/dropbear # programs install -d -m0755 '$(DIR)'/usr/sbin install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear install -d -m0755 '$(DIR)'/usr/bin install -m0755 dbclient '$(DIR)'/usr/bin/dbclient install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey install -d -m0755 '$(DIR)'/usr/lib/dropbear install -m0755 dropbearconvert \ '$(DIR)'/usr/lib/dropbear/dropbearconvert $(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \ '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/* # init and run scripts install -d -m0755 '$(DIR)'/etc/init.d install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run install -d -m0755 '$(DIR)'/etc/dropbear/log install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main # man pages install -d -m0755 '$(DIR)'/usr/share/man/man8 install -d -m0755 '$(DIR)'/usr/share/man/man1 install -m644 dropbear.8 '$(DIR)'/usr/share/man/man8/ for i in dbclient.1 dropbearkey.1 dropbearconvert.1; do \ install -m644 $$i '$(DIR)'/usr/share/man/man1/ || exit 1; \ done gzip -9 '$(DIR)'/usr/share/man/man8/*.8 gzip -9 '$(DIR)'/usr/share/man/man1/*.1 # copyright, changelog cat debian/copyright.in LICENSE >debian/copyright test -r changelog || ln -s CHANGES changelog binary-indep: binary-arch: install dropbear.deb test '$(CC)' != 'gcc' || \ dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \ '$(DIR)'/usr/lib/dropbear/* dpkg-gencontrol -isp -pdropbear -P'$(DIR)' dpkg -b '$(DIR)' .. binary: binary-arch binary-indep .PHONY: patch build clean install binary-indep binary-arch binary include debian/implicit