Bug#644412: dpkg-buildflags: use DEB_BUILD_MAINT_OPTIONS when including buildflags.mk

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#644412: dpkg-buildflags: use DEB_BUILD_MAINT_OPTIONS when including buildflags.mk
From: Pierre Chifflier <pollux@debian.org>
Date: Wed, 05 Oct 2011 17:29:32 +0200
Message-id: <20111005152932.27231.32742.reportbug@ks26688.kimsufi.com>
Reply-to: Pierre Chifflier <pollux@debian.org>, 644412@bugs.debian.org

Package: dpkg
Version: 1.16.1
Severity: normal

Hi,

When using the following Makefile snippet:

DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow
export DEB_BUILD_MAINT_OPTIONS
-include /usr/share/dpkg/buildflags.mk
export CFLAGS LDFLAGS

The variable DEB_BUILD_MAINT_OPTIONS is not used, and the variables
(CFLAGS etc.) does not have the expected value.

A possible solution would be to modify /usr/share/dpkg/buildflags.mk to
use the variables when running the shell command, for ex using something
like:
DEB_BUILD_MAINT_OPTIONS="$(DEB_BUILD_MAINT_OPTIONS)" dpkg-buildflags <args>

This would greatly help for the hardening goal by keeping the inclusion
of the file optional (for backports) and adding options like pie and
bindnow to the hardening flags.

Thanks,
Pierre

Reply to:

Prev by Date: Re: s3ql: uninstallable on kfreebsd-i386 or kfreebsd-amd64
Next by Date: Processed: reassign 644412 to dpkg-dev
Previous by thread: Re: postinst corrupts my settings after a 'apt-get upgrade'.
Next by thread: Processed: reassign 644412 to dpkg-dev
Index(es):
- Date
- Thread