Source: rauc Version: 1.2-1 Severity: minor When building rauc 1.2-1 from the git repository cloned from salsa I get:
$ dpkg-buildpackage -uc -us ... $ lintian -EL '>=pedantic' ../rauc_1.2-1_amd64.changes I: rauc: hardening-no-fortify-functions usr/bin/rauc I: rauc-service: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/rauc.service I: rauc-service: systemd-service-file-missing-install-key lib/systemd/system/rauc.service I: rauc source: testsuite-autopkgtest-missing X: rauc source: upstream-metadata-file-is-missing . When I do mv .git ../rauc.git before building I get however: $ dpkg-buildpackage -uc -us ... $ lintian -EL '>=pedantic' ../rauc_1.2-1_amd64.changes I: rauc-service: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/rauc.service I: rauc-service: systemd-service-file-missing-install-key lib/systemd/system/rauc.service I: rauc source: testsuite-autopkgtest-missing X: rauc source: upstream-metadata-file-is-missing So the hardening-no-fortify-functions problem only occurs in the presence of the .git directory. This is related to ./configure assuming that debugging should be enabled if a .git directory exists which in turn adds -O0 to the command line (additionally to the -O2 that is present for both cases). According to https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_FORTIFY_.28gcc.2Fg.2B-.2B-_-D_FORTIFY_SOURCE.3D2.29 "for this feature to be fully enabled, the source must also be compiled with -O1 or higher." It is only little relevant for Debian as the packages are build from the source package and there is no .git directory, but it is still ugly. Maybe we should pass --disable-debugging to configure? Or convince upstream that this assumption (.git present => --enable-debug) is a bad idea? Best regards Uwe