[Reproducible-commits] [dpkg] 44/105: debian: Enable all hardening flags

Niko Tyni ntyni at moszumanska.debian.org
Mon May 2 13:49:51 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.

commit e49be6015dcdcc3ef62ab6bbf58de5053e7dd8ad
Author: Guillem Jover <guillem at debian.org>
Date:   Mon Mar 28 00:46:36 2016 +0200

    debian: Enable all hardening flags
    
    Starting with gcc-5 there is no performance loss when enabling PIE on
    i386, so there is no point in not enabling it.
    
    Ref: https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode
---
 debian/changelog | 3 +++
 debian/rules     | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 90be6f7..531bf19 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -92,6 +92,9 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
     - Add a configuration summary to configure output.
     - Make git log invocation immune to local configuration.
     - Do not require passing the perl interpreter to run-script.
+  * Packaging:
+    - Enable all hardening flags, starting with gcc-5 there is no performance
+      loss anymore when enabling PIE on i386.
   * Test suite:
     - Add a unit test to compile perl code with warnings.
     - Add a unit test for the trigger deferred parser.
diff --git a/debian/rules b/debian/rules
index bc371d1..5d515e8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,11 +8,11 @@ WFLAGS := -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers
 # XXX: Stack Protector Strong is only available in gcc >= 4.9
 cc_version = $(shell $(CC) -dumpversion 2>/dev/null)
 cc_version_lt = $(shell dpkg --compare-versions "$(cc_version)" lt-nl "$(1)" && echo yes)
-hardening_old = DEB_BUILD_MAINT_OPTIONS="hardening=-stackprotectorstrong"
+hardening_old = $(if $(call cc_version_lt,4.9),-stackprotectorstrong)
 
 # Use the in-tree dpkg-buildflags
 dpkg_buildflags = \
-	$(if $(call cc_version_lt,4.9),$(hardening_old)) \
+	DEB_BUILD_MAINT_OPTIONS="hardening=+all,$(hardening_old)" \
 	DEB_CFLAGS_MAINT_APPEND="$(WFLAGS)" \
 	DEB_CXXFLAGS_MAINT_APPEND="$(WFLAGS)" \
 	$(CURDIR)/run-script scripts/dpkg-buildflags.pl

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list