Re: Suggested buildd log check
* Matthias Klose <doko@debian.org> [111126 15:50]:
> It would be good not to limit this to warnings only. Another use case is the
> check if build flags are really passed to the upstream build system; this seems
> to be a requisite to the hardening release goal, because you generally can't see
> for every object in the resulting binary if it was built with or without
> hardening defaults.
This was already on my TODO list, but not near the top. So if
anyone has some ideas or wants to write some little checkscript to look
for those that would very much be appreciated.
I guess one needs:
- some checks to look for builds hiding compiler options
(as that makes detecting which build flags impossible and
also means porters have it much harder to investigate stuff)
- some way to find out which buildflags the package got if it asked.
(version of dpkg-buildflags exporting those also printed them.
Currently there is no such information in the log. One might guess
them from looking what dpkg-dev version was installed, but I guess
it might be best to have dpkg-buildpackage print them and that
information extracted).
- some way to identify command lines calling a compiler. gcc can be
called as cc, gcc, or something like i486-gnu-gcc. (similar for g++).
Bernhard R. Link
P.S: I guess the discussion left the topic of this mailing list. Any
better to switch to?
Reply to: