Hi Raphael, On Mon, Jul 07, 2008 at 11:32:16PM +0200, Raphael Hertzog wrote: > On Mon, 07 Jul 2008, Kees Cook wrote: > > This is a patch that add support for the "hardening-wrapper" package's > > set of build flags, in the hopes of merging hardening-wrapper's > > functionality into dpkg-buildpackage at some point in the future. > > Thanks for the patch, but I really dislike the complexity of this whole > setup. > > Why couldn't hardening-wrapper use directly the hardening/no-hardening > options from DEB_BUILD_OPTIONS instead of requiring a complete set of > specific environment variables?
Well, the original goal was to move the hardening option knowledge out of hardening-wrapper and into dpkg-buildpackage, so this was designed to be a migration path. Since dpkg-buildpackage is setting the default compiler flags (-g -Wall, etc), this seemed like a sensible place for the other distro-wide flags to go live so we can get rid of the crazy hack that is hardening-wrapper. :) > dpkg-buildpackage would be modified to use a modified Dpkg::BuildOptions > that would do this "intelligent option forwarding" but that's all. > > How does that sound to you? > > Note that I'm not opposed to have dpkg-buildpackage enable hardening > by default in the future (by auto-setting the option unless instructed > otherwise by Build-Option: / DEB_BUILD_OPTIONS). For now, I just > want to not bloat dpkg-buildpackage with too much specific code like this > one and want to integrate this change in a more generic framework. Sure, I can certainly understand that. Will there be a framework that a compiler flag default option system can be plugged into? Thanks, -Kees -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
