Multi-arch for sdl-mixer1.2

Manuel A. Fernandez Montecelo manuel.montezelo at gmail.com
Mon Dec 5 20:21:00 UTC 2011


Hello all,

This is a question mostly for Felix, regarding commit:
http://anonscm.debian.org/gitweb/?p=pkg-sdl/packages/sdl-mixer1.2.git;a=commitdiff;h=8999362be044a0196f9443a4fcb9c93db5da8edc

Despite probably you were right about IRC that +pie +bindnow don't
affect at all if this library doesn't contain executables, I don't
know why you disabled hardening altogether.  AFAIK, including
hardening rules it's not only those two extra flags that I enabled
explicitly (copied from other package where I do have executables :)
).  There are other flags enabled for default, and they're also
useful:

http://web.dodds.net/~vorlon/wiki/blog/Debian:_not_stale_just_hardened/

"The biggest benefit, though, isn't in making it shorter to write a
rules file with the old, standard build options. The biggest benefit
is that dpkg-buildflags now also outputs build-hardening compiler and
linker flags by default on Debian. Specifically, using the new
interface lets you pick up all of these hardening flags for free:

-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -Wl,-z,relro

It also lets you get -fPIE and -Wl,-z,now by adding this one line to
your debian/rules (assuming you're using dh(1) and compat 9):

export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow"


Regards.



More information about the Pkg-sdl-maintainers mailing list