[Pkg-security-team] [t50] 02/05: Remove -pie explicit flag It is already passed as hardening+=all.
Hello Samuel
When i first packaged t50, i needed to disable -pie flag because it
triggered a compilation error and i wasn't able to build the sources
with all the hardening flags (with just hardening=+all). As Rapha?l
points out, this is the opposite of you believe.
Anyway, you did a good move adapting my patch not to include the -g flag
but to get rid of other CPU specific artifacts. I just build the package
and it seems to be fine.
I updated the changelog to reflect your work in a new revision and added
a missing comma in control file.
IMHO, it worths a new upload in order to check if it builds on more
architectures.
Thanks for your help!
Cheers. Marcos
El 26/08/16 a las 09:18, Raphael Hertzog escribi?:
> Hello Samuel,
>
> On Fri, 26 Aug 2016, Samuel Henrique wrote:
>> commit a98efd4f46277440150dfb992165e7af714a7477
>> Author: Samuel Henrique <samueloph at gmail.com>
>> Date: Thu Aug 25 22:11:50 2016 -0300
>>
>> Remove -pie explicit flag
>> It is already passed as hardening+=all.
> Please respect the git conventions to format git commit logs.
> One line summary. One empty line. Then a long description.
>
>> -export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
>> +export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> Then I believe this commit to be wrong, or at least your description is
> wrong.
>
> "-pie" disables -fPIE while "+all" enables it... so it's not redundant,
> that was the correct syntax to say "enable everything except -fPIE".
>
> But if it works with -fPIE then there's no reason to disable it for sure.
> I did not check that.
>
> Cheers,
Reply to: