[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need help to fix hardening-no-relro and hardening-no-relro

Alex Vong wrote:
> Maybe overriding CFLAGS and CPPFLAGS but not LDFLAGS will solve FTBFS.
> 
> For example in debian/rules,
> 
> CFLAGS = '-Ofoo'
> CPPFLAGS = '-Dfoo'
> LDFLAGS += '-lfoo'
> 
> override_dh_auto_configure:
> 	dh_auto_configure -- --enable-foo

This is wrong. You should *not* overwrite default CFLAGS / CPPFLAGS and
so on. This is precisely what usually results in poor hardening. Just
imaging what will happen if tomorrow there is a new flag to set?

If you really need to add some stuff, you can use
DEB_CFLAGS_MAINT_APPEND, and similar. See dpkg-buildflags(1).
Reply to: