[Pkg-shadow-commits] r3679 - debian/trunk/debian

Nicolas FRANÇOIS nekral-guest at alioth.debian.org
Tue Jan 24 22:23:07 UTC 2012 

Author: nekral-guest
Date: 2012-01-24 22:23:06 +0000 (Tue, 24 Jan 2012)
New Revision: 3679

Modified:
   debian/trunk/debian/changelog
   debian/trunk/debian/rules
Log:
  * debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
    hardening flags set. Closes: #657010


Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog	2012-01-24 19:36:45 UTC (rev 3678)
+++ debian/trunk/debian/changelog	2012-01-24 22:23:06 UTC (rev 3679)
@@ -92,12 +92,14 @@
     with gcov to avoid coverage false negatives. This does not impact the
     debian binary package, only the test package.
   * debian/control: Add Build-Depends on libsemanage1-dev [linux-any]
+  * debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
+    hardening flags set. Closes: #657010
 
   [ Christian Perrier ]
   * Use "linux-any" instead of a negated list of architectures in
     Build-Depends. Closes: #634465
 
- -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sat, 19 Nov 2011 16:57:55 +0100
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Tue, 24 Jan 2012 20:06:43 +0100
 
 shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
 

Modified: debian/trunk/debian/rules
===================================================================
--- debian/trunk/debian/rules	2012-01-24 19:36:45 UTC (rev 3678)
+++ debian/trunk/debian/rules	2012-01-24 22:23:06 UTC (rev 3679)
@@ -8,6 +8,16 @@
 override DEB_ARCH_PACKAGES=passwd
 endif
 
+# To be set before loading any CDBS files (#651964)
+#CDBS_FIX_COMPILE_FLAGS = 1
+# Enable PIE, BINDNOW, and possible future flags.
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+# Unfortunately, this is not working (#651966), set flags manually
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
 include /usr/share/cdbs/1/rules/debhelper.mk
 # Specify where dh_install will find the files that it needs to move:
 DEB_DH_INSTALL_SOURCEDIR=debian/tmp
@@ -32,14 +42,6 @@
 # Automatically controls patching at build time:
 include /usr/share/cdbs/1/rules/patchsys-quilt.mk
 
-CFLAGS = -g -W -Wall
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS += -O0
-else
-  CFLAGS += -O2
-endif
-export CFLAGS
-
 # Add extras to the install process:
 binary-install/login::
 	dh_installpam -p login

More information about the Pkg-shadow-commits mailing list