Hello! > > Is there any hardening flag / cmake expert around who could help me > > get the hardening flags perfect in MariaDB 10.3? > Start with https://wiki.debian.org/Hardening#Notes_for_packages_using_CMake
I've read this section many times over but I don't get it. A workaround is presented but since we are on a new debhelper it is advised not to be used. It suggests using /usr/share/dpkg/buildflags.mk but since we already call default.mk the buildflags.mk should be included. There are some variables set, but since the cmake command does not include them, changes in them does not have an effect. There is no explanation about that flags do what and which are the relevant ones, so blindly just defining everything does not seem like a savvy solution. I would appreciate if you can pinpoint what is the missing flag exactly and what is now not passed to cmake correctly.. > > d/rules: > > https://salsa.debian.org/mariadb-team/mariadb-10.3/blob/master/debian/rules > One of the problems is using $(MAKE) instead of dh_auto_build and so on. > There are other problems in this file. Since the build command is constructed in the override_dh_auto_configure stanza this is the only way I am aware that I can pass it on to dh_auto_build. I am happy to try out alternative ways if you have concrete suggestions on how to refactor the d/rules file Thanks for pointers and help!
