Hi Jean-Michel, Thanks for reminding me that overriding isn't safe.
Now I use `DEB_BUILD_MAINT_OPTIONS = hardening=-stackprotector' to remove `-fstack-protector-strong' since it makes the binary 10 times the size without the flag. The DEB_*_MAINT_* seems like a better way to manipulate flags since new flags can be added without me doing anything as you said. Maybe Lintian should add a new warning: Overrding *FLAGS in debian/rules. Cheers, Alex 2015-08-11 23:12 GMT+08:00, Jean-Michel Vourgère <[email protected]>: > Alex Vong wrote: >> Maybe overriding CFLAGS and CPPFLAGS but not LDFLAGS will solve FTBFS. >> >> For example in debian/rules, >> >> CFLAGS = '-Ofoo' >> CPPFLAGS = '-Dfoo' >> LDFLAGS += '-lfoo' >> >> override_dh_auto_configure: >> dh_auto_configure -- --enable-foo > > This is wrong. You should *not* overwrite default CFLAGS / CPPFLAGS and > so on. This is precisely what usually results in poor hardening. Just > imaging what will happen if tomorrow there is a new flag to set? > > If you really need to add some stuff, you can use > DEB_CFLAGS_MAINT_APPEND, and similar. See dpkg-buildflags(1). > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: https://lists.debian.org/[email protected] > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/cadrxhd9xgg+em4d77rvg9kh3zprx5qn8ftzm3auckduouaz...@mail.gmail.com
