#!/bin/sh
[% c("var/set_default_env") -%]
mkdir -p /var/tmp/build

[% IF c("var/linux") -%]
  # Config options for hardening
  export DEB_BUILD_HARDENING=1
  # Since r223796 landed on GCC master enforcing PIE breaks GCC compilation.
  # The compiler gets built with `-fno-PIE` and linked with `-no-pie` as not
  # doing so would make precompiled headers (PCH) fail.
  # It is okay for us to omit this right now as it does not change any hardening
  # flags in the resulting bundles.
  #
  # We need to disable `-Werror=format-security` as GCC does not build with it
  # anymore. It seems it got audited for those problems already:
  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
  export DEB_BUILD_OPTIONS=hardening=+bindnow,+relro,-pie,+fortify,+stackprotector,+stackprotectorstrong,-format
  eval $(cd /var/tmp/build; dpkg-buildflags --export=sh)
  export OPT_LDFLAGS="$LDFLAGS"
[% END -%]
distdir=/var/tmp/dist/[% c("var/distdir") %]

tar -C /var/tmp/build -xf $rootdir/[% c('input_files_by_name/gcc') %]
cd /var/tmp/build/[% project %]-[% c("version") %]
./configure --prefix=$distdir [% c("var/configure_opt") %]

make -j[% c("num_procs") %]
make install
# tor-browser-build#31321: we need a link to our GCC, to prevent some projects
# from using system cc, which points to /usr/bin/gcc.
ln -s gcc $distdir/bin/cc
cd /var/tmp/dist
[% c('tar', {
        tar_src => [ c('var/distdir') ],
        tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'),
        }) %]
