Re: blt repackaged again, please advise on last lintian warnings

To: Paul Johnson <pauljohn32@gmail.com>
Cc: Debian Mentors <debian-mentors@lists.debian.org>
Subject: Re: blt repackaged again, please advise on last lintian warnings
From: Markus Wanner <markus@bluegap.ch>
Date: Thu, 07 Mar 2013 07:56:55 +0100
Message-id: <[🔎] 51383A37.6030107@bluegap.ch>
In-reply-to: <[🔎] CAErODj97pFATE6c-xaGLg2eOO=Ex2PE0P2jgHk76tMK5EA3QYw@mail.gmail.com>
References: <[🔎] CAErODj8Df=qDCGqZPAJ0d=B24wNNcROhVsLZT_BEuQ-FPTQKAg@mail.gmail.com> <[🔎] 51378BA7.6040808@bluegap.ch> <[🔎] CAErODj97pFATE6c-xaGLg2eOO=Ex2PE0P2jgHk76tMK5EA3QYw@mail.gmail.com>

Paul,

On 03/07/2013 06:29 AM, Paul Johnson wrote:
> version 5 is the version we've been using "around here" for a few
> years.  There never was an official -5 in Debian, of course, and I'm
> starting to see why.

Fair enough.

>> Two things to mention here: that I stripped "-O2 -g" as well, because
>> these are defaults, anyway. "hardening=+all" causes -fPIE to be added to
>> the CFLAGS, which in turn causes compilation errors, so I dropped that line.
>>
> 
> Let me double check that you see same. After putting in the change you
> do, lintian still hates me:
> 
> W: blt: hardening-no-relro usr/lib/libBLT.2.4.so.8.4
> W: blt: hardening-no-fortify-functions usr/lib/libBLT.2.4.so.8.4
> W: blt: hardening-no-relro usr/lib/libBLT.2.4.so.8.5
> W: blt: hardening-no-fortify-functions usr/lib/libBLT.2.4.so.8.5
> W: blt: hardening-no-relro usr/lib/libBLTlite.2.4.so.8.4
> W: blt: hardening-no-fortify-functions usr/lib/libBLTlite.2.4.so.8.4
> W: blt: hardening-no-relro usr/lib/libBLTlite.2.4.so.8.5
> W: blt: hardening-no-fortify-functions usr/lib/libBLTlite.2.4.so.8.5
> 
> I put back in all the hardening options, except pie, still same result.

Only disabling PIE might be more sensible than removing the hardening
flags entirely, yeah.

> I did not understand your next point about LDFLAGS, but now I am
> starting to understand. The flags are happening because the flags
> "-Wl,-z,relro" are not getting tacked onto the end of the linker
> command. You think that's the problem?

Exactly. configure overrides LDFLAGS entirely, but the Makefile.in
doesn't use it, anyway. Instead it uses SHLIB_LD_FLAGS. The LDFLAGS set
in debian/rules don't make it there, so the linker gets invoked w/o them.

> Me neither. All that stuff is from the previous package maintainers.

To be honest, I tend to revamp the packaging. Or at least try to reduce
clutter a lot. Some of the changes to configure.in should better be
integrated upstream. Are you in contact with some upstream author? Maybe
they can take a look at 02-debian-all.diff and strip it down.

> Well, if I had written this code, I might be able to predict &
> understand the effect of a change like that. As it is, wouldn't you
> rather leave the image file in a place you know actually runs?

Well, I actually *don't* know it runs. But yeah, it's certainly not a
top priority.

> Thanks very much for your help.  Supposing that the hardening warnings
> are related to the linker thing, maybe I can find a way to slide in
> those flags and see if the warnings are solved. Just for fun.

It's not even just for fun. There's a good reason for hardening...
Anyway, good luck.

Regards

Markus Wanner

Reply to:

References:
- blt repackaged again, please advise on last lintian warnings
  - From: Paul Johnson <pauljohn32@gmail.com>
- Re: blt repackaged again, please advise on last lintian warnings
  - From: Markus Wanner <markus@bluegap.ch>
- Re: blt repackaged again, please advise on last lintian warnings
  - From: Paul Johnson <pauljohn32@gmail.com>

Prev by Date: Re: blt repackaged again, please advise on last lintian warnings
Next by Date: Bug#702492: RFS: anox/2.2-1
Previous by thread: Re: blt repackaged again, please advise on last lintian warnings
Next by thread: Bug#702328: RFS: lcmaps-plugins-jobrep/1.5.2-1 -- job repository plugin for the LCMAPS framework
Index(es):
- Date
- Thread