On 20 October 2013 at 15:07, Julian Gilbey wrote: | Package: r-base-dev | Version: 3.0.2-1 | | I have just built r-cran-raschsampler, and lintian moans: the build | log contains the following: | | make[1]: Entering directory `/home/jdg/debian/raschsampler/build-area/raschsampl | er-0.8-6/src' | gfortran -fpic -O3 -pipe -g -c RaschSampler.f90 -o RaschSampler.o | gfortran -shared -o RaschSampler.so RaschSampler.o -L/usr/lib/R/lib -lR | | and then lintian says: | | W: r-cran-raschsampler: hardening-no-relro usr/lib/R/site-library/RaschSampler/libs/RaschSampler.so | | When I run dpkg-buildflags, the output is: | | CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security | CPPFLAGS=-D_FORTIFY_SOURCE=2 | CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security | FFLAGS=-g -O2 | LDFLAGS=-Wl,-z,relro | | I have poked through cdbs, and it seems to use the dpkg-buildflags | program to figure out the default build flags, so somewhere, somehow, | that is either being ignored or overwritten. But I haven't had the | time to figure out where, unfortunately.
Try $ cat /usr/share/R/debian/r-cran.mk Patches and testing welcome. This r-cran.mk file is used by what must now be ~ 200 packages so this may be useful to have, but I am personally not too worried about hardening of R add-on packages. Dirk | It would be good to look into this, so that binaries are hardened. | | Julian -- Dirk Eddelbuettel | e...@debian.org | http://dirk.eddelbuettel.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
