Re: DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds

To: debian-devel@lists.debian.org
Subject: Re: DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds
From: Christian Kastner <ckk@debian.org>
Date: Sat, 21 May 2016 20:46:10 +0200
Message-id: <[🔎] 5740ACF2.70807@debian.org>
In-reply-to: <[🔎] 20160521173219.GA10399@thunk.org>
References: <[🔎] 20160521173219.GA10399@thunk.org>

On 2016-05-21 19:32, Theodore Ts'o wrote:
> What is the suggested workaround if you have a package that has both
> executables and shared libraries, and you want to enable pie
> hardening for the executables?

Here's one possible solution:

    https://sources.debian.net/src/keyutils/1.5.9-9/debian/patches/hardening.patch/

I've applied this pattern to a number of packages and it works quite well.

Regards,
Christian

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds
  - From: Theodore Ts'o <tytso@mit.edu>

Prev by Date: Re: DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds
Next by Date: Re: Bug#824884: netbase: should not recommend ifupdown
Previous by thread: Re: DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds
Next by thread: Re: DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds
Index(es):
- Date
- Thread