[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Enabling hardened build flags for Wheezy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Charles,

On 07.03.2012 00:58, Charles Plessy wrote:
> Would it be possible to pass -D_FORTIFY_SOURCE=2 in CFLAGS in 
> addition to CPPFLAGS ?

Actually dpkg did in 1.16.1 which was reverted later (for good
reasons). See #643632 for details.

You can easily inject CPPFLAGS into CFLAGS if your upstream Makefile
does cope with CFLAGS only by doing something like:

CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(shell
dpkg-buildflags --get CPPLAGS)
LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS)
export CFLAGS LDFLAGS

n.b. you need a build dependency against dpkg-dev >= 1.16.1 doing so.

- -- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPVqZeAAoJEMcrUe6dgPNtdqIP/3trPYFCuTbUx2rLW5x/99UL
rdxozFS3gKApy7rm8tILIhuCB58hJ1GcVaoiFcD7WAsGYS8iTwD9vdmcMPHtpKK+
36iRfpWao8r06O8kuuXGGchPmUudeASSkh67yIDwsazli21WZxNxaVl0VRQhvsFW
SVTdSPEwXQdfJrjvngSQItfqOBEUoV3OYI+pTk0LW58lfEHlPE6WkCZrc7SipQQ4
dx2KPnnEHEJRfexZ6/J56YtDkg/wxze2vAamwlbbY88zctv1O9h5HPsZbMovfS79
fcxAbsHn/4xkruRmlPhcCFIu3cSh5bk6Cp5NsL2o6HPmSfdhBWxxsyu2oUiNeDQa
DKV750cdNHJwK5tMDupbssJrOBqqk0RkKZDzkk/RYP/ncXlHPMGZYjx5ESLGuUt4
seNkdq+dT3PGrZ1F1ziLB2TKWAZ7Uldjc6t1LI4xOC+hG/vdi4s9nEZCaJ41YfTA
EiI7CZWKq+aC2FW2dcPZLIbKCsV2cYP2UkQFcVLWUQtbJB3WXTTLRcX+nc9brfhp
xOZp+f8vcqif8XqcNxvwgyKc97tNWjnwYMdtFaQ6MpgYCmnECJtUkSeenPsgkCJh
D1p1adDivyq1CCegz4ONIux94wIC8e75ZdX0eAacm3tmErPMP3mF2NpdtSeuuVp1
9O9t+6PruQQZNDsnJvYL
=Xeea
-----END PGP SIGNATURE-----
Reply to: