[debhelper-devel] Bug#800012: Bug#800012: debhelper: please call dpkg-buildflags --status on build
Niels Thykier
niels at thykier.net
Sat Sep 26 07:17:00 UTC 2015
Control: tags -1 moreinfo
On 2015-09-25 11:35, Simon Ruderich wrote:
> Package: debhelper
> Version: 9.20150811
> Severity: normal
> Tags: patch
>
> Hello,
>
> blhc is used in the buildd log scanner [1] to detect missing
> compiler (hardening) flags. At the moment only the default flags
> provided by dpkg-buildflags are verified as blhc can't detect
> additional flag options specified in debian/rules (e.g.
> hardening=+pie or hardening=-fortify to exclude hardening flags).
> Since dpkg 1.16.5 dpkg-buildflags supports a --status option
> which displays the current settings.
>
> Please call dpkg-buildflags --status when building a package.
>
> The attached patch tries to implement it for the `dh` binary,
> thus supporting (only) the new dh short rules, but I'm not sure
> if this is the best way to handle it.
>
> Would it be possible to also call dpkg-buildflags --status when
> using only the traditional dh_* commands?
>
> Regards
> Simon
>
> [1]: https://qa.debian.org/bls/
>
> [...]
Hi Simon,
Thanks for your interest in improving debhelper.
To be honest, I am quite conflicted with this change.
* Adding it directly in dpkg-buildpackage would give you a lot better
coverage.
- Have you proposed this to the dpkg maintainers?
* Even if it was put in dh, you will only get the packages using dh and
not debhelper (as you note yourself).
- I do not see a good way to improve this. There is no "obvious"
hook or command called by "all" traditional debhelper builds, where
it would make sense to put this.
* The logic even in dh feels a bit out of place at first glance.
Thanks,
~Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20150926/3376af49/attachment-0001.sig>
More information about the debhelper-devel
mailing list