On 10/05/13 20:15, Markus Koschany wrote:
On 10.05.2013 11:38, Steven Hamilton wrote:
Hi folks,
I'm adopting and repacking Powder as per bug #691835. In addition to
modernising the package I'm attempt to harden it. The package uses a
custom shell script to build which I fork out of the rules file. No
matter what I do though I can't fully harden it with the best I can get
being this;
Hi Steven,
you can use
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
in debian/rules to activate all hardening features.
Yep, unfortunately the buildall.sh script that's spawned out of the
rules file only supports CXXFLAGS and LDFLAGS so I need to pull them
from dpkg=buildflags and spawn the vars out infront of the script. A bit
ugly but it works. I've also now found the error with PIE. Turns out the
script was building a binary with a static libstdc++.a which is only of
any use when moving a binary between systems. Since we're building
against a known ABI we can run dynamic and get PIE support. I've patched
the buildall.sh to support this. Upload to mentors coming soon.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
