Bug#702349: Info received (Bug#702349: lintian should not complain about hardening for package written in pure Ocaml)

To: 702349@bugs.debian.org, control@bugs.debian.org
Subject: Bug#702349: Info received (Bug#702349: lintian should not complain about hardening for package written in pure Ocaml)
From: Török Edwin <edwin@skylable.com>
Date: Wed, 15 Jul 2015 16:37:22 +0300
Message-id: <[🔎] 55A66212.6010406@skylable.com>
Reply-to: Török Edwin <edwin@skylable.com>, 702349@bugs.debian.org
In-reply-to: <handler.702349.B702349.143695470416195.ackinfo@bugs.debian.org>
References: <[🔎] 55A62E36.3080303@skylable.com> <handler.702349.B702349.143695470416195.ackinfo@bugs.debian.org>

block 702349 by 792502
Thanks

Updated patch attached, all the hardening-no-relro warnings are gone now.
I've opened a bug for the ocaml package.

--- a/debian/patches/0010-Obey-ldflags.patch	1970-01-01 02:00:00.000000000 +0200
+++ b/debian/patches/0010-Obey-ldflags.patch	2015-07-15 15:59:20.600661858 +0300
@@ -0,0 +1,34 @@
+Description: use CCLINKFLAGS for linking all executables and shared libraries
+ This allows packagers to set additional linker flags for executables and shared
+ libraries created by OCaml, and for the OCaml tools themselves.
+ OCaml code can be linked with various C stubs and C libraries that would
+ benefit from using hardening link flags, such as -Wl,-z,relro.
+---
+
+Origin: other
+Bug-Debian: https://bugs.debian.org/702349
+Forwarded: no
+Last-Update: <2015-07-15>
+
+--- ocaml-4.02.1.orig/configure
++++ ocaml-4.02.1/configure
+@@ -739,6 +739,8 @@ if test $with_sharedlibs = "yes"; then
+       shared_libraries_supported=true;;
+   esac
+ fi
++mksharedlib="$mksharedlib $CCLINKFLAGS"
++mkexe="$mkexe $CCLINKFLAGS"
+ 
+ if test -z "$mkmaindll"; then
+   mkmaindll=$mksharedlib
+--- ocaml-4.02.1.orig/tools/Makefile.shared
++++ ocaml-4.02.1/tools/Makefile.shared
+@@ -278,7 +278,7 @@ beforedepend:: opnames.ml
+ 
+ objinfo_helper$(EXE): objinfo_helper.c ../config/s.h
+ 	$(BYTECC) -o objinfo_helper$(EXE) $(BYTECCCOMPOPTS) \
+-          objinfo_helper.c $(LIBBFD_LINK)
++          objinfo_helper.c $(LIBBFD_LINK) $(CCLINKFLAGS)
+ 
+ OBJINFO=../compilerlibs/ocamlcommon.cma \
+         ../compilerlibs/ocamlbytecomp.cma \
diff -rNu ../o/ocaml-4.02.1/debian/patches/series debian/patches/series
--- a/debian/patches/series	2014-11-20 17:48:56.000000000 +0200
+++ b/debian/patches/series	2015-07-15 16:07:10.622247953 +0300
@@ -7,3 +7,4 @@
 0007-Tune-resource-usage-of-some-tests.patch
 0008-Native-backtraces-don-t-work-on-powerpc-and-sparc.patch
 0009-Fix-asmcomp-tests-on-sparc.patch
+0010-Obey-ldflags.patch
--- a/debian/rules	2015-02-16 12:37:56.000000000 +0200
+++ b/debian/rules	2015-07-15 15:54:11.360881817 +0300
@@ -59,6 +59,9 @@
 export OCAML_OPT_ARCH
 export OCAML_STDLIB_DIR
 
+export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow
+export CCLINKFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
+
 CONFIGURE_OPTS := \
   --host $(DEB_BUILD_GNU_TYPE)\
   --with-pthread -prefix $(DEB_TEST_BUILD_PREFIX)/usr \

Reply to:

Follow-Ups:
- Processed: Re: Bug#702349: Info received (Bug#702349: lintian should not complain about hardening for package written in pure Ocaml)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#702349: lintian should not complain about hardening for package written in pure Ocaml
  - From: Török Edwin <edwin@skylable.com>

Prev by Date: Bug#792501: lintian: rcS.d check should whitelist units masked by systemd
Next by Date: Processed: Re: Bug#702349: Info received (Bug#702349: lintian should not complain about hardening for package written in pure Ocaml)
Previous by thread: Bug#702349: lintian should not complain about hardening for package written in pure Ocaml
Next by thread: Processed: Re: Bug#702349: Info received (Bug#702349: lintian should not complain about hardening for package written in pure Ocaml)
Index(es):
- Date
- Thread