On 01/01/2012 11:30 PM, Rogier Wolff wrote:
Hi,
I don't have a debian/rules in my "upstream" distribution.
Should I grab a copy somewhere and start distributing it?
Nah. This flag-adding mechanism is a debian-specific build thing.
However, the hardening flags that it adds are not debian-specific and
you might want to look over the list of them and see if you want to
include any. On my amd64 system they are currently:
CFLAGS="-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security"
CPPFLAGS="-D_FORTIFY_SOURCE=2" CXXFLAGS="-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security" FFLAGS="-g -O2" LDFLAGS="-Wl,-z,relro"
For reference, the debian/ folder (and any patches to your source that
Debian adds - there currently aren't any since you've integrated all of
them) are in the .diff.gz patch that Debian distributes along with the
.orig.tar.gz source.
Moritz: What's the best method (if you're aware of one) to allow a
package to still build on debian stable after these changes? As far as I
can tell, --export=configure isn't in stable's dpkg-buildflags,
/usr/share/dpkg/buildflags.mk isn't in stable, debhelper compat level 9
isn't in stable, etc.
--
Robert Woodcock - r...@debian.org
"We've worked with our purchasing team to bring in many companies to
compete on our main cabin tidbit item (pretzels). To date, no one has
been able to match our current cost, about 3 cents per package."
-- US Airways management
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
