[hardening-discuss] Bug#752717: hardening-wrapper: disable standard hardening flags for test suite
Romain Francoise
rfrancoise at debian.org
Wed Jun 25 20:51:01 UTC 2014
Package: src:hardening-wrapper
Version: 2.5
User: rfrancoise at debian.org
Usertags: ftbfs-sps
Building hardening-wrapper with a patched dpkg-dev which emits
-fstack-protector-strong shows that the test suite binaries are built
with the standard dpkg-buildflags hardening flags in addition to h-w's
own flags which are being tested. This seems unintentional, the standard
hardening flags should probably be disabled as follows:
diff -Nru hardening-wrapper-2.5/debian/rules hardening-wrapper-2.6/debian/rules
--- hardening-wrapper-2.5/debian/rules 2012-03-31 22:46:15.000000000 +0200
+++ hardening-wrapper-2.6/debian/rules 2014-06-25 22:37:30.000000000 +0200
@@ -1,3 +1,4 @@
#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS=hardening=-all
%:
dh $@
For an example failed build, see http://aws-logs.debian.net/ftbfs-logs/buildflags/logs-failed-buildflags/hardening-wrapper_2.5_unstable_buildflags.log
Thanks,
--
Romain Francoise <rfrancoise at debian.org>
http://people.debian.org/~rfrancoise/
More information about the hardening-discuss
mailing list