- fortify/harden the compile

[ossec-hids.git] / debian / rules
diff --git a/debian/rules b/debian/rules

index c7650ee..032ac9a 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -11,6 +11,15 @@ DESTDIR = $(PKGDIR)/var/ossec
  # OSSEC INSTALL SUBDIRS
  SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
  
+###################### hardening #################
+
+include /usr/share/hardening-includes/hardening.make
+
+CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
+LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
+CFLAGS+=$(HARDENING_CFLAGS)
+LDFLAGS+=$(HARDENING_LDFLAGS)
+
  ###################### main ######################
  
  build: build-stamp
@@ -22,6 +31,9 @@ build-stamp:
  
         touch build-stamp
  
+build-arch: build
+build-indep: build
+
  clean:
         dh_testdir
         dh_testroot
@@ -36,6 +48,7 @@ clean:
                 $(SRCDIR)/analysisd/ossec-logtest \
                 $(SRCDIR)/isbigendian \
                 $(SRCDIR)/isbigendian.c \
+               $(SRCDIR)/analysisd/ossec-makelists
         rm -rf $(CURDIR)/bin
  
         dh_clean
@@ -43,7 +56,7 @@ clean:
  install: build
         dh_testdir
         dh_testroot
-       dh_clean -k
+       dh_prep
         dh_installdirs
  
         # ugly directory creation
@@ -93,7 +106,7 @@ install: build
         chmod 550 $(DESTDIR)/bin/*
         chmod 440 $(DESTDIR)/etc/ossec.conf
  
-    # fixups: no need for execute bits on files there
+       # fixups: no need for execute bits on files there
         find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';'
         find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';'
  
@@ -110,11 +123,15 @@ install: build
         # system ossec-init
         echo "DIRECTORY=\"/var/ossec\""      >  $(PKGDIR)/etc/ossec-init.conf
         echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf
-       echo "DATE=\"`date --utc`\""         >> $(PKGDIR)/etc/ossec-init.conf
+       echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\""   >> $(PKGDIR)/etc/ossec-init.conf
         echo "TYPE=\"local\""                >> $(PKGDIR)/etc/ossec-init.conf
  
  # Build architecture-independent files here.
  binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
         dh_testdir
         dh_testroot
         dh_installchangelogs
@@ -131,6 +148,7 @@ binary-indep: build install
  #      dh_installcron
  #      dh_installinfo
  #      dh_undocumented
+       dh_lintian
         dh_installman
         dh_link
         dh_compress
@@ -138,13 +156,10 @@ binary-indep: build install
  #      dh_perl
  #      dh_python
         dh_installdeb
+       dh_shlibdeps
         dh_gencontrol
         dh_md5sums
         dh_builddeb
  
-# Build architecture-dependent files here.
-binary-arch: build install
-# We have nothing to do by default.
-
  binary: binary-indep binary-arch
  .PHONY: build clean binary-indep binary-arch binary install