On Tue, Jun 24, 2014 at 11:46:32AM -0700, Russ Allbery wrote:
> Speaking as one of the people maintaining a package that still uses
> hardening-wrapper, some packages have build systems that are quite
> difficult to patch to use packaging-provided compiler flags. It's
> definitely an upstream bug, but....
So if the compiler diversion itself is valuable, we can just remove all
the logic from hardening-wrapper and use something conceptually like the
following as the wrapper:
#!/bin/sh
if [ "$DEB_BUILD_HARDENING" = "1" ]; then
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
eval $(/usr/bin/dpkg-buildflags --export=sh)
fi
exec /usr/bin/cc $CPPFLAGS $CFLAGS "$@"
--
Romain Francoise <[email protected]>
http://people.debian.org/~rfrancoise/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
