aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAqua-sama <aqua@iserlohn-fortress.net>2020-01-24 16:47:05 +0200
committerAqua-sama <aqua@iserlohn-fortress.net>2020-01-24 16:47:05 +0200
commitc236ae6575960189ac9d4245969aceef04acfffc (patch)
treec065bb95173bcfbe2bd73de4fe9c4700b0a37627
parentMerge branch 'bookmarks-subcommand' (diff)
downloadsmolbote-c236ae6575960189ac9d4245969aceef04acfffc.tar.xz
Move compiler flags to meson.build from pkgbuild
-rw-r--r--linux/makepkg/PKGBUILD29
-rw-r--r--meson.build1
2 files changed, 17 insertions, 13 deletions
diff --git a/linux/makepkg/PKGBUILD b/linux/makepkg/PKGBUILD
index 07eb25d..6754fe8 100644
--- a/linux/makepkg/PKGBUILD
+++ b/linux/makepkg/PKGBUILD
@@ -1,13 +1,15 @@
-# Maintainer: Aqua-sama <aqua@iserlohn-fortress.net>
+# Maintainer: Aqua-sama <aqua at iserlohn-fortress dot net>
-## not-use flags Options
+## not-use flags
# Enable plugin signing:
_signPlugins=0
# Enable breakpad integraton:
_enableBreakpad=0
# test
_test=1
+# install prefix
+_prefix='/usr/local'
pkgname=smolbote-git
@@ -22,13 +24,17 @@ arch=('x86_64' 'aarch64')
license=('GPL3')
depends=('qt5-webengine>=5.11.0' 'spdlog')
+makedepends=('git' 'meson' 'python-kconfiglib' 'openssl' 'qt5-tools' 'scdoc')
if [ $_enableBreakpad == "1" ]; then
- makedepends=('git' 'meson' 'python-kconfiglib' 'openssl' 'qt5-tools' 'scdoc' 'breakpad-git')
-else
- makedepends=('git' 'meson' 'python-kconfiglib' 'openssl' 'qt5-tools' 'scdoc')
+ makedepends+=('breakpad-git')
fi
optdepends=('firejail: launch a sandboxed instance')
+# this isn't a hard requirement, simply a workaround as the build script
+# sets some additional hardening flags that the default makepkg.conf
+# will turn down
+options=(!buildflags)
+
# use git+file:///path/to/your/repo to build from a local repo
source=("git+https://library.iserlohn-fortress.net/aqua/smolbote.git"
"git+https://github.com/itay-grudev/SingleApplication.git"
@@ -71,11 +77,8 @@ build() {
# --auto-features=disabled - features should be explicitly enabled
# b_pie: Build executables as position independent
# b_lto: Use link time optimization
- export CFLAGS="$CFLAGS -O3 -fstack-protector-all -flto=4"
- export CXXFLAGS="$CXXFLAGS -O3 -fstack-protector-all -flto=4"
- export LDFLAGS="$LDFLAGS,-fuse-ld=gold"
- meson --buildtype=plain --wrap-mode=nodownload \
- --prefix=/usr/local --auto-features=disabled \
+ meson --buildtype=release --wrap-mode=nodownload \
+ --prefix=$_prefix --auto-features=disabled \
-Db_pie=true \
-Dmanpage=enabled \
$srcdir/build
@@ -100,7 +103,7 @@ package() {
if [ $_signPlugins == "1" ]; then
msg "Signing plugins"
- for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do
+ for so in $pkgdir/$_prefix/lib/smolbote/plugins/*.so; do
msg2 "Signed $(basename $so)"
openssl dgst -sha256 -sign $srcdir/build/privateKey.pem -out $so.sig $so
done
@@ -109,8 +112,8 @@ package() {
if [ $_enableBreakpad == "1" ]; then
msg "Installing debug symbols"
ninja -C $srcdir/build linux/poi.sym
- install -dm644 $pkgdir/usr/local/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }')
- install -m644 -t $pkgdir/usr/local/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }') $srcdir/build/linux/poi.sym
+ install -dm644 $pkgdir/$_prefix/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }')
+ install -m644 -t $pkgdir/$_prefix/lib/smolbote/symbols/poi/$(head -n1 linux/poi.sym | awk '{ print $(NF-1) }') $srcdir/build/linux/poi.sym
fi
}
diff --git a/meson.build b/meson.build
index 5e50801..2e7ec72 100644
--- a/meson.build
+++ b/meson.build
@@ -31,6 +31,7 @@ add_project_arguments(cxx.get_supported_arguments([
'-ffunction-sections', # Place each function into its own section, better ASLR but larger executables
'-fstack-protector-all', # Emit code to check for buffer overflows on all functions
'-fstack-clash-protection', # Emit code to check for stack clash attacks
+ '-flto=4',
'-mspeculative-load-hardening', # Spectre v1 mitigation