Package: cdbs
Severity: important
Tags: patch
Hello,
To modify hardening flags dpkg-buildflags uses the
DEB_BUILD_MAINT_OPTIONS environmental variable. For example to
enable all hardening flags the maintainer can set it in
debian/rules:
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
include /usr/share/cdbs/1/...
...
But $(shell ...) doesn't inherit exported variables, thus at the
moment it's not possible to use DEB_BUILD_MAINT_OPTIONS to modify
dpkg-buildflags hardening flags in cdbs.
The attached patch fixes this and passes DEB_BUILD_MAINT_OPTIONS
to dpkg-buildflags, but I'm not sure if it's the best way to do
it.
Regards,
Simon
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- cdbs-0.4.100/1/class/langcore.mk.in.orig 2011-12-13 17:30:45.000000000 +0100
+++ cdbs-0.4.100/1/class/langcore.mk.in 2011-12-13 17:31:46.000000000 +0100
@@ -24,10 +24,12 @@
# Resolve our defaults
ifneq (,$(wildcard /usr/bin/dpkg-buildflags))
-deb_cflags := $(shell dpkg-buildflags --get CFLAGS)
-deb_cppflags := $(shell dpkg-buildflags --get CPPFLAGS)
-deb_cxxflags := $(shell dpkg-buildflags --get CXXFLAGS)
-deb_ldflags := $(shell dpkg-buildflags --get LDFLAGS)
+# We need to pass (at least) DEB_BUILD_MAINT_OPTIONS to dpkg-buildflags so
+# package maintainers can enable/disable hardening flags.
+deb_cflags := $(shell DEB_BUILD_MAINT_OPTIONS="$(DEB_BUILD_MAINT_OPTIONS)" dpkg-buildflags --get CFLAGS)
+deb_cppflags := $(shell DEB_BUILD_MAINT_OPTIONS="$(DEB_BUILD_MAINT_OPTIONS)" dpkg-buildflags --get CPPFLAGS)
+deb_cxxflags := $(shell DEB_BUILD_MAINT_OPTIONS="$(DEB_BUILD_MAINT_OPTIONS)" dpkg-buildflags --get CXXFLAGS)
+deb_ldflags := $(shell DEB_BUILD_MAINT_OPTIONS="$(DEB_BUILD_MAINT_OPTIONS)" dpkg-buildflags --get LDFLAGS)
else
# TODO: Use above unconditionally when oldstable has dpkg >= 1.15.7
deb_cflags = -g
