On 2022-09-28 09:32 -0400, Jeffrey Walton wrote: > On Wed, Sep 28, 2022 at 3:24 AM Dominique MARTINET > <dominique.marti...@atmark-techno.com> wrote: > > ... > > Ugh, this is going to be a massive headache... > > Other distributions I've worked with (e.g. nixos) have a wrapper for gcc > > and clang that just enforce the flags they want the distro to be built > > with -- I don't think debian has anything like that, would that be > > easier to work with? My line of thinking is that there will only be a > > single place to fix instead of configure/cmake/meson and all hand-made > > build scripts that exist around here. > > Debian has dpkg-buildflags . Discussions about it show up when > discussing hardening, like [0]. > > [0] https://wiki.debian.org/Hardening#dpkg-buildflags
Right, and just changing it and rebuilding works very well. I did this for PAC (pointer authentication) support last year. Very few packages do not correctly honour dpkg-buildflags. In fact the only issue was that I unconditionally changed it so it got issued by some packages (like migw) for the wrong-arch compiler (because they were cross-building). One should be a bit smarter to unconditionally set an _arch-specific_ flag. dpkg-buildflags has functionality for this. See patch at bottom of: https://lists.debian.org/debian-dpkg/2022/05/msg00022.html Presumably the 'use 64-bit time_t' flag is the same for all arches, but may only exist on 32-bit arches? Wookey -- Principal hats: Debian, Wookware, ARM http://wookware.org/
signature.asc
Description: PGP signature
