Sean Whitton <[email protected]> writes: > Russ Allbery [07/Feb 10:31am -08] wrote:
>> This is very rough wording; feedback welcome. In particular, I'm a bit >> worried this is too strong when it comes to flags from dpkg-buildflags >> that are fine to override, such as changing the optimization level. >> >> ``debian/rules`` and dpkg-buildflags >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> Source packages that invoke a compiler that is supported by >> :command:`dpkg-buildflags` should use that command to obtain the default >> flags to pass to the compiler. See :manpage:`dpkg-buildflags(1)` for more >> information. In many cases, this is handled automatically by the ``dh`` >> tool provided by the debhelper package. >> >> Packages that require special handling of compiler flags may selectively >> override the results of :command:`dpkg-buildflags` or avoid that command >> entirely, but only if the package maintainer is prepared to track future >> changes to the default compiler flags and update the package accordingly. >> This is normally only appropriate for packages such as ``glibc`` that have >> unique build considerations. > LGTM, though as suggested by subsequent discussion, maybe you could > expand the last sentence's discussion to include reference to the other > sorts of packages that Bill and Simon raise -- especially the crypto > libs case. Here this is turned into an actual patch. -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
>From 46654ef0c3135e371246e948e38ce8d161618917 Mon Sep 17 00:00:00 2001 From: Russ Allbery <[email protected]> Date: Sun, 8 Feb 2026 09:14:31 -0800 Subject: [PATCH] Require use of dpkg-buildflags Require (at the level of should) packages to get their default compiler flags from dpkg-buildflags if they use a supported compiler, but carve out an exception for packages like glibc, or packages that need special build flags for performance or security such as some crypto libraries. Closes: #1063605 --- policy/ch-source.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/policy/ch-source.rst b/policy/ch-source.rst index a2aa4cc..04a9957 100644 --- a/policy/ch-source.rst +++ b/policy/ch-source.rst @@ -670,6 +670,23 @@ Examples of valid use of the `gain root command`:: unshift(@cmd, split(' ', $ENV{DEB_GAIN_ROOT_CMD})) if $ENV{DEB_GAIN_ROOT_CMD}; system(@cmd) == 0 or die("@cmd failed"); +``debian/rules`` and dpkg-buildflags +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Source packages that invoke a compiler that is supported by +:command:`dpkg-buildflags` should use that command to obtain the default +flags to pass to the compiler. See :manpage:`dpkg-buildflags(1)` for more +information. In many cases, this is handled automatically by the ``dh`` +tool provided by the debhelper package. + +Packages that require special handling of compiler flags may selectively +override the results of :command:`dpkg-buildflags` or avoid that command +entirely, but only if the package maintainer is prepared to track future +changes to the default compiler flags and update the package as necessary. +This may be necessary for packages such as ``glibc`` that have special +build considerations, or packages that need specific compiler flags for +performance or security reasons such as some crypto libraries. + .. _s-substvars: Variable substitutions: ``debian/substvars`` -- 2.51.0
