Re: Enabling hardened build flags for Wheezy
* Charles Plessy <firstname.lastname@example.org> [120430 04:31]:
> Sorry to rant again, but am I the only one thinking that we are in most of the
> case wasting everybody's time by not simply passing all the hardening flags by
> default in CFLAGS ? In my experience (and I maintain more than 100 packages),
> it is extremely rare to need to ensure that the compiler, preprocessor and
> linker flags are in three separate variables.
> When we need to modify a large number of packages in order to propagate a
> change, isn't this meaning that we are not picking the most efficient defaults ?
As I wrote again, keeping them seperate means you can support both
cases: systems following GNU coding standards to keep them seperate and
systems wanting them in one place. If you mix them first you cannot
seperate them later.
There is also no way this can work without any maintainer intervention.
You need to look what the flags are called. It is quite common for
hand-written flags to use CFLAGS where CXXFLAGS is meant for example.
So you as maintainer have to decide what mapping to use anyway.
If you need CFLAGS='$(CFLAGS)' CPPFLAGS='$(CPPFLAGS)' or
CFLAGS='$(CXXFLAGS)' CPPFLAGS='$(CPPFLAGS)' or
CFLAGS='$(CPPFLAGS) $(CFLAGS)' or
CFLAGS='$(CPPFLAGS) $(CXXFLAGS)' or even something like
CFLAGS='$(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS)'.
So what we have is already the most efficient default and also the only
one always working.
Bernhard R. Link