debhelper, source format and hardening status

[Martin Steghöfer]

Petter Reinholdtsen wrote:
> [Martin Steghöfer]
>> Petter Reinholdtsen wrote:
>>> Hardening is not enabled for all packages (not sure how to check that,
>>> so that status is not included above).  Should we try to get hardening
>>> into more packages in Jessie?
>> Well, the lintian complaints can be a first indicator.
> Sure, but the for loop only look inside the source. :)

True that, I ran it on the build directories (located next to the 
sources) from within the same loop: lintian ../build-area/*.deb

I don't think there is any way to extract that information from the 
source directory, there are just too many factors that matter there.

>> I've just fixed the last lintian warning about hardening (in
>> oggvideotools).
> Great. :)
>
> Any idea what the debug symbol problem reported by valgrind is?

You mean, what it *was*. It disappeared, when I added the hardening.

The problem was that the debian/rules doesn't call dh_auto_configure 
(which would set build flags environment variables), but instead calls 
cmake directly. So no build flags were set at all, which means that 
CMake just built with its default Release configuration: Without debug 
symbols. So the debug package was empty and I suspect it has been that 
way for a long time in the Debian archives. Now that I include 
/usr/share/dpkg/buildflags.mk with DPKG_EXPORT_BUILDFLAGS set, the build 
flags are defined in the whole debian/rules file, so CMake picks them 
up, even without using dh_auto_configure.

I'll try to reintroduce dh_auto_configure after the freeze. It actually 
supports CMake quite well, I don't think there is a need for manual 
crafting here. Besides, using dh7's "dh" command I guess the rules file 
can be shorter. It's quite complicated.

Cheers,
Martin