Control: tags -1 moreinfo ElĂas Alejandro: > Package: debhelper > Version: 12 > Severity: normal > > Dear Maintainer, > I was updating Goodvibes package who works with meson build system however I > get errors > after build because the hardening flags not append properly. I'm attaching the > build log. > > debian/rules > ------------ > #!/usr/bin/make -f > export DEB_BUILD_MAINT_OPTIONS = hardening=+all > export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic > export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed > > %: > dh $@ --buildsystem=meson > > override_dh_installchangelogs: > dh_installchangelogs NEWS > > [...]
Hi, >From a quick glance, it seems the problem is in the package. The logs shows that meson is aware of the hardening flags passed by debhelper: """ > dh_auto_configure -O--buildsystem=meson > cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 meson .. > --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc > --localstatedir=/var --libdir=lib/x86_64-linux-gnu > The Meson build system > Version: 0.49.1 > Source dir: /build/goodvibes-0.4.2 > Build dir: /build/goodvibes-0.4.2/obj-x86_64-linux-gnu > Build type: native build > Project name: goodvibes > Project version: 0.4.2 > Appending CFLAGS from environment: '-g -O2 > -fdebug-prefix-map=/build/goodvibes-0.4.2=. -fstack-protector-strong -Wformat > -Werror=format-security -Wall -pedantic' > Appending LDFLAGS from environment: '-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' > Appending CPPFLAGS from environment: '-Wdate-time -D_FORTIFY_SOURCE=2' > Native C compiler: cc (gcc 8.2.1 "cc (Debian 8.2.0-17) 8.2.1 20190204") """ But then later, there are some compiler invocations without those flags: """> [8/79] cc -Isrc/libcaphe/e0b4bd9@@caphe@sta -Isrc/libcaphe -I../src/libcaphe -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid -I/usr/include/gio-unix-2.0 -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -std=gnu99 -Wshadow -fPIC -pthread '-DG_LOG_DOMAIN="Caphe"' -MD -MQ 'src/libcaphe/e0b4bd9@@caphe@sta/caphe.c.o' -MF 'src/libcaphe/e0b4bd9@@caphe@sta/caphe.c.o.d' -o 'src/libcaphe/e0b4bd9@@caphe@sta/caphe.c.o' -c ../src/libcaphe/caphe.c > [9/79] cc -Isrc/libcaphe/e0b4bd9@@caphe@sta -Isrc/libcaphe -I../src/libcaphe > -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include > -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid > -I/usr/include/gio-unix-2.0 -fdiagnostics-color=always -pipe > -D_FILE_OFFSET_BITS=64 -std=gnu99 -Wshadow -fPIC -pthread > '-DG_LOG_DOMAIN="Caphe"' -MD -MQ > 'src/libcaphe/e0b4bd9@@caphe@sta/caphe-cup.c.o' -MF > 'src/libcaphe/e0b4bd9@@caphe@sta/caphe-cup.c.o.d' -o > 'src/libcaphe/e0b4bd9@@caphe@sta/caphe-cup.c.o' -c ../src/libcaphe/caphe-cup.c > [10/79] cc -Isrc/libcaphe/e0b4bd9@@caphe@sta -Isrc/libcaphe -I../src/libcaphe > -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include > -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/uuid > -I/usr/include/gio-unix-2.0 -fdiagnostics-color=always -pipe > -D_FILE_OFFSET_BITS=64 -std=gnu99 -Wshadow -fPIC -pthread > '-DG_LOG_DOMAIN="Caphe"' -MD -MQ > 'src/libcaphe/e0b4bd9@@caphe@sta/caphe-dbus-invokator.c.o' -MF > 'src/libcaphe/e0b4bd9@@caphe@sta/caphe-dbus-invokator.c.o.d' -o > 'src/libcaphe/e0b4bd9@@caphe@sta/caphe-dbus-invokator.c.o' -c > ../src/libcaphe/caphe-dbus-invokator.c """ This leaves me to believe that the bug is caused by the upstream packaging not forwarding the hardening flags by default. Thanks, ~Niels
