Re: dh: default cmake options overridden

To: debian-mentors@lists.debian.org
Subject: Re: dh: default cmake options overridden
From: "Rebecca N. Palmer" <r.palmer@bham.ac.uk>
Date: Thu, 12 Jun 2014 08:51:03 +0100
Message-id: <[🔎] 53995BE7.3000809@bham.ac.uk>
In-reply-to: <[🔎] CAK6Z60f_9DZV7p_Zfw-zqjMyvMuWsy4osTiYZApKG0BX30sWLA@mail.gmail.com>

Ubuntu has some of its security flags enabled by default in the compileritself, so explicit hardening CFLAGS are unnecessary (but harmless):https://wiki.ubuntu.com/Security/Features

To check that this has worked, you can usehttps://wiki.debian.org/Hardening#Validation

However, that's the case in both 12.04 and 14.04, and dpkg-buildflagsstill includes them:

trusty$ dpkg-buildflags

CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-Werror=format-security

CPPFLAGS=-D_FORTIFY_SOURCE=2

CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat-Werror=format-security

FFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
GCJFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro

Reply to:

References:
- Re: dh: default cmake options overridden
  - From: Nico Schlömer <nico.schloemer@gmail.com>

Prev by Date: Bug#736379: marked as done (RFS: python-aosd/0.2.3-1 [ITP])
Next by Date: Re: Python 3 only package
Previous by thread: Re: dh: default cmake options overridden
Next by thread: Bug#751208: RFS: lusernet.app/0.4.2-7
Index(es):
- Date
- Thread