pkgforge 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ac90e273bc0303e88e4f525c7d853a1ad67ddd2c
-  data.tar.gz: 02060d0ace973d3174ca67e453236677b5973a21
+  metadata.gz: c16805362110e03411e169346b7681ac5ae3194c
+  data.tar.gz: 59482c2a3441d6b0859cea95eb3861edb04d74cb
 SHA512:
-  metadata.gz: 9f29266946b37986f13702574ddfd920aed6564f42e4ee5b1f406a794b9d6cbac3bae1fba02d86407d4de65006ac85cfbb4e27c09de792f7463c5a4af147971d
-  data.tar.gz: fb6f0542af36377911148c6d96fa6c5b7eff128a6ecc548d2219a1158df735c0f2099e6b4e6ef72efda5f6d2b7bbef55cd12e3f7d5857688a533310f73d0d94b
+  metadata.gz: eafb1a937ba14493b98900bac9ebf8890b696b91bb1412e9f4d1cb24441fe52283b966dbb8f17317c907205ac2867370441080a621a21d66af21c4f5a16955c1
+  data.tar.gz: c24bd85a4a0e613651cadb8ef859c0da7af9b0d5b474d0827b47d8cb7c6c7a886ff0f6b13e6dec930dbf7413cc08e7ec15082924f618c3290d810431e4fc3bf5

data/lib/pkgforge/builddsl.rb

@@ -27,7 +27,8 @@ module PkgForge
       end
       env = {
         'CC' => 'musl-gcc',
-        'CFLAGS' => @forge.cflags,
+        'CFLAGS' => @forge.all_cflags,
+        'LDFLAGS' => @forge.all_cflags,
         'LIBS' => @forge.libs
       }
       run ['./configure'] + flag_strings, env

data/lib/pkgforge/forge.rb

@@ -17,7 +17,7 @@ module PkgForge
 
     attr_accessor :name, :org, :deps, :configure_flags, :version_block,
                   :patches, :build_block, :test_block, :license, :cflags,
-                  :libs
+                  :libs, :harden_flags
 
     Contract Maybe[HashOf[Symbol => Any]] => nil
     def initialize(params = {})

data/lib/pkgforge/forgedsl.rb

@@ -77,15 +77,34 @@ module PkgForge
     Contract Maybe[String] => nil
     def cflags(value = nil)
       default = '-I%{dep}/usr/include -L%{dep}/usr/lib'
-      value ||= @forge.deps.map { |x, _| default % { dep: dep(x) } }.join(' ')
-      @forge.cflags = value
+      value ||= @forge.deps.map { |x, _| default % { dep: dep(x) }.split }
+      @forge.cflags = value.flatten
       nil
     end
 
     Contract Maybe[String] => nil
     def libs(value = nil)
-      value ||= @forge.deps.map { |x, _| '-l' + x }.join(' ')
+      value ||= @forge.deps.map { |x, _| '-l' + x }
       @forge.libs = value
+      nil
+    end
+
+    # hamelessly sourced from:
+    # https://blog.mayflower.de/5800-Hardening-Compiler-Flags-for-NixOS.html
+    HARDEN_OPTS = {
+      format: %w(-Wformat -Wformat-security -Werror=format-security),
+      stackprotector: %w(-fstack-protector-strong --param ssp-buffer-size=4),
+      fortify: %w(-O2 -D_FORTIFY_SOURCE=2),
+      pic: '-fPIC',
+      strictoverflow: '-fno-strict-overflow',
+      relro: '-z=relro',
+      bindnow: '-z=bindnow',
+      pie: %w(-fPIE -pie)
+    }.freeze
+
+    Contract Maybe[Array[String]] => nil
+    def harden(list = [])
+      @forge.harden_flags = HARDEN_OPTS.reject { |k, _| list.include? k.to_s }
     end
   end
 end

data/lib/pkgforge/helpers.rb

@@ -30,6 +30,11 @@ module PkgForge
       end
     end
 
+    Contract None => Array[String]
+    def all_cflags
+      @forge.cflags + @forge.harden_flags
+    end
+
     private
 
     Contract Symbol => String

data/lib/pkgforge/version.rb

@@ -1,5 +1,5 @@
 ##
 # Declare version number
 module PkgForge
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.2.1'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pkgforge
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Les Aker
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-28 00:00:00.000000000 Z
+date: 2016-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mercenary