[hardening-discuss] Bug#596365: Bug#596365: hardening-wrapper: Consider unifying functionality of pentium-builder and apt-build wrappers.
Witold Baryluk
baryluk at smp.if.uj.edu.pl
Fri Sep 17 00:34:07 UTC 2010
On 09-10 20:54, Kees Cook wrote:
> Hi,
>
> On Fri, Sep 10, 2010 at 08:34:53PM +0200, Witold Baryluk wrote:
> > could you add for example simple mechanism:
> >
> > DEB_BUILD_HARDENING_CFLAGS_APPEND=...
> > DEB_BUILD_HARDENING_LDFLAGS_APPEND=...
> > DEB_BUILD_HARDENING_CXXFLAGS_APPEND=...
> > DEB_BUILD_HARDENING_FFLAGS_APPEND=...
>
> Perhaps hardening-includes is the package you need? It defines things like
> this already. Or are you asking for something different?
Hmm. But usage of hardening-includes involves explicit modification od debian/rules,
and i was hoping it is possible to just export environment variable
DEB_BUILD_HARDENING=1, and even withot changed wrapper will nacassary options
to the gcc. (eventually after adding nacasarly dir to PATH variable,
to make wrapper be befor real compiler).
Will look at current mechanism.
(I also thinkes slightly about this 4 _APPEND flag, I think also additional
_PREPEND flags would be nacassary, as I know order of option does matter
in gcc, and later option have bigger priority, and some options,
should be possible to override explicitly in Makefiles).
THanks,
Witek
--
Witold Baryluk
JID: witold.baryluk // jabster.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/hardening-discuss/attachments/20100917/e9fbc81c/attachment.pgp>
More information about the hardening-discuss
mailing list