> On Sun, Jan 19, 2014 at 3:47 AM, Sebastien Badia <s...@sebian.fr> wrote: > >> I still have a lintian warning about « hardening-no-relro », >> but I don't known how to fix it :-/ >
Hi Sebastian, I used your package libx86emu as example. See the attached patch for your file friendly-makefile.patch. I put the $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) variables at the line that compiles the library. Then, the gcc will receive these adtional parameters: JAULA-root@canopus:/tmp/libx86emu/libx86emu-1.4# dpkg-buildflags --get CPPFLAGS -D_FORTIFY_SOURCE=2 JAULA-root@canopus:/tmp/libx86emu/libx86emu-1.4# dpkg-buildflags --get CFLAGS -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security JAULA-root@canopus:/tmp/libx86emu/libx86emu-1.4# dpkg-buildflags --get LDFLAGS -Wl,-z,relro You can read more at https://wiki.debian.org/Hardening. I hope this help. Cheers, Eriberto
--- libx86emu-1.4_friendly-makefile.patch.orig 2014-01-19 12:07:54.550876791 -0200 +++ libx86emu-1.4_friendly-makefile.patch 2014-01-19 12:08:35.270875095 -0200 @@ -67,6 +67,15 @@ shared: $(LIB_NAME) +@@ -43,7 +46,7 @@ + install -m 644 -D include/x86emu.h $(DESTDIR)/usr/include/x86emu.h + + $(LIB_NAME): .depend $(OBJS) +- $(CC) -shared -Wl,-soname,$(LIB_SONAME) $(OBJS) -o $(LIB_NAME) ++ $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -Wl,-soname,$(LIB_SONAME) $(OBJS) -o $(LIB_NAME) + + test: + make -C test @@ -52,9 +55,16 @@ make -C test clean rm -f *.o *~ include/*~ *.so.* .depend
