[libkate] 01/01: Do hardening the old way until we upgrade to dh 9.

[Martin Steghöfer]

Martin Steghöfer wrote:
> Petter Reinholdtsen wrote:
>> [Martin Steghöfer]
>>>      Do hardening the old way until we upgrade to dh 9.
>> This do not seem to work.  At least lintian report this when I build
>> in pbuilder:
>>
>> E: libkate source: build-depends-on-obsolete-package build-depends: 
>> python-support => use dh_python2 instead
>> [...]
>> W: libkate1: hardening-no-relro usr/lib/libkate.so.1.3.0
>> [...]
>> I: libkate1: hardening-no-fortify-functions usr/lib/libkate.so.1.3.0
>> [...]
>> W: libkate-tools: hardening-no-relro usr/bin/katalyzer
>> [...]
>> I: libkate-tools: hardening-no-fortify-functions usr/bin/katalyzer
>> W: libkate-tools: hardening-no-relro usr/bin/katedec
>> I: libkate-tools: hardening-no-fortify-functions usr/bin/katedec
>> W: libkate-tools: hardening-no-relro usr/bin/kateenc
>> I: libkate-tools: hardening-no-fortify-functions usr/bin/kateenc
>> E: libkate-tools: depends-on-obsolete-package depends: python-support 
>> (>= 0.90.0) => use dh_python2 instead
>> [...]
>> W: liboggkate1: hardening-no-relro usr/lib/liboggkate.so.1.2.2
>>
>> Is this working for you.
>
> Yes, this works for me with pbuilder. The old revision 283fc67b showed 
> me the same hardening warnings, but after the changes in 65850d50 
> lintian keeps quiet for me.
>
> Will look into it...

Hmmm, running "blhc --all" on the build log confirms the efficacy of the 
changes (in my build). No relro flags before, relro flags present after 
the hardening changes in debian/rules. I also see them in the build log 
itself.

We can get additional hardening flags by defining
   "export DEB_BUILD_MAINT_OPTIONS:=hardening=+all"
before the
   DPKG_EXPORT_BUILDFLAGS = 1
   include /usr/share/dpkg/buildflags.mk
But the additional flags don't seem to be related at all to the warnings 
you are still getting. Will commit them anyway, more hardening is better.

Not sure what's different between your pbuilder setup and mine...

Cheers,
Martin