"debian-builder" is a simple Perl script which is designed to rebuild a Debian package from it's source. Some distributions such as Gentoo are focussed upon building packages from source code to give speed benefits, but that is not the aim of this program.

I've been experimenting with a version of GCC which is patched to include stack smashing (buffer overflow) protection. One common approach to this problem is to use a modified compiler which will perform some kind of safety checking in potentially vulnerable source code - this usually involves applying a patch to the GCC compiler.

There are binaries of this patched compiler available on these webpages, and some excellent information on the SSP modifications themselves are available on the SSP homepage.

After installing the SSP compiler I wished to automate the rebuilding of my system to take advantage of this protection, and debian-builder is the result.

The script is written in perl and requires no special dependencies as such, however it does make some assumptions:

• That you have deb-src lines setup so that you can run "apt-get source foo" to download the source to package foo.
• That you have a build environment setup, with devscripts, gcc, dpkg-dev, installed upon your Debian GNU/Linux system.

Usage is fairly straight-forward and obvious simply run "debian-builder foo" to rebuild package foo.

If all goes well you will see some progress reports (more with --verbose) and a .deb file should eventually appear in /var/cache/debian-builder/deb.

The script will take care of installing all the packages which are required to build the named package, and then removing anything it installed afterwards.

Simply download the tarball and run 'make install'.

If you wish to use the SSP protection you will need to download:

• The SSP Enabled GCC
  • This gives you a GCC with a new argument -fstack-protector
• wrap-gcc
  • This will automatically ensure that -fstack-protector is always applied when GCC is invoked.

There is a rough guide to enabling SSP protection online.

• debian-builder-1.5.tar.gz [11k]
• debian-builder-1.5.tar.gz.asc -1k (GPG signature which may be validated using my public key).

To answer the single most common question, this software builds a single package only, not any of the dependencies.

There is a demo script included to manage building dependencies - but it's imagined that this is best handled by some form of queuing demon.