From 047dc6216d1f79667a15d6b3d2813acd197b4404 Mon Sep 17 00:00:00 2001
From: yeshanshan <yeshanshan@uniontech.com>
Date: Thu, 3 Jul 2025 16:07:18 +0800
Subject: [PATCH] feat: add security hardening build flags
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. Added security hardening compiler flags to debian/rules
2. Enabled stack protection with -fstack-protector-all
3. Added RELRO, NOW, and noexecstack linker flags
4. Included additional warning flags (-Wall) for stricter compilation
5. These changes improve binary security against common exploits

feat: 添加安全加固编译参数

1. 在 debian/rules 中添加安全加固编译参数
2. 使用 -fstack-protector-all 启用栈保护
3. 添加 RELRO、NOW 和 noexecstack 链接器标志
4. 包含额外的警告标志 (-Wall) 用于更严格的编译
5. 这些更改提高了二进制文件对常见漏洞的防护能力
---
 debian/rules | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian/rules b/debian/rules
index ff01a882..25327e10 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,4 +1,11 @@
 #!/usr/bin/make -f
+
+# 安全编译参数
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+export DEB_CXXFLAGS_MAINT_APPEND = -Wall
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-E
+
 %:
 	dh $@