Re: hardening=+all caused CPPFLAGS missing (-D_FORTIFY_SOURCE=2)
On Thu, Nov 5, 2020 at 10:52 AM Carlos Henrique Lima Melara wrote:
>
> Hi,
>
> On Thu, Nov 05, 2020 at 08:49:33AM -0500, Tong Sun wrote:
> > On Thu, Nov 5, 2020 at 8:21 AM Andrey Rahmatullin wrote:
> > >
> > > On Thu, Nov 05, 2020 at 08:08:17AM -0500, Tong Sun wrote:
> > > > > > I used
> > > > > >
> > > > > > export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> > > > > >
> > > > > > to fix the hardening issue, but it yields the following error from blhc:
> > > > > >
> > > > > > CPPFLAGS missing (-D_FORTIFY_SOURCE=2)
> > > > > >
> > > > > > See https://salsa.debian.org/debian/shc/-/jobs/1126952
> > > > > >
> > > > > > I've tried some "solutions" that I found from the internet but nothing worked.
> > > > > >
> > > > > > Anyone know how to fix this please?
> > > > > Remove "export CPPFLAGS = " from debian/rules.
> > > >
> > > > That was actually my "fix" -- There wasn't such a line and I got
> > > > `CPPFLAGS missing (-D_FORTIFY_SOURCE=2)` in the first place.
> > > And this "fix" removed -D_FORTIFY_SOURCE=2 from the main compilation
> > > command as you can see if you compare the build logs, so removing it fixes
> > > the actual problem.
> >
> > removing it yields
> > https://salsa.debian.org/debian/shc/-/jobs/1138279
> > the same as where it all begins --
> > https://salsa.debian.org/debian/shc/-/jobs/1126858
>
> So, looking at the build log after you removed the export from d/rules [1]
> seens to build with -D_FORTIFY_SOURCE=2 (look at line 1223).
>
> [1] https://salsa.debian.org/debian/shc/-/jobs/1138271
>
> > > > Anything else I can do?
> > > If blhc complains even without this line, I suspect it captures the
> > > comnpilation lines from the tests, in which case you can either ignore
> > > that or change the test commands. Always read the build log manually
> > > before trying to fix blhc output.
>
> This may be what's happening.
So I just ignore it, without trying to fix blhc?
Reply to: