Re: dpkg-buildflags bindnow

To: debian-science@lists.debian.org
Cc: Jonathon Love <jon@thon.love>
Subject: Re: dpkg-buildflags bindnow
From: Stuart Prescott <stuart@debian.org>
Date: Sat, 03 Sep 2016 16:24:23 +1000
Message-id: <[🔎] 2001833.FAaRDCeSx7@jatayu>
In-reply-to: <[🔎] b1d50b63-308a-4bf0-24db-4246e8ac9303@thon.love>
References: <[🔎] b1d50b63-308a-4bf0-24db-4246e8ac9303@thon.love>

Hi Jonathon,

> one proposed solution[1] is to add
> 
>      $(shell dpkg-buildflags --get LDFLAGS)
> 
> to the LDFLAGS
> 
> however, dpkg-buildflags does *not* add flags for bindnow by default[2],
> and the system needs additional configuration to add these.

Buried elsewhere on the wiki page is that you also need to enable additional 
hardening options for dpkg-buildflags to include bindnow. For lots of common 
build systems, dh will actually already include dpkg-buildflags --get LDFLAGS 
for you, the trick is to tell dpkg-buildflags to include yet more.

Often, this is sufficient:

	export DEB_BUILD_MAINT_OPTIONS = hardening=+all

Sometimes, though, the upstream build system resets the flags and so a little 
additional fiddling is required, patching Makefiles etc until it behaves better.

cheers
Stuart


-- 
Stuart Prescott    http://www.nanonanonano.net/   stuart@nanonanonano.net
Debian Developer   http://www.debian.org/         stuart@debian.org
GPG fingerprint    90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7

Reply to:

Follow-Ups:
- Re: dpkg-buildflags bindnow
  - From: Bálint Réczey <balint@balintreczey.hu>

References:
- dpkg-buildflags bindnow
  - From: Jonathon Love <jon@thon.love>

Prev by Date: dpkg-buildflags bindnow
Next by Date: r-cran-rprotobuf 0.4.5-1 ready for upload
Previous by thread: dpkg-buildflags bindnow
Next by thread: Re: dpkg-buildflags bindnow
Index(es):
- Date
- Thread