On 3 February 2017 at 20:07, Daniel Kahn Gillmor <[email protected]> wrote: > On Fri 2017-02-03 19:53:22 -0500, Paul Wouters wrote: >> On Fri, 3 Feb 2017, Daniel Kahn Gillmor wrote: >> >>> i notice that mk/userland-cflags.mk has -fstack-protector-all set inside >>> USERCOMPILE. >>> >>> However, there are at least two debian unofficial architectures (alpha >>> and hppa) where gcc doesn't have -fstack-protector available. >> >> You can pass USERCOMPILE= to the "make programs" ? >> eg you could use: >> >> make >> USERCOMPILE=" -fexceptions -fno-strict-aliasing -fPIE -DPIE >> -DFORCE_PR_ASSERT" \ >> programs
> This seems like an unpleasant maintenance situation to be in -- it means > that if you improve USERCOMPILE in mk/userland-cflags.mk at some point, > debian won't get those changes on these platforms unless i notice and > update them. What i really want is to be able to just strip one of > these options out on the two architectures. > > I can go this route if you prefer, but it seems unclean. any other > suggestions? Try thinking of of USERCOMPILE the same way you would think of CFLAGS when the build system uses autoconf: - its something reserved for the "user" - the person building the package - it would even be called CFLAGS except we've some messed up makefile vs kernel module build interaction So do we meet that expectation? -fexceptions -fstack-protector-all -fno-strict-aliasing -fPIE -DPIE -DFORCE_PR_ASSERT -fexceptions is officially used to support mixed C and C++ code. Unofficially, it makes for better back traces when debugging. -fstack-protector-all -fPIE -DPIE all depend on your level of paranoia -fno-strict-aliasing dates back to at least 2012 and 380de4f526c86b03cdb7fa58b7af0d2aaa191c8c. I don't believe we've any evidence for or against having this option That leaves -DFORCE_PR_ASSERT which dates back to https://lists.libreswan.org/pipermail/swan-dev/2014-February/000088.html I suspect it is no longer needed since all calls to PR_ASSERT seem to have disappeared. I'll remove it from USERCOMPILE and define it elsewhere. >>> You can detect it with something like: >>> >>> printf 'int main() { return 0;}' | gcc -x c -fstack-protector-all - >> >> Well, that would be terrible for those cross compiling :P > > well, i guess if you used $(CC) from whatever the cross environment is, > then you should be able to cross-build ok, right? not that anyone's > doing a lot of cross-compiling on hppa or alpha these days :) > > --dkg > > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev > _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
