Bug#628515: recommending verbose build logs
let me follow-up on this before jessie opens, and hopefully we can come to an
agreement how to get this done for jessie. Since 2011, some tools are now
looking at build logs (or should), and verbose build logs are required to make
more use of these tools:
- the build log checker: https://buildd.debian.org/~brlink/
now identifies 995 packages with "compiler-flags-hidden", so that
seem to be ~15% of all source packages building architecture dependent
packages which cannot be analysed by the build log checker.
- hardening is a release goal for wheezy. The current approach to
analyse the binaries for hardened compiler flags gives many false
positives for extension modules for interpreted languages. So
a build log check could be used to eliminate these false positives.
So we have a release goal, but incomplete tools to diagnose if
we meet this goal.
Afaics, hardening-wrapper can not:
- see if a binary was built with -O0, and stop complaining about
fortify (#694618),
- can not diagnose objects not referencing any of the fortify
functions provided by glibc.
A build log check based on verbose build logs would help here.
> I suppose we want the autobuilders to generate verbose log,
> but I am not sure if we want the autobuilders to use a non-empty
> DEB_BUILD_OPTIONS (and whether we can).
Most autobuilders already set DEB_BUILD_OPTIONS=parallel=<n>, so this can be
done, and is already in use.
Using the `terse' or `silent' keyword sounds fine. However maybe make it clear
how DEB_BUILD_OPTIONS=verbose,terse would work (suggesting here that verbose
should overwrite terse).
Matthias
Reply to: