Re: hardening=+all caused CPPFLAGS missing (-D_FORTIFY_SOURCE=2)
Hi,
On Thu, Nov 05, 2020 at 08:49:33AM -0500, Tong Sun wrote:
> On Thu, Nov 5, 2020 at 8:21 AM Andrey Rahmatullin wrote:
> >
> > On Thu, Nov 05, 2020 at 08:08:17AM -0500, Tong Sun wrote:
> > > > > I used
> > > > >
> > > > > export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> > > > >
> > > > > to fix the hardening issue, but it yields the following error from blhc:
> > > > >
> > > > > CPPFLAGS missing (-D_FORTIFY_SOURCE=2)
> > > > >
> > > > > See https://salsa.debian.org/debian/shc/-/jobs/1126952
> > > > >
> > > > > I've tried some "solutions" that I found from the internet but nothing worked.
> > > > >
> > > > > Anyone know how to fix this please?
> > > > Remove "export CPPFLAGS = " from debian/rules.
> > >
> > > That was actually my "fix" -- There wasn't such a line and I got
> > > `CPPFLAGS missing (-D_FORTIFY_SOURCE=2)` in the first place.
> > And this "fix" removed -D_FORTIFY_SOURCE=2 from the main compilation
> > command as you can see if you compare the build logs, so removing it fixes
> > the actual problem.
>
> removing it yields
> https://salsa.debian.org/debian/shc/-/jobs/1138279
> the same as where it all begins --
> https://salsa.debian.org/debian/shc/-/jobs/1126858
So, looking at the build log after you removed the export from d/rules [1]
seens to build with -D_FORTIFY_SOURCE=2 (look at line 1223).
[1] https://salsa.debian.org/debian/shc/-/jobs/1138271
> > > Anything else I can do?
> > If blhc complains even without this line, I suspect it captures the
> > comnpilation lines from the tests, in which case you can either ignore
> > that or change the test commands. Always read the build log manually
> > before trying to fix blhc output.
This may be what's happening.
Cheers,
Charles
Reply to: