Hallo, * Guillaume Delacour [Sun, Sep 07 2014, 08:54:13PM]: > Le dimanche 07 septembre 2014 à 03:40 +0200, Guillaume Delacour a > écrit : > > Package: apt-cacher-ng > > Version: 0.7.27-1 > > Severity: important > > Tags: patch > > User: hardening-disc...@lists.alioth.debian.org > > Usertags: goal-hardening > > > > Hello, > > > > Please find attached a patch that enable all hardening flags in your > > package. > > > > Although apt-cacher-ng use dh/9, CPPFLAGS (fortify) was not enabled. > > Besides since debhelper 0.9.20120417 handle the workaround appending > > CPPFLAGS to CXXFLAGS, i still had to do (i've not investigated though). > > I've also enabled the optionals pie and bindnow. > > debhelper must handle the situation > (/usr/share/perl5/Debian/Debhelper/Buildsystem/cmake.pm, sub configure) > and enable verbose compiler command lines, there is a problem somewhere > (due to package or in debhelper itself). As it concerns some other > packages, i'll take a look and report back.
Uhm... I have a wrapper GNUMakefile there for convenience, which builds the source out-of-source-tree and also extends CXXFLAGS as needed. Maybe that's the reason why tweaking CMake internal variables is not really effective. And I guess that this method is not uncommon since CMake tends to be very messy and the best way to get reproducible builds actually to make OOST builds and wipe the directory on cleaning. Regards, Eduard. -- Hallo Sonntagsspaziergänger!
signature.asc
Description: Digital signature
