Support custom CFLAGS/CXXFLAGS/LDFLAGS

[lattera]

The HardenedBSD ports tree by default attempts to compile every application with PIE. This means that we pass in via the environment custom CFLAGS, CXXFLAGS, and LDFLAGS:

CFLAGS+= -fPIC -fPIE
CXXFLAGS+= -fPIC -fPIE
LDFLAGS+= -pie

This allows applications to take full advantage of ASLR. I'm having trouble making out how the ossec build process works, but it seems to me that it doesn't obey custom CFLAGS/CXXFLAGS/LDFLAGS.

[nbuuck]

The Makefile does inherit existing the existing values of CFLAGS and LDFLAGS providing they've actually been marked with export before calling make.

https://github.com/ossec/ossec-hids/blob/master/src/Makefile#L47
https://github.com/ossec/ossec-hids/blob/master/src/Makefile#L113

There are two exceptions: when TARGET=winagent or TEST is defined, both flag strings are static and do not inherit the values from the parent process.

[ddpbsd]

It should work, but it doesn't. :-D

[ddp@ix] :; gmake CFLAGS="-fPIC -fPIE" LDFLAGS="-pie" DATABASE=pgsql USE_ZEROMQ=yes TARGET=server V=1 2>&1 | tee /tmp/buildlog
BLAH BLAH BLAH

cc -fPIC -fPIE   -c -o lcorolib.o lcorolib.c
cc -fPIC -fPIE   -c -o ldblib.o ldblib.c
cc -fPIC -fPIE   -c -o liolib.o liolib.c
cc -fPIC -fPIE   -c -o lmathlib.o lmathlib.c
cc -fPIC -fPIE   -c -o loslib.o loslib.c
cc -fPIC -fPIE   -c -o lstrlib.o lstrlib.c
cc -fPIC -fPIE   -c -o ltablib.o ltablib.c
cc -fPIC -fPIE   -c -o loadlib.o loadlib.c
loadlib.c:706:49: error: use of undeclared identifier 'PREFIX'
  setpath(L, "path", LUA_PATHVERSION, LUA_PATH, LUA_PATH_DEFAULT);
                                                ^
./luaconf.h:107:3: note: expanded from macro 'LUA_PATH_DEFAULT'
                LUA_LDIR"?.lua;"  LUA_LDIR"?/init.lua;" \
                ^
./luaconf.h:104:18: note: expanded from macro 'LUA_LDIR'
#define LUA_LDIR        LUA_ROOT "/lua/native/"
                        ^
./luaconf.h:103:18: note: expanded from macro 'LUA_ROOT'
#define LUA_ROOT        PREFIX
                        ^
loadlib.c:708:52: error: use of undeclared identifier 'PREFIX'
  setpath(L, "cpath", LUA_CPATHVERSION, LUA_CPATH, LUA_CPATH_DEFAULT);
                                                   ^
./luaconf.h:110:3: note: expanded from macro 'LUA_CPATH_DEFAULT'
                LUA_CDIR"?.so;" LUA_CDIR"loadall.so;" "./?.so"
                ^
./luaconf.h:105:18: note: expanded from macro 'LUA_CDIR'
#define LUA_CDIR        LUA_ROOT "/lua/compiled/"
                        ^
./luaconf.h:103:18: note: expanded from macro 'LUA_ROOT'
#define LUA_ROOT        PREFIX
                        ^
2 errors generated.
gmake[3]: *** [<builtin>: loadlib.o] Error 1
gmake[3]: Leaving directory '/data/ddp/projects/git/github/ddpbsd/clean-ossec2/src/external/lua-5.2.3/src'
gmake[2]: *** [Makefile:120: posix] Error 2
gmake[2]: Leaving directory '/data/ddp/projects/git/github/ddpbsd/clean-ossec2/src/external/lua-5.2.3/src'
gmake[1]: *** [Makefile:55: posix] Error 2
gmake[1]: Leaving directory '/data/ddp/projects/git/github/ddpbsd/clean-ossec2/src/external/lua-5.2.3'
gmake: *** [Makefile:638: lua] Error 2

[nbuuck]

External dependencies like LUA aren't presently passed any compiler flags from the ossec-hids Makefile:

ossec-hids/src/Makefile

Line 638 in ca2ea68

cd ${EXTERNAL_LUA} && ${MAKE} ${LUA_PLAT}

You can export MYCFLAGS and MYLDFLAGS to define additional flags for LUA.

ossec-hids/src/external/lua-5.2.3/src/Makefile

Lines 12 to 13 in ca2ea68

	CFLAGS= -O2 -Wall -DLUA_COMPAT_ALL -DPREFIX=\"$(PREFIX)\" $(SYSCFLAGS) $(MYCFLAGS)
	LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS)

[ddpbsd]

This compiles for me, no testing yet though.

diff --git src/Makefile src/Makefile
index 12a6f365..68a64aea 100644
--- src/Makefile
+++ src/Makefile
@@ -32,6 +32,8 @@ endif
 ONEWAY?=no
 CLEANFULL?=no

+export MYLDFLAGS= "$LDFLAGS}"
+export MYCFLAGS= "${CFLAGS}"
 DEFINES=-DMAX_AGENTS=${MAXAGENTS} -DOSSECHIDS
 DEFINES+=-DDEFAULTDIR=\"${PREFIX}\"
 DEFINES+=-DUSER=\"${OSSEC_USER}\"

[nbuuck]

@ddpbsd +export MYLDFLAGS= "$LDFLAGS}" is missing an opening {.

[ddpbsd]

Why yes it is. Thanks for spotting that.