matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Package debugging and hardening for dhcpmon and dhcp6relay (#9862)

Browse Source 
Enable dbgsym package for dhcpmon.

Allow CFLAGS and LDFLAGS from environment variables to be used
in the dhcp6relay build. This makes sure that the -O2 flag from
dpkg-buildflags gets used.

Finally, enable all hardening flags in dpkg-buildflags for
dhcp6relay and dhcpmon. The change from the default set of flags is that
during linking, immediate binding of symbols is done instead of lazy
binding.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This commit is contained in:
Saikrishna Arcot 2022-01-27 17:48:58 -08:00 committed by GitHub
parent 018a6495da
commit bcf5388f25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rules/dhcpmon.mk
View File

@ -6,3 +6,6 @@ SONIC_DHCPMON_PKG_NAME = dhcpmon
SONIC_DHCPMON = sonic-$(SONIC_DHCPMON_PKG_NAME)_$(SONIC_DHCPMON_VERSION)_$(CONFIGURED_ARCH).deb SONIC_DHCPMON = sonic-$(SONIC_DHCPMON_PKG_NAME)_$(SONIC_DHCPMON_VERSION)_$(CONFIGURED_ARCH).deb
$(SONIC_DHCPMON)_SRC_PATH = $(SRC_PATH)/$(SONIC_DHCPMON_PKG_NAME) $(SONIC_DHCPMON)_SRC_PATH = $(SRC_PATH)/$(SONIC_DHCPMON_PKG_NAME)
SONIC_DPKG_DEBS += $(SONIC_DHCPMON) SONIC_DPKG_DEBS += $(SONIC_DHCPMON)
SONIC_DHCPMON_DBG = sonic-$(SONIC_DHCPMON_PKG_NAME)-dbgsym_$(SONIC_DHCPMON_VERSION)_$(CONFIGURED_ARCH).deb
$(eval $(call add_derived_package,$(SONIC_DHCPMON),$(SONIC_DHCPMON_DBG)))

2
rules/docker-dhcp-relay.mk
View File

@ -9,7 +9,7 @@ $(DOCKER_DHCP_RELAY)_PATH = $(DOCKERS_PATH)/$(DOCKER_DHCP_RELAY_STEM)
$(DOCKER_DHCP_RELAY)_DEPENDS += $(ISC_DHCP_RELAY) $(SONIC_DHCPMON) $(SONIC_DHCP6RELAY) $(LIBSWSSCOMMON) $(DOCKER_DHCP_RELAY)_DEPENDS += $(ISC_DHCP_RELAY) $(SONIC_DHCPMON) $(SONIC_DHCP6RELAY) $(LIBSWSSCOMMON)
$(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_DEPENDS) $(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_DEPENDS)
$(DOCKER_DHCP_RELAY)_DBG_DEPENDS += $(ISC_DHCP_RELAY_DBG) $(SONIC_DHCP6RELAY_DBG) $(DOCKER_DHCP_RELAY)_DBG_DEPENDS += $(ISC_DHCP_RELAY_DBG) $(SONIC_DHCP6RELAY_DBG) $(SONIC_DHCPMON_DBG)
$(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_IMAGE_PACKAGES) $(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_IMAGE_PACKAGES)

4
src/dhcp6relay/Makefile
View File

@ -5,7 +5,7 @@ MKDIR := mkdir
CC := g++ CC := g++
MV := mv MV := mv
LIBS := -levent -lhiredis -lswsscommon -pthread -lboost_thread -lboost_system LIBS := -levent -lhiredis -lswsscommon -pthread -lboost_thread -lboost_system
CFLAGS = -g -Wall -std=c++17 -fPIC -I $(PWD)/../sonic-swss-common/common CFLAGS += -Wall -std=c++17 -fPIE -I$(PWD)/../sonic-swss-common/common
PWD := $(shell pwd) PWD := $(shell pwd)
ifneq ($(MAKECMDGOALS),clean) ifneq ($(MAKECMDGOALS),clean)
@ -21,7 +21,7 @@ all: sonic-dhcp6relay
sonic-dhcp6relay: $(OBJS) sonic-dhcp6relay: $(OBJS)
@echo 'Building target: $@' @echo 'Building target: $@'
@echo 'Invoking: G++ Linker' @echo 'Invoking: G++ Linker'
$(CC) -o $(DHCP6RELAY_TARGET) $(OBJS) $(LIBS) $(CC) $(LDFLAGS) -o $(DHCP6RELAY_TARGET) $(OBJS) $(LIBS)
@echo 'Finished building target: $@' @echo 'Finished building target: $@'
@echo ' ' @echo ' '

2
src/dhcp6relay/debian/rules
View File

@ -1,4 +1,6 @@
#!/usr/bin/make -f #!/usr/bin/make -f
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
%: %:
dh $@ --parallel dh $@ --parallel

2
src/dhcpmon/debian/rules
View File

@ -1,5 +1,7 @@
#!/usr/bin/make -f #!/usr/bin/make -f
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
DEB_CFLAGS_APPEND=-std=gnu11 DEB_CFLAGS_APPEND=-std=gnu11
export DEB_CFLAGS_APPEND export DEB_CFLAGS_APPEND