Fix blhc (Build Log Hardening Check) warnings

The Build Log Hardening Check is a debian tool which scans the output
of a package build making sure that the security hardening flags are
used when compiling and linking all of binaries in a package.

For the most part we were passing CFLAGS, CPPFLAGS, and LDFLAGS down
to the compiler and link commands, but there there were one or two
exceptions.  In addition, there where a few places in "make install"
where the V=1 option was not being honored, which triggered blhc
warnings since it couldn't analyze those commands.

The e2fsck.static was the only binary that was not getting built and
packaged with the hardening flags, but I've fixed all of the blhc
warnings so in the future it will be obvious if we regress.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

MCONFIG.in

@@ -35,15 +35,19 @@ datadir = @datadir@
 @ifGNUmake@ V =
 @ifGNUmake@ ifeq ($(strip $(V)),)
 @ifGNUmake@ #  E = @echo
+@ifGNUmake@ #  ES = echo
 @ifGNUmake@ #  Q = @
 @ifGNUmake@    E = @E@
+@ifGNUmake@    ES = @ES@
 @ifGNUmake@    Q = @Q@
 @ifGNUmake@ else
 @ifGNUmake@    E = @\#
+@ifGNUmake@    ES = \#
 @ifGNUmake@    Q =
 @ifGNUmake@ endif
 
 @ifNotGNUmake@ E = @E@
+@ifNotGNUmake@ ES = @ES@
 @ifNotGNUmake@ Q = @Q@
 
 CC = @CC@

configure

@@ -713,6 +713,7 @@ BSDLIB_CMT
 ELF_CMT
 HTREE_CMT
 Q
+ES
 E
 LINK_BUILD_FLAGS
 SYMLINK_RELATIVE
@@ -4434,11 +4435,13 @@ then
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Disabling verbose make commands" >&5
 $as_echo "Disabling verbose make commands" >&6; }
 	E=@echo
+	ES=echo
 	Q=@
 else
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Enabling verbose make commands" >&5
 $as_echo "Enabling verbose make commands" >&6; }
 	E=@\\#
+	ES=\\#
 	Q=
 fi
 
@@ -4446,12 +4449,14 @@ else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: Disabling verbose make commands" >&5
 $as_echo "Disabling verbose make commands" >&6; }
 E=@echo
+ES=echo
 Q=@
 
 fi
 
 
 
+
 # Check whether --enable-compression was given.
 if test "${enable_compression+set}" = set; then :
   enableval=$enable_compression; if test "$enableval" = "no"
@@ -11304,7 +11309,7 @@ if test "$USE_INCLUDED_LIBINTL" = "yes" ; then
 fi
 
 if test $cross_compiling = no; then
-   BUILD_CFLAGS="$CFLAGS"
+   BUILD_CFLAGS="$CFLAGS $CPPFLAGS"
    BUILD_LDFLAGS="$LDFLAGS"
 else
    BUILD_CFLAGS=

configure.in

@@ -212,18 +212,22 @@ if test "$enableval" = "no"
 then
 	AC_MSG_RESULT([Disabling verbose make commands])
 	E=@echo
+	ES=echo
 	Q=@
 else
 	AC_MSG_RESULT([Enabling verbose make commands])
 	E=@\\#
+	ES=\\#
 	Q= 
 fi
 ,
 AC_MSG_RESULT([Disabling verbose make commands])
 E=@echo
+ES=echo
 Q=@
 )
 AC_SUBST(E)
+AC_SUBST(ES)
 AC_SUBST(Q)
 dnl
 dnl handle --enable-compression
@@ -1230,7 +1234,7 @@ dnl
 dnl Build CFLAGS
 dnl
 if test $cross_compiling = no; then
-   BUILD_CFLAGS="$CFLAGS"
+   BUILD_CFLAGS="$CFLAGS $CPPFLAGS"
    BUILD_LDFLAGS="$LDFLAGS"
 else
    BUILD_CFLAGS=

debian/rules

@@ -258,9 +258,11 @@ endif
 ifneq ($(ismips),)
 	mkdir -p ${mipsbuilddir} ${mipsbuilddir64}
 	cd ${mipsbuilddir} && AWK=/usr/bin/awk \
-		${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} CFLAGS="${CFLAGS}"
+		${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} \
+		CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"
 	cd ${mipsbuilddir64} && AWK=/usr/bin/awk \
-		${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} CFLAGS="${CFLAGS}"
+		${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} \
+		CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"
 endif
 
 	mkdir -p ${STAMPSDIR}
@@ -293,11 +295,13 @@ ifeq ($(DEB_BUILD_ARCH),$(DEB_HOST_ARCH))
 	if type diet > /dev/null  2>&1 ; then \
 		cd ${staticbuilddir} && AWK=/usr/bin/awk \
 		${topdir}/configure ${STATIC_CONF_FLAGS} \
-		${WITH_DIET_LIBC} CFLAGS="${CFLAGS}"; \
+		${WITH_DIET_LIBC} CFLAGS="${CFLAGS}" \
+		CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"; \
 	else \
 		cd ${staticbuilddir} && AWK=/usr/bin/awk \
 			${topdir}/configure ${STATIC_CONF_FLAGS} \
-			CFLAGS="${CFLAGS}"; \
+			CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" \
+			LDFLAGS="$(LDFLAGS)"; \
 	fi
 else
 	cd ${staticbuilddir} && AWK=/usr/bin/awk CC="${DEB_HOST_GNU_TYPE}-gcc" \
@@ -342,6 +346,7 @@ ${BUILDBFSTAMP}: ${CFGBFSTAMP}
 	$(MAKE) -C ${bfbuilddir} V=1 libs
 	$(MAKE) -C ${bfbuilddir}/e2fsck V=1 all
 	$(MAKE) -C ${bfbuilddir}/misc V=1 all
+	$(MAKE) -C ${bfbuilddir}/resize V=1 all
 	touch ${BUILDBFSTAMP}
 
 build-static: ${BUILDSTATICSTAMP}
@@ -354,9 +359,9 @@ ${BUILDSTATICSTAMP}: ${CFGSTATICSTAMP}
 clean:
 	dh_testdir
 	rm -rf ${STAMPSDIR}
-	[ ! -f ${stdbuilddir}/Makefile ] || $(MAKE) -C ${stdbuilddir} distclean
-	[ ! -f ${bfbuilddir}/Makefile ] || $(MAKE) -C ${bfbuilddir} distclean
-	[ ! -f ${staticbuilddir}/Makefile ] || $(MAKE) -C ${staticbuilddir} distclean
+	[ ! -f ${stdbuilddir}/Makefile ] || $(MAKE) -C ${stdbuilddir} V=1 distclean
+	[ ! -f ${bfbuilddir}/Makefile ] || $(MAKE) -C ${bfbuilddir} V=1 distclean
+	[ ! -f ${staticbuilddir}/Makefile ] || $(MAKE) -C ${staticbuilddir} V=1 distclean
 	rm -rf ${stdbuilddir} ${bfbuilddir} ${staticbuilddir} ${mipsbuilddir} ${mipsbuilddir64}
 	rm -f debian/*.substvars
 	dh_clean
@@ -378,10 +383,10 @@ install-std: build
 	dh_installdirs
 
 	mkdir -p ${tmpdir}/sbin
-	$(MAKE) -C ${stdbuilddir} install DESTDIR=${tmpdir} \
+	$(MAKE) -C ${stdbuilddir} V=1 install DESTDIR=${tmpdir} \
 		INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
   # static libs and .h files
-	$(MAKE) -C ${stdbuilddir} install-libs DESTDIR=${tmpdir} LDCONFIG=true
+	$(MAKE) -C ${stdbuilddir} V=1 install-libs DESTDIR=${tmpdir} LDCONFIG=true
 
   # statically-linked fsck
 	${INSTALL_PROGRAM} $(E2FSCK_STATIC) ${tmpdir}/sbin
@@ -410,13 +415,13 @@ install-udeb: build
 	dh_testdir
 	dh_testroot
 
-	$(MAKE) -C ${bfbuilddir} install-shlibs-libs-recursive DESTDIR=${udebdir} \
+	$(MAKE) -C ${bfbuilddir} V=1 install-shlibs-libs-recursive DESTDIR=${udebdir} \
 		INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
-	$(MAKE) -C ${bfbuilddir}/e2fsck install DESTDIR=${udebdir} \
+	$(MAKE) -C ${bfbuilddir}/e2fsck V=1 install DESTDIR=${udebdir} \
 		INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
-	$(MAKE) -C ${bfbuilddir}/misc install DESTDIR=${udebdir} \
+	$(MAKE) -C ${bfbuilddir}/misc V=1 install DESTDIR=${udebdir} \
 		INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
-	$(MAKE) -C ${bfbuilddir}/resize install DESTDIR=${udebdir} \
+	$(MAKE) -C ${bfbuilddir}/resize V=1 install DESTDIR=${udebdir} \
 		INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
 
 	rm -rf ${udebdir}/usr

e2fsck/Makefile.in

@@ -136,7 +136,7 @@ e2fsck.profiled: $(PROFILED_OBJS)  $(PROFILED_DEPLIBS)
 
 gen_crc32table: $(srcdir)/gen_crc32table.c
 	$(E) "	CC $@"
-	$(Q) $(BUILD_CC) $(BUILD_CFLAGS) -o gen_crc32table \
+	$(Q) $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) -o gen_crc32table \
 		$(srcdir)/gen_crc32table.c
 
 crc32table.h: gen_crc32table
@@ -216,11 +216,11 @@ installdirs:
 
 install: $(PROGS) $(MANPAGES) $(FMANPAGES) installdirs
 	$(Q) for i in $(PROGS); do \
-		echo "	INSTALL $(root_sbindir)/$$i"; \
+		$(ES) "	INSTALL $(root_sbindir)/$$i"; \
 		$(INSTALL_PROGRAM) $$i $(DESTDIR)$(root_sbindir)/$$i; \
 	done
 	$(Q) for i in ext2 ext3 ext4 ext4dev; do \
-		echo "	LINK $(root_sbindir)/fsck.$$i"; \
+		$(ES) "	LINK $(root_sbindir)/fsck.$$i"; \
 		(cd $(DESTDIR)$(root_sbindir); \
 			$(LN) $(LINK_INSTALL_FLAGS) e2fsck fsck.$$i); \
 	done
@@ -228,25 +228,25 @@ install: $(PROGS) $(MANPAGES) $(FMANPAGES) installdirs
 		for j in $(COMPRESS_EXT); do \
 			$(RM) -f $(DESTDIR)$(man8dir)/$$i.$$j; \
 		done; \
-		echo "	INSTALL_DATA $(man8dir)/$$i"; \
+		$(ES) "	INSTALL_DATA $(man8dir)/$$i"; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(man8dir)/$$i; \
 	done
 	$(Q) for i in $(FMANPAGES); do \
 		for j in $(COMPRESS_EXT); do \
 			$(RM) -f $(DESTDIR)$(man5dir)/$$i.$$j; \
 		done; \
-		echo "	INSTALL_DATA $(man5dir)/$$i"; \
+		$(ES) "	INSTALL_DATA $(man5dir)/$$i"; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(man5dir)/$$i; \
 	done
 	$(Q) for i in ext2 ext3 ext4 ext4dev; do \
-		echo "	LINK $(man8dir)/fsck.$$i.8"; \
+		$(ES) "	LINK $(man8dir)/fsck.$$i.8"; \
 		(cd $(DESTDIR)$(man8dir); \
 			$(LN) $(LINK_INSTALL_FLAGS) e2fsck.8 fsck.$$i.8); \
 	done
 
 install-strip: install
 	$(Q) for i in $(PROGS); do \
-		echo "	STRIP $(root_sbindir)/$$i"; \
+		$(ES) "	STRIP $(root_sbindir)/$$i"; \
 		$(STRIP) $(DESTDIR)$(root_sbindir)/$$i; \
 	done
 

lib/ext2fs/Makefile.in

@@ -463,7 +463,7 @@ $(OBJS): subdirs
 
 gen_crc32ctable: $(srcdir)/gen_crc32ctable.c
 	$(E) "	CC $@"
-	$(Q) $(BUILD_CC) $(BUILD_CFLAGS) -o gen_crc32ctable \
+	$(Q) $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) -o gen_crc32ctable \
 		$(srcdir)/gen_crc32ctable.c
 
 crc32c_table.h: gen_crc32ctable

lib/uuid/Makefile.in

@@ -86,8 +86,8 @@ tst_uuid: tst_uuid.o $(DEPSTATIC_LIBUUID)
 
 uuid_time: $(srcdir)/uuid_time.c $(DEPLIBUUID)
 	$(E) "	LD $@"
-	$(Q) $(CC) $(ALL_CFLAGS) -DDEBUG -o uuid_time $(srcdir)/uuid_time.c \
-		$(LIBUUID)
+	$(Q) $(CC) $(ALL_CFLAGS) $(LDFLAGS) -DDEBUG -o uuid_time \
+		$(srcdir)/uuid_time.c $(LIBUUID)
 
 uuid.3: $(DEP_SUBSTITUTE) $(srcdir)/uuid.3.in
 	$(E) "	SUBST $@"

misc/Makefile.in

@@ -410,7 +410,7 @@ blkid.1: $(DEP_SUBSTITUTE) $(srcdir)/blkid.1.in
 	$(Q) $(SUBSTITUTE_UPTIME) $(srcdir)/blkid.1.in blkid.1 
 
 e2freefrag.8: $(DEP_SUBSTITUTE) $(srcdir)/e2freefrag.8.in
-	@echo "	SUBST $@"
+	$(E) "	SUBST $@"
 	@$(SUBSTITUTE_UPTIME) $(srcdir)/e2freefrag.8.in e2freefrag.8
 
 filefrag.8: $(DEP_SUBSTITUTE) $(srcdir)/filefrag.8.in
@@ -427,44 +427,44 @@ installdirs:
 
 install: all $(SMANPAGES) $(UMANPAGES) installdirs
 	$(Q) for i in $(SPROGS); do \
-		echo "	INSTALL $(root_sbindir)/$$i"; \
+		$(ES) "	INSTALL $(root_sbindir)/$$i"; \
 		$(INSTALL_PROGRAM) $$i $(DESTDIR)$(root_sbindir)/$$i; \
 	done
 	$(Q) for i in $(USPROGS); do \
-		echo "	INSTALL $(sbindir)/$$i"; \
+		$(ES) "	INSTALL $(sbindir)/$$i"; \
 		$(INSTALL_PROGRAM) $$i $(DESTDIR)$(sbindir)/$$i; \
 	done
 	$(Q) for i in ext2 ext3 ext4 ext4dev; do \
-		echo "	LINK $(root_sbindir)/mkfs.$$i"; \
+		$(ES) "	LINK $(root_sbindir)/mkfs.$$i"; \
 		(cd $(DESTDIR)$(root_sbindir); \
 			$(LN) $(LINK_INSTALL_FLAGS) mke2fs mkfs.$$i); \
 	done
 	$(Q) (cd $(DESTDIR)$(root_sbindir); \
 		$(LN) $(LINK_INSTALL_FLAGS) tune2fs e2label)
 	$(Q) if test -n "$(FINDFS_LINK)"; then \
-		echo "	LINK $(root_sbindir)/findfs"; \
+		$(ES) "	LINK $(root_sbindir)/findfs"; \
 		(cd $(DESTDIR)$(root_sbindir); \
 		$(LN) $(LINK_INSTALL_FLAGS) tune2fs $(FINDFS_LINK)); \
 	fi
 	$(Q) for i in $(UPROGS); do \
-		echo "	INSTALL $(bindir)/$$i"; \
+		$(ES) "	INSTALL $(bindir)/$$i"; \
 		$(INSTALL_PROGRAM) $$i $(DESTDIR)$(bindir)/$$i; \
 	done
 	$(Q) for i in $(LPROGS); do \
-		echo "	INSTALL $(libdir)/$$i"; \
+		$(ES) "	INSTALL $(libdir)/$$i"; \
 		$(INSTALL_PROGRAM) $$i $(DESTDIR)$(libdir)/$$i; \
 	done
 	$(Q) for i in $(SMANPAGES); do \
 		for j in $(COMPRESS_EXT); do \
 			$(RM) -f $(DESTDIR)$(man8dir)/$$i.$$j; \
 		done; \
-		echo "	INSTALL_DATA $(man8dir)/$$i"; \
+		$(ES) "	INSTALL_DATA $(man8dir)/$$i"; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(man8dir)/$$i; \
 	done
 	$(Q) $(RM) -f $(DESTDIR)$(man8dir)/mkfs.ext2.8.gz \
 		$(DESTDIR)$(man8dir)/mkfs.ext3.8.gz
 	$(Q) for i in ext2 ext3 ext4 ext4dev; do \
-		echo "	LINK mkfs.$$i.8"; \
+		$(ES) "	LINK mkfs.$$i.8"; \
 		(cd $(DESTDIR)$(man8dir); \
 			$(LN) $(LINK_INSTALL_FLAGS) mke2fs.8 mkfs.$$i.8); \
 	done
@@ -472,14 +472,14 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs
 		for j in $(COMPRESS_EXT); do \
 			$(RM) -f $(DESTDIR)$(man1dir)/$$i.$$j; \
 		done; \
-		echo "	INSTALL_DATA $(man1dir)/$$i"; \
+		$(ES) "	INSTALL_DATA $(man1dir)/$$i"; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(man1dir)/$$i; \
 	done
 	$(Q) for i in $(FMANPAGES); do \
 		for j in $(COMPRESS_EXT); do \
 			$(RM) -f $(DESTDIR)$(man5dir)/$$i.$$j; \
 		done; \
-		echo "	INSTALL_DATA $(man5dir)/$$i"; \
+		$(ES) "	INSTALL_DATA $(man5dir)/$$i"; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(man5dir)/$$i; \
 	done
 	$(Q) if test -f $(DESTDIR)$(root_sysconfdir)/mke2fs.conf; then \
@@ -488,13 +488,13 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs
 			true; \
 		else \
 			if grep -q ext4dev $(DESTDIR)$(root_sysconfdir)/mke2fs.conf ; then \
-				echo "	INSTALL_DATA $(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \
+				$(ES) "	INSTALL_DATA $(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \
 				$(INSTALL_DATA) mke2fs.conf \
 					$(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-new; \
 				echo "Warning: installing mke2fs.conf in $(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \
 				echo "Check to see if you need to update your $(root_sysconfdir)/mke2fs.conf"; \
 			else \
-				echo "	INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
+				$(ES) "	INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
 				mv $(DESTDIR)$(root_sysconfdir)/mke2fs.conf \
 				   $(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-old; \
 				$(INSTALL_DATA) mke2fs.conf \
@@ -506,18 +506,18 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs
 			echo " "; \
 		fi; \
 	else \
-		echo "	INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
+		$(ES) "	INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
 		$(INSTALL_DATA) mke2fs.conf \
 			$(DESTDIR)$(root_sysconfdir)/mke2fs.conf; \
 	fi
 
 install-strip: install
 	$(Q) for i in $(SPROGS); do \
-		echo "	STRIP $(root_sbindir)/$$i"; \
+		$(E) "	STRIP $(root_sbindir)/$$i"; \
 		$(STRIP) $(DESTDIR)$(root_sbindir)/$$i; \
 	done
 	$(Q) for i in $(USPROGS); do \
-		echo "	STRIP $(sbindir)/$$i"; \
+		$(E) "	STRIP $(sbindir)/$$i"; \
 		$(STRIP) $(DESTDIR)$(sbindir)/$$i; \
 	done