Bug#760100: pixman: Simplify handling of dpkg-buildflags

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#760100: pixman: Simplify handling of dpkg-buildflags
From: intrigeri@debian.org
Date: Sun, 31 Aug 2014 10:06:52 -0700
Message-id: <[🔎] 854mwsbnbn.fsf@boum.org>
Reply-to: intrigeri@debian.org, 760100@bugs.debian.org

Source: pixman
Version: 0.32.6-3
Severity: wishlist
Tags: patch
X-Debbugs-Cc: Simon Ruderich <simon@ruderich.org>

Hi,

please consider applying the attached patchset, that simplifies the
handling of dpkg-buildflags, and makes the hardening flags more
future-proof.

Cheers,
--
intrigeri

>From 173bc48d419d88982f1ce8efe389aad51d114f8f Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Sun, 31 Aug 2014 16:53:25 +0000
Subject: [PATCH 1/3] Simplify hardening build flags handling. Thanks to Simon
 Ruderich <simon@ruderich.org> for the patch.

Quoting Simon Ruderich <simon@ruderich.org>:
"There's no need to use dpkg-buildflags manually in debian/rules.
Debhelper with compat=9 automatically enables the hardening flags when
dh_auto_configure is used. So just by calling dh_auto_configure [...]
the hardening flags get automatically passed to the build system.
DEB_BUILD_MAINT_OPTIONS is also respected."
---
 debian/rules | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/debian/rules b/debian/rules
index a8100d2..99d67fc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,8 +11,7 @@ override_dh_auto_configure:
 	# changelog entry:
 	LS_CFLAGS=" " dh_auto_configure -- --disable-gtk \
 	  --disable-silent-rules \
-	  --disable-arm-iwmmxt \
-	  $(shell dpkg-buildflags --export=configure)
+	  --disable-arm-iwmmxt
 
 # Install in debian/tmp to retain control through dh_install:
 override_dh_auto_install:
-- 
2.1.0

>From 7a54bf14aaab563d9dda268c14d8116a569385b8 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Sun, 31 Aug 2014 16:54:54 +0000
Subject: [PATCH 2/3] Enable all hardening build flags. Thanks to Simon
 Ruderich <simon@ruderich.org> for the patch.

Quoting Simon again: "It currently has the same effect as hardening=+bindnow,
but will automatically enable future hardening options and in case the package
will ever build binaries those are immediately protected with PIE as well."
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 99d67fc..a0e0b9e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
 PACKAGE = libpixman-1-0
 SHLIBS  = 0.25.2
 
-export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 # Disable Gtk+ autodetection:
 override_dh_auto_configure:
-- 
2.1.0

>From 90bc2385a5cda5ed95af24f8b2e183e550175d88 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Sun, 31 Aug 2014 16:56:42 +0000
Subject: [PATCH 3/3] Update changelog.

Git-Dch: Ignore
---
 debian/changelog | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f5ebabf..ee81d21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+pixman (0.32.6-4~1.gbp7a54bf) UNRELEASED; urgency=medium
+
+  ** SNAPSHOT build @7a54bf14aaab563d9dda268c14d8116a569385b8 **
+
+  * Simplify hardening build flags handling.
+    Thanks to Simon Ruderich <simon@ruderich.org> for the patch.
+  * Enable all hardening build flags. Thanks to Simon Ruderich too.
+
+ -- intrigeri <intrigeri@debian.org>  Sun, 31 Aug 2014 09:56:17 -0700
+
 pixman (0.32.6-3) sid; urgency=medium
 
   [ intrigeri ]
-- 
2.1.0

Reply to:

Prev by Date: Processed: your mail
Next by Date: xorg-server: Changes to 'debian-unstable'
Previous by thread: Processed: your mail
Next by thread: xorg-server: Changes to 'debian-unstable'
Index(es):
- Date
- Thread