From ae566d1004caf29a58ce0dacfada4ec9de373942 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 24 Jan 2022 19:36:03 -0800 Subject: [PATCH 1/2] Enable dbgsym package for dhcpmon Signed-off-by: Saikrishna Arcot --- rules/dhcpmon.mk | 3 +++ rules/docker-dhcp-relay.mk | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/rules/dhcpmon.mk b/rules/dhcpmon.mk index 3d80d227c15..3f8f5e139bc 100644 --- a/rules/dhcpmon.mk +++ b/rules/dhcpmon.mk @@ -6,3 +6,6 @@ SONIC_DHCPMON_PKG_NAME = dhcpmon SONIC_DHCPMON = sonic-$(SONIC_DHCPMON_PKG_NAME)_$(SONIC_DHCPMON_VERSION)_$(CONFIGURED_ARCH).deb $(SONIC_DHCPMON)_SRC_PATH = $(SRC_PATH)/$(SONIC_DHCPMON_PKG_NAME) SONIC_DPKG_DEBS += $(SONIC_DHCPMON) + +SONIC_DHCPMON_DBG = sonic-$(SONIC_DHCPMON_PKG_NAME)-dbgsym_$(SONIC_DHCPMON_VERSION)_$(CONFIGURED_ARCH).deb +$(eval $(call add_derived_package,$(SONIC_DHCPMON),$(SONIC_DHCPMON_DBG))) diff --git a/rules/docker-dhcp-relay.mk b/rules/docker-dhcp-relay.mk index 5e3f84f0511..b742bff43b0 100644 --- a/rules/docker-dhcp-relay.mk +++ b/rules/docker-dhcp-relay.mk @@ -9,7 +9,7 @@ $(DOCKER_DHCP_RELAY)_PATH = $(DOCKERS_PATH)/$(DOCKER_DHCP_RELAY_STEM) $(DOCKER_DHCP_RELAY)_DEPENDS += $(ISC_DHCP_RELAY) $(SONIC_DHCPMON) $(SONIC_DHCP6RELAY) $(LIBSWSSCOMMON) $(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_DEPENDS) -$(DOCKER_DHCP_RELAY)_DBG_DEPENDS += $(ISC_DHCP_RELAY_DBG) $(SONIC_DHCP6RELAY_DBG) +$(DOCKER_DHCP_RELAY)_DBG_DEPENDS += $(ISC_DHCP_RELAY_DBG) $(SONIC_DHCP6RELAY_DBG) $(SONIC_DHCPMON_DBG) $(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_IMAGE_PACKAGES) From 53aa04bfac582354fd72f775409b63b1960aa56b Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 27 Jan 2022 09:44:00 -0800 Subject: [PATCH 2/2] [dhcp6relay] Make sure CFLAGS is appended to instead of overwritten Also, use LDFLAGS when linking dhcp6relay. These two changes make sure the flags set in environment variables (by dpkg-buildflags) are honored. Also, explicitly enable all hardening flags in dpkg-buildflags for dhcp6relay and dhcpmon. The change from the default set of flags is that during linking, immediate binding of symbols is done instead of lazy binding. Signed-off-by: Saikrishna Arcot --- src/dhcp6relay/Makefile | 4 ++-- src/dhcp6relay/debian/rules | 2 ++ src/dhcpmon/debian/rules | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/dhcp6relay/Makefile b/src/dhcp6relay/Makefile index 4d2eedd042e..dd384452a5f 100644 --- a/src/dhcp6relay/Makefile +++ b/src/dhcp6relay/Makefile @@ -5,7 +5,7 @@ MKDIR := mkdir CC := g++ MV := mv LIBS := -levent -lhiredis -lswsscommon -pthread -lboost_thread -lboost_system -CFLAGS = -g -Wall -std=c++17 -fPIC -I $(PWD)/../sonic-swss-common/common +CFLAGS += -Wall -std=c++17 -fPIE -I$(PWD)/../sonic-swss-common/common PWD := $(shell pwd) ifneq ($(MAKECMDGOALS),clean) @@ -21,7 +21,7 @@ all: sonic-dhcp6relay sonic-dhcp6relay: $(OBJS) @echo 'Building target: $@' @echo 'Invoking: G++ Linker' - $(CC) -o $(DHCP6RELAY_TARGET) $(OBJS) $(LIBS) + $(CC) $(LDFLAGS) -o $(DHCP6RELAY_TARGET) $(OBJS) $(LIBS) @echo 'Finished building target: $@' @echo ' ' diff --git a/src/dhcp6relay/debian/rules b/src/dhcp6relay/debian/rules index ce2eb52beb5..ac2cd63889e 100755 --- a/src/dhcp6relay/debian/rules +++ b/src/dhcp6relay/debian/rules @@ -1,4 +1,6 @@ #!/usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + %: dh $@ --parallel diff --git a/src/dhcpmon/debian/rules b/src/dhcpmon/debian/rules index 00c628b6625..76fc7ea1f83 100755 --- a/src/dhcpmon/debian/rules +++ b/src/dhcpmon/debian/rules @@ -1,5 +1,7 @@ #!/usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + DEB_CFLAGS_APPEND=-std=gnu11 export DEB_CFLAGS_APPEND