> Hmm, I am not sure. Reading [1], I don't see the wrapper being > deprecated. But I do see that you have more options in the recommended > dpkg-buildflags section than just to switch to dh, i.e. using them > directly. I don't have experience with these hardening options, but I > think I like the following better: > DPKG_EXPORT_BUILDFLAGS = 1 > include /usr/share/dpkg/buildflags.mk > CFLAGS += -g -O$(if $(findstring noopt,$(DEB_BUILD_OPTIONS)),0,2) > LDFLAGS += "-Wl,--as-needed" > > But maybe other mentors can state their opinion as well. > > [1] http://wiki.debian.org/Hardening
In addition to the above, I added: export DEB_BUILD_MAINT_OPTIONS = hardening=+all before the buildflags include to get a fully hardened binary. According to hardening-check, it works. New NMU diff coming soon. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org