[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice on a new package

On 30.08.2012 21:33, Juhani Numminen wrote:
> 2012/8/29 Boris Pek <Tehnick-8@yandex.ru>:
>>> The package has a Lintian warning: W: fortuner:
>>> hardening-no-fortify-functions usr/games/fortuner. How should that be
>>> treated?
>> http://wiki.debian.org/Hardening
>> Note: Lintian can generate false positive here. So you should check it manually.
> I can't solve this myself, if you have knowledge of this subject
> please take a look.
> Looks like the build flags are already there, even if I'm not using
> anything flags-thing in debian/rules. However, I get the following
> results:
> $ hardening-check debian/fortuner/usr/games/fortuner
> debian/fortuner/usr/games/fortuner:
>  Position Independent Executable: no, normal executable!
>  Stack protected: yes
>  Fortify Source functions: no, only unprotected functions found!
>  Read-only relocations: yes
>  Immediate binding: no, not found!

Hi Juhani,

i'm working on a debian package myself at the moment and i think the
recommended way to implement hardening is to use dpkg-buildflags.


In case you're using debhelper 9 (compat level 9) you can simply put a
line like this at the top of debian/rules

export DEB_BUILD_MAINT_OPTIONS = hardening=+all

Then you could also refrain from using

include /usr/share/dpkg/buildflags.mk

CFLAGS += -Wextra

If you discover a lintian warning again, you can look up more
information for example at


As Boris mentioned before lintian can produce false positives thus you
should investigate carefully again if "hardening=+all" isn't working as


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: