Re: Please help fix lintian hardening-no-relro problem
Thanks for your response.
On Sun, 07 Sep 2014 16:55:14 +0600, Andrey Rahmatullin wrote:
> On Sat, Sep 06, 2014 at 08:56:50PM +0000, T o n g wrote:
>> Yes, that's the first thing I tried, but still get the "hardening-no-
>> relro" problem:
>> https://github.com/suntong001/histring/blob/master/debian/rules
>> https://github.com/suntong001/histring/archive/master.zip
> No, this version doesn't have this problem.
hmm... here is my log, duplicated from http://paste.debian.net/120325/
for your convenience:
$ cat debian/rules
#!/usr/bin/make -f
#export DH_VERBOSE=1
%:
dh $@
$ cat Makefile
INSTALL = /usr/bin/install -c
# == Installation directories
prefix = ${DESTDIR}/usr
mandir = ${prefix}/share/man/man1
exec_prefix = ${prefix}
bindir = ${exec_prefix}/bin
all: histring
histring: histring.c getopt.c getopt1.c getopt.h
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $@.c -o $@
clean:
rm -f *.o *~
cleanall: clean
rm -f histring
install:
$(INSTALL) -m 755 -d $(bindir)
$(INSTALL) -m 755 -d $(mandir)
$(INSTALL) -m 755 -s histring $(bindir)
$(INSTALL) -m 644 debian/histring.1 $(mandir)
$ debuild -i -us -uc -b
dpkg-buildpackage -rfakeroot -D -us -uc -i -b
dpkg-buildpackage: warning: using a gain-root-command while being root
dpkg-buildpackage: source package histring
dpkg-buildpackage: source version 1.1.0-2
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Tong Sun
<suntong001@users.sourceforge.net>
dpkg-source -i --before-build histring-1.1.0_Simplified
dpkg-buildpackage: host architecture amd64
fakeroot debian/rules clean
dh clean
dh_testdir
dh_auto_clean
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0_Simplified'
rm -f *.o *~
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0_Simplified'
dh_clean
debian/rules build
dh build
dh_testdir
dh_auto_configure
dh_auto_build
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0_Simplified'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0_Simplified'
dh_auto_test
fakeroot debian/rules binary
dh binary
dh_testroot
dh_prep
dh_auto_install
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0_Simplified'
/usr/bin/install -c -m 755 -d /export/build/pkg/histring/bld/
histring-1.1.0_Simplified/debian/histring/usr/bin
/usr/bin/install -c -m 755 -d /export/build/pkg/histring/bld/
histring-1.1.0_Simplified/debian/histring/usr/share/man/man1
/usr/bin/install -c -m 755 -s histring /export/build/pkg/histring/bld/
histring-1.1.0_Simplified/debian/histring/usr/bin
/usr/bin/install -c -m 644 debian/histring.1 /export/build/pkg/histring/
bld/histring-1.1.0_Simplified/debian/histring/usr/share/man/man1
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0_Simplified'
dh_installdocs
dh_installchangelogs
dh_installman
dh_perl
dh_link
dh_compress
dh_fixperms
dh_strip
dh_makeshlibs
dh_shlibdeps
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `histring' in `../
histring_1.1.0-2_amd64.deb'.
dpkg-genchanges -b >../histring_1.1.0-2_amd64.changes
dpkg-genchanges: binary-only upload (no source code included)
dpkg-source -i --after-build histring-1.1.0_Simplified
dpkg-buildpackage: binary-only upload (no source included)
Now running lintian...
warning: the authors of lintian do not recommend running it with root
privileges!
W: histring: hardening-no-relro usr/bin/histring
Finished running lintian.
Note the second last line -- "hardening-no-relro".
>> > You are not using dh_auto_* commands nor exporting flags manually,
>> > hence dpkg-buildflags isn't used in the build process.
>> Would you mind telling me how to do it please? I'm reverting back to
>> such unnecessarily long d/rules because I wasn't able to put back the
>> auto- make rules back into the above short version.
> What "automake rules"?
Oh, I meant using './configure' to generate Makefile from Makefile.in or
Makefile.am. I don't know how to put the rules in to start from there.
thanks again
Reply to: