Re: ncbi-blast+ "hardening-no-fortify-functions"

To: Olivier Sallou <olivier.sallou@irisa.fr>
Cc: Debian Med Project List <debian-med@lists.debian.org>, "Aaron M. Ucko" <ucko@debian.org>
Subject: Re: ncbi-blast+ "hardening-no-fortify-functions"
From: ucko@debian.org (Aaron M. Ucko)
Date: Fri, 21 Sep 2012 13:37:21 -0400
Message-id: <[🔎] udlzk4j6zvy.fsf@dr-wily.mit.edu>
In-reply-to: <[🔎] 505C9EDA.8050803@irisa.fr> (Olivier Sallou's message of "Fri, 21 Sep 2012 19:07:38 +0200")
References: <[🔎] 505C9EDA.8050803@irisa.fr>

Hi, Olivier.

This is a false alarm, which you can safely ignore; blhc confirms that
all is well:

$ blhc --ignore-flag -g --ignore-flag -O2 ncbi-blast+_2.2.26-3_amd64.build
LDFLAGS missing (-fPIE -pie): /usr/bin/g++  -Wl,--enable-new-dtags -pthread -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -O -Wl,-E  file_contents.o msvc_configure.o msvc_makefile.o msvc_masterproject_generator.o msvc_prj_generator.o msvc_prj_utils.o msvc_project_context.o msvc_site.o msvc_sln_generator.o proj_builder_app.o proj_datatool_generated_src.o proj_item.o proj_tree.o proj_tree_builder.o proj_src_resolver.o proj_utils.o resolver.o msvc_configure_prj_generator.o proj_projects.o msvc_dlls_info.o msvc_prj_files_collector.o configurable_file.o ptb_gui.o ptb_registry.o mac_prj_generator.o prj_file_collector.o   -Wl,-rpath,/usr/lib/ncbi-blast+ -Wl,-rpath-link,/home/amu/src/ncbi-blast+/build-area/ncbi-blast+-2.2.26/c++/BUILD/lib -L/home/amu/src/ncbi-blast+/build-area/ncbi-blast+-2.2.26/c++/BUILD/lib -lxutil -lxncbi -lxregexp -lpcre  -lrt -lm  -lpthread -o project_tree_builder
$

(project_tree_builder is an internal build tool that we don't actually install.)

Thanks for checking!

-- Aaron

Olivier Sallou <olivier.sallou@irisa.fr> writes:

> Hi,
> I have built and update svn for new release of ncbi-blast+.
> I have however many warning on lintian:
>
> W: ncbi-blast+: hardening-no-fortify-functions usr/bin/blastdb_aliastool
> W: ncbi-blast+: hardening-no-fortify-functions usr/bin/makeblastdb
> W: ncbi-blast+: hardening-no-fortify-functions usr/bin/makeprofiledb
> W: ncbi-blast+: hardening-no-fortify-functions
> usr/lib/ncbi-blast+/libblastdb_format.so
> W: ncbi-blast+: hardening-no-fortify-functions
> usr/lib/ncbi-blast+/libentrez2.so
> W: ncbi-blast+: hardening-no-fortify-functions
> usr/lib/ncbi-blast+/libentrez2cli.so
> W: ncbi-blast+: hardening-no-fortify-functions
> usr/lib/ncbi-blast+/libid2_split.so
> W: ncbi-blast+: hardening-no-fortify-functions
> usr/lib/ncbi-blast+/libigblast.so
> W: ncbi-blast+: hardening-no-fortify-functions
> usr/lib/ncbi-blast+/libncbi_xloader_blastdb.so
> ....
>
> I have looked at lintian detail and
> http://wiki.debian.org/Hardening#Using_Hardening_Options but this not
> clear to me.
>
> should I add as build-depends hardening-wrapper then add to debian/rules :
>
> export DEB_BUILD_HARDENING=1
>
> Or ,... any idea if this can be ignored or what should be done?
>
> Olivier

Reply to:

References:
- ncbi-blast+ "hardening-no-fortify-functions"
  - From: Olivier Sallou <olivier.sallou@irisa.fr>

Prev by Date: ncbi-blast+ "hardening-no-fortify-functions"
Next by Date: InVesalius 3 Beta
Previous by thread: ncbi-blast+ "hardening-no-fortify-functions"
Next by thread: InVesalius 3 Beta
Index(es):
- Date
- Thread