[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC PATCH] dpkg-buildflags: Switch to -fstack-protector-strong

On Tue, Jun 24, 2014 at 11:46:32AM -0700, Russ Allbery wrote:
> Speaking as one of the people maintaining a package that still uses
> hardening-wrapper, some packages have build systems that are quite
> difficult to patch to use packaging-provided compiler flags.  It's
> definitely an upstream bug, but....

So if the compiler diversion itself is valuable, we can just remove all
the logic from hardening-wrapper and use something conceptually like the
following as the wrapper:

#!/bin/sh
if [ "$DEB_BUILD_HARDENING" = "1" ]; then
    export DEB_BUILD_MAINT_OPTIONS=hardening=+all
    eval $(/usr/bin/dpkg-buildflags --export=sh)
fi
exec /usr/bin/cc $CPPFLAGS $CFLAGS "$@"

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/
Reply to: