On Fri, Feb 17, 2012 at 12:36:21PM +0200, Niko Tyni wrote:
(cc's trimmed for the implementation details)
> If we have consensus on that, the way forward as I see it:
Dominic, I'm not sure if you're fine with that plan?
> - prepare a perl upload in unstable that is built with the hardened flags
> but doesn't export them through Config.pm
Here's my first try at this. It works, but I'm not really happy with it.
My hack time is fairly limited ATM and I haven't got any further just
by glaring at it, so it's probably better to share this anyway.
Problems/thoughts:
- we're invoking dpkg-buildflags in two places (debian/rules and
debian/config.debian), and if the invocations go out of sync we get
a silent failure.
- not sure if we should blindly remove the dpkg-buildflags output
from every line in Config_heavy.pm or just the ones we care about
(i.e. ccflags, ld(dl?)flags)
- should we be defensive against a situation where dpkg-buildflags
returns something short and generic (like " " or "-g")? If we should,
the "blindly" part above becomes much less attractive
- I'd love to delegate the -Doptimize handling to dpkg-buildflags
instead of doing it manually, but that way we end up stripping the
default optimize flags from Perl modules in the same way as the
hardening flags, which is probably not good.
Ideas/patches welcome.
--
Niko
>From c00d69add54d6da1765927462ef924cc5e608089 Mon Sep 17 00:00:00 2001
From: Niko Tyni <nt...@debian.org>
Date: Fri, 17 Feb 2012 23:24:50 +0200
Subject: [PATCH] Massage Config_heavy.pm after the build to remove
dpkg-buildflags effects
We don't want to force ccflags and lddlflags on all packages at this stage.
---
debian/changelog | 3 +++
debian/rules | 10 ++++++++++
2 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 6b155b2..c0b62da 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,9 @@ perl (5.14.2-9) UNRELEASED; urgency=low
[ Niko Tyni ]
* No longer disable the 'pie' build flags: the implementation was
overwriting DEB_BUILD_MAINT_OPTIONS altogether.
+ * Massage Config_heavy.pm after the build to remove dpkg-buildflags
+ effects on ccflags and lddlflags; we don't want to force them on
+ all packages at this stage.
-- Dominic Hargreaves <d...@earth.li> Tue, 14 Feb 2012 19:38:31 +0000
diff --git a/debian/rules b/debian/rules
index 2c5075e..69ef967 100755
--- a/debian/rules
+++ b/debian/rules
@@ -132,6 +132,16 @@ install-stamp: build-stamp
-e 's/^(man3ext=).*/$$1'\''3pm'\''/;' \
$(lib)/Config.pm $(lib)/Config_heavy.pl
+ # remove dpkg-buildflags effects from %Config
+ # see #657853
+ if which dpkg-buildflags >/dev/null 2>&1; then \
+ ccflags="$(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS)"; \
+ ldflags="$(shell dpkg-buildflags --get LDFLAGS)"; \
+ ./perl.static -i -pe "/^ccflags/ and s/\Q$$ccflags//;\
+ /^ld(dl)?flags/ and s/\Q$$ldflags//" \
+ $(lib)/Config.pm $(lib)/Config_heavy.pl; \
+ fi
+
# convert required header files
-cd /usr/include; $(srcdir)/perl.static -I $(srcdir)/lib \
$(srcdir)/utils/h2ph -a -d $(srcdir)/$(lib) \
