Your message dated Sat, 26 Sep 2015 13:15:27 +0200
with message-id <[email protected]>
and subject line Re: [debhelper-devel] Bug#800012: Bug#800012: debhelper:
please call dpkg-buildflags --status on build
has caused the Debian Bug report #800012,
regarding debhelper: please call dpkg-buildflags --status on build
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
800012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800012
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debhelper
Version: 9.20150811
Severity: normal
Tags: patch
Hello,
blhc is used in the buildd log scanner [1] to detect missing
compiler (hardening) flags. At the moment only the default flags
provided by dpkg-buildflags are verified as blhc can't detect
additional flag options specified in debian/rules (e.g.
hardening=+pie or hardening=-fortify to exclude hardening flags).
Since dpkg 1.16.5 dpkg-buildflags supports a --status option
which displays the current settings.
Please call dpkg-buildflags --status when building a package.
The attached patch tries to implement it for the `dh` binary,
thus supporting (only) the new dh short rules, but I'm not sure
if this is the best way to handle it.
Would it be possible to also call dpkg-buildflags --status when
using only the traditional dh_* commands?
Regards
Simon
[1]: https://qa.debian.org/bls/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
--- /usr/bin/dh 2015-09-25 11:24:41.227536351 +0200
+++ /tmp/dh 2015-09-25 11:24:37.743528671 +0200
@@ -647,6 +647,14 @@
$stoppoint=command_pos($dh{BEFORE}, @sequence) - 1;
}
+# Print information about compiler flags to be later used when parsing the
+# build log (e.g. by blhc).
+if ($sequence eq 'build'
+ or $sequence eq 'build-arch'
+ or $sequence eq 'build-indep') {
+ doit('dpkg-buildflags', '--status');
+}
+
# Now run the commands in the sequence.
foreach my $i (0..$stoppoint) {
my $command=$sequence[$i];
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 2015-09-26 12:42, Simon Ruderich wrote:
> On Sat, Sep 26, 2015 at 09:17:00AM +0200, Niels Thykier wrote:
>> Hi Simon,
>>
>> Thanks for your interest in improving debhelper.
>>
>> To be honest, I am quite conflicted with this change.
>>
>> * Adding it directly in dpkg-buildpackage would give you a lot better
>> coverage.
>> - Have you proposed this to the dpkg maintainers?
>
> Hello Niels,
>
Hi,
> I first thought adding it to dpkg-buildpackage won't work, due to
> the following issue: The actually used flags are only known
> "inside" debian/rules (via environment variables like
> DEB_BUILD_MAINT_OPTIONS or DEB_flag_MAINT_PREPEND etc.). Calling
> just dpkg-buildflags from dpkg-buildpackage will only show the
> default flags. What's necessary is to run dpkg-buildflags from
> debian/rules for the proper environment, without modifying the
> file itself.
>
Ah, indeed. I had not thought of that.
> But I think I've found a solution which can be run from
> dpkg-buildpackage:
>
> [...]
>
> Suggestions to improve this are very welcome.
>
Thanks for coming up with it. :)
> I've provided a patch for dpkg-buildpackage in #800069, so please
> close this bug.
Ok, will do. :)
> Sorry for not thinking about it earlier and wasting your time.
>
> Regards
> Simon
>
> [...]
"Waste my time" is a bit strong here. :)
Thanks for coming up with an idea to improve Debian.
Thanks,
~Niels
--- End Message ---
