[libkate] 01/01: Do hardening the old way until we upgrade to dh 9.
Martin Steghöfer
martin at steghoefer.eu
Fri Oct 24 14:19:02 UTC 2014
Martin Steghöfer wrote:
> Petter Reinholdtsen wrote:
>> [Martin Steghöfer]
>>> Do hardening the old way until we upgrade to dh 9.
>> This do not seem to work. At least lintian report this when I build
>> in pbuilder:
>>
>> E: libkate source: build-depends-on-obsolete-package build-depends:
>> python-support => use dh_python2 instead
>> [...]
>> W: libkate1: hardening-no-relro usr/lib/libkate.so.1.3.0
>> [...]
>> I: libkate1: hardening-no-fortify-functions usr/lib/libkate.so.1.3.0
>> [...]
>> W: libkate-tools: hardening-no-relro usr/bin/katalyzer
>> [...]
>> I: libkate-tools: hardening-no-fortify-functions usr/bin/katalyzer
>> W: libkate-tools: hardening-no-relro usr/bin/katedec
>> I: libkate-tools: hardening-no-fortify-functions usr/bin/katedec
>> W: libkate-tools: hardening-no-relro usr/bin/kateenc
>> I: libkate-tools: hardening-no-fortify-functions usr/bin/kateenc
>> E: libkate-tools: depends-on-obsolete-package depends: python-support
>> (>= 0.90.0) => use dh_python2 instead
>> [...]
>> W: liboggkate1: hardening-no-relro usr/lib/liboggkate.so.1.2.2
>>
>> Is this working for you.
>
> Yes, this works for me with pbuilder. The old revision 283fc67b showed
> me the same hardening warnings, but after the changes in 65850d50
> lintian keeps quiet for me.
>
> Will look into it...
Hmmm, running "blhc --all" on the build log confirms the efficacy of the
changes (in my build). No relro flags before, relro flags present after
the hardening changes in debian/rules. I also see them in the build log
itself.
We can get additional hardening flags by defining
"export DEB_BUILD_MAINT_OPTIONS:=hardening=+all"
before the
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
But the additional flags don't seem to be related at all to the warnings
you are still getting. Will commit them anyway, more hardening is better.
Not sure what's different between your pbuilder setup and mine...
Cheers,
Martin
More information about the pkg-xiph-maint
mailing list