From 9553d9463087a1169910f94615ceab771dcff004 Mon Sep 17 00:00:00 2001
From: skyamgarp <130442619+skyamgarp@users.noreply.github.com>
Date: Tue, 6 Aug 2024 20:34:08 +0530
Subject: [PATCH] (PA-6383) Enable PIE for RHEL,Ubuntu and Debian

(PA-6383) Exclude ppc64 architecture

(PA-6383) Fix Spaces

(PA-6383) Exclude ppc64 arch

(PA-6383) created compiler setting separately
---
 configs/components/_base-ruby.rb              |  3 +++
 configs/components/augeas.rb                  |  2 +-
 configs/components/ruby-2.7.8.rb              |  2 +-
 configs/components/ruby-3.2.5.rb              |  4 ++--
 configs/components/runtime-bolt.rb            |  7 +++++-
 configs/projects/_shared-agent-settings.rb    | 19 ++-------------
 configs/projects/_shared-compiler-settings.rb | 24 +++++++++++++++++++
 7 files changed, 39 insertions(+), 22 deletions(-)
 create mode 100644 configs/projects/_shared-compiler-settings.rb

diff --git a/configs/components/_base-ruby.rb b/configs/components/_base-ruby.rb
index 1f9cd82dd..c94c053b2 100644
--- a/configs/components/_base-ruby.rb
+++ b/configs/components/_base-ruby.rb
@@ -76,6 +76,9 @@
   elsif platform.architecture == 'arm64' && platform.os_version.to_i >= 13
     pkg.environment 'CC', 'clang'
   end
+elsif settings[:supports_pie]
+  pkg.environment 'LDFLAGS', settings[:ldflags]
+  pkg.environment 'optflags', settings[:cflags]
 end
 
 ####################
diff --git a/configs/components/augeas.rb b/configs/components/augeas.rb
index 72d611ed4..0415fd611 100644
--- a/configs/components/augeas.rb
+++ b/configs/components/augeas.rb
@@ -119,7 +119,7 @@
     end
   end
 
-  if platform.name =~ /sles-15|el-8|debian-10/ || platform.is_fedora?
+  if settings[:supports_pie]
     pkg.environment 'CFLAGS', settings[:cflags]
     pkg.environment 'CPPFLAGS', settings[:cppflags]
     pkg.environment "LDFLAGS", settings[:ldflags]
diff --git a/configs/components/ruby-2.7.8.rb b/configs/components/ruby-2.7.8.rb
index 5346e3988..2bd521330 100644
--- a/configs/components/ruby-2.7.8.rb
+++ b/configs/components/ruby-2.7.8.rb
@@ -100,7 +100,7 @@
 
   special_flags = " --prefix=#{ruby_dir} --with-opt-dir=#{settings[:prefix]} "
 
-  if platform.name =~ /sles-15|el-8|debian-10/
+  if settings[:supports_pie]
     special_flags += " CFLAGS='#{settings[:cflags]}' LDFLAGS='#{settings[:ldflags]}' CPPFLAGS='#{settings[:cppflags]}' "
   end
 
diff --git a/configs/components/ruby-3.2.5.rb b/configs/components/ruby-3.2.5.rb
index 2ddfd6dfa..feb3e723f 100644
--- a/configs/components/ruby-3.2.5.rb
+++ b/configs/components/ruby-3.2.5.rb
@@ -1,5 +1,5 @@
 # The file name of the ruby component must match the ruby_version
-component 'ruby-3.2.4' do |pkg, settings, platform|
+component 'ruby-3.2.5' do |pkg, settings, platform|
   pkg.version '3.2.5'
   pkg.sha256sum 'ef0610b498f60fb5cfd77b51adb3c10f4ca8ed9a17cb87c61e5bea314ac34a16'
 
@@ -93,7 +93,7 @@
 
   special_flags = " --prefix=#{ruby_dir} --with-opt-dir=#{settings[:prefix]} "
 
-  if platform.name =~ /sles-15|el-8|debian-10/
+  if settings[:supports_pie]
     special_flags += " CFLAGS='#{settings[:cflags]}' LDFLAGS='#{settings[:ldflags]}' CPPFLAGS='#{settings[:cppflags]}' "
   end
 
diff --git a/configs/components/runtime-bolt.rb b/configs/components/runtime-bolt.rb
index cbfaa5f9a..3ced37976 100644
--- a/configs/components/runtime-bolt.rb
+++ b/configs/components/runtime-bolt.rb
@@ -13,7 +13,12 @@
     pkg.install_file "#{settings[:tools_root]}/bin/libgdbm_compat-4.dll", "#{settings[:ruby_bindir]}/libgdbm_compat-4.dll"
     pkg.install_file "#{settings[:tools_root]}/bin/libiconv-2.dll", "#{settings[:ruby_bindir]}/libiconv-2.dll"
     pkg.install_file "#{settings[:tools_root]}/bin/libffi-6.dll", "#{settings[:ruby_bindir]}/libffi-6.dll"
-  elsif platform.is_macos? or platform.name =~ /sles-15|el-8|debian-10|ubuntu-20.04|ubuntu-22.04/ || platform.is_fedora?
+  elsif ( (platform.is_sles? && platform.os_version.to_i >= 15) ||
+          (platform.is_el? && platform.os_version.to_i >= 8) ||
+          (platform.is_debian? && platform.os_version.to_i >= 10) ||
+          (platform.is_ubuntu? && platform.os_version.to_i >= 20) ||
+          platform.is_fedora? || platform.is_macos?
+        )
 
     # Do nothing for distros that have a suitable compiler do not use pl-build-tools
 
diff --git a/configs/projects/_shared-agent-settings.rb b/configs/projects/_shared-agent-settings.rb
index 1baff55b1..22d76367f 100644
--- a/configs/projects/_shared-agent-settings.rb
+++ b/configs/projects/_shared-agent-settings.rb
@@ -140,23 +140,8 @@
 proj.setting(:platform_triple, platform_triple)
 proj.setting(:host, host)
 
-# Define default CFLAGS and LDFLAGS for most platforms, and then
-# tweak or adjust them as needed.
-proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-proj.setting(:cflags, "#{proj.cppflags}")
-proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-# Platform specific overrides or settings, which may override the defaults
-
-# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-# stack canary and full RELRO.
-# We only do this on platforms that use their default OS toolchain since pl-gcc versions
-# are too old to support these flags.
-if platform.name =~ /sles-15|el-8|debian-10/ || platform.is_fedora?
-  proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-  proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-  proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-end
+# Load default compiler settings
+instance_eval File.read('configs/projects/_shared-compiler-settings.rb')
 
 if ruby_version_x == "3"
   proj.setting(:openssl_version, '3.0')
diff --git a/configs/projects/_shared-compiler-settings.rb b/configs/projects/_shared-compiler-settings.rb
new file mode 100644
index 000000000..db406dd2d
--- /dev/null
+++ b/configs/projects/_shared-compiler-settings.rb
@@ -0,0 +1,24 @@
+# Define default CFLAGS and LDFLAGS for most platforms, and then
+# tweak or adjust them as needed.
+proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
+proj.setting(:cflags, "#{proj.cppflags}")
+proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
+
+# Platform specific overrides or settings, which may override the defaults
+
+# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
+# stack canary and full RELRO.
+# We only do this on platforms that use their default OS toolchain since pl-gcc versions
+# are too old to support these flags.
+
+if((platform.is_sles? && platform.os_version.to_i >= 15) ||
+      (platform.is_el? && platform.os_version.to_i >= 8 && platform.architecture !~ /ppc64/) ||
+      (platform.is_debian? && platform.os_version.to_i >= 10) ||
+      (platform.is_ubuntu? && platform.os_version.to_i >= 20) ||
+      platform.is_fedora?
+    )
+  proj.setting(:supports_pie, true)
+  proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
+  proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
+  proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
+end
\ No newline at end of file