Hi Martin, On Thu, Jul 14, 2022 at 10:25:35PM +0200, Martin Dosch wrote: > Dear Nilesh, > > On 13.07.2022 23:26, Nilesh Patra wrote: > > On Wed, Jul 13, 2022 at 04:21:49PM +0000, Martin Dosch wrote: > > > do you think adding the hardening flags mentioned in [1] to programs makes sense? > > > > It does, but it is mostly your choice here. Be sure to not append buildmode=pie for mips* > > archs though. > > Thank you very much for the info. So it would be best to set > `override_dh_auto_build` to use the hardening flags and an You might want to take a look at src:micro's d/rules file - hopefully that should do. > `override_dh_auto_build-$arch` for each mips architecture without hardening > flags? I was reading in the debhelper documentation but I am not sure this > is the right way. Ah, okay. You would need DEB_HOST_ARCH to detect arch. Just check and do not add in flags if it is mips. As an example you can take a look here[1] (Be sure to use DEB_HOST_ARCH and not DEB_BUILD_ARCH -- looks like it is done wrong for docker) Let me know if you need more help! [1]: https://sources.debian.org/src/docker.io/20.10.14+dfsg1-1/debian/rules/?hl=49#L49 -- Regards, Nilesh
Attachment:
signature.asc
Description: PGP signature