On Thu, 28 Aug 2014 14:32:32 +0600, Andrey Rahmatullin wrote: > On Thu, Aug 28, 2014 at 12:50:23AM +0000, T o n g wrote: >> >> Please help me fix the lintian "hardening-no-relro" problem. My code >> >> is at https://github.com/suntong001/histring (it is *very* small). >> > The proper way is just to bump debian/compat to 9. >> > >> >> I tried to ... >> >> +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk >> >> +CFLAGS += -Wextra + >> >> all: histring >> >> >> >> histring: histring.c getopt.c getopt1.c getopt.h >> > These lines are for debian/rules, not for the upstream Makefile (they >> > are unnecessary when using dh(1) with compat 9 though). >> >> I bumped up the compat level to 9, >> https://github.com/suntong001/histring/commits/master >> https://github.com/suntong001/histring/ >> commit/6708b109133d63fec73f8113b8b644390adfeb4e but am still getting >> the "hardening-no-relro" problem. >> >> The build environment is latest sid. Is there anything else? > Please show the build log or publish a source package so that other > people could reproduce the build.
Ok, just for problem-solving purpose, the source package is at http://mentors.debian.net/debian/pool/main/h/histring/histring_1.1.0-2.dsc This is a minimum-fixed version, ie, there are still lots of issues unfixed, but source package is available. I do have the maximum-fixed version, at https://github.com/suntong001/histring/, where only the hardening-no-relro problem is left unfixed (for the binary package). Make your pick. For the minimum-fixed version, the one from source package, here is the binary package build log: $ debuild -i -us -uc -b dpkg-buildpackage -rfakeroot -D -us -uc -i -b dpkg-buildpackage: warning: using a gain-root-command while being root dpkg-buildpackage: source package histring dpkg-buildpackage: source version 1.1.0-1 dpkg-buildpackage: source distribution unstable dpkg-buildpackage: source changed by Michael Prokop <m...@grml.org> dpkg-source -i --before-build histring-1.1.0 dpkg-buildpackage: host architecture amd64 fakeroot debian/rules clean dh_testdir dh_testroot rm -f build-stamp # Add here commands to clean up after the build process. /usr/bin/make distclean make[1]: Entering directory '/export/build/pkg/histring/bld/ histring-1.1.0' make[1]: *** No rule to make target 'distclean'. Stop. make[1]: Leaving directory '/export/build/pkg/histring/bld/ histring-1.1.0' debian/rules:41: recipe for target 'clean' failed make: [clean] Error 2 (ignored) dh_clean debian/rules build dh_testdir # Add here commands to configure the package. ./configure --host=x86_64-linux-gnu --build=x86_64-linux-gnu creating cache ./config.cache checking for a BSD compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking whether make sets ${MAKE}... yes checking for working aclocal... found checking for working autoconf... found checking for working automake... found checking for working autoheader... found checking for working makeinfo... missing checking for gcc... gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... yes checking whether gcc accepts -g... yes checking how to run the C preprocessor... gcc -E checking for a BSD compatible install... /usr/bin/install -c checking for getopt_long... yes checking for string.h... yes checking for unistd.h... yes checking for stdlib.h... yes checking for errno.h... yes checking for ctype.h... yes checking for getopt.h... yes checking for stdio.h... yes checking for string.h... (cached) yes checking for regex.h... yes checking for getopt... yes checking for getopt_long... (cached) yes checking whether user wants debugging support... no updating cache ./config.cache creating ./config.status creating Makefile creating config.h dh_testdir # Add here commands to compile the package. /usr/bin/make make[1]: Entering directory '/export/build/pkg/histring/bld/ histring-1.1.0' gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c histring.c gcc -g -O2 -o histring histring.o make[1]: Leaving directory '/export/build/pkg/histring/bld/ histring-1.1.0' touch build-stamp fakeroot debian/rules binary dh_testdir dh_testroot dh_clean -k dh_clean: dh_clean -k is deprecated; use dh_prep instead dh_installdirs usr/bin # Add here commands to install the package into debian/histring. install -m 755 histring debian/histring/usr/bin/histring dh_testdir dh_testroot dh_installchangelogs dh_installdocs README dh_installexamples dh_installman debian/histring.1 dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb dpkg-deb: building package `histring' in `../histring_1.1.0-1_amd64.deb'. dpkg-genchanges -b >../histring_1.1.0-1_amd64.changes dpkg-genchanges: binary-only upload - not including any source code dpkg-source -i --after-build histring-1.1.0 dpkg-buildpackage: binary-only upload (no source included) Now running lintian... warning: the authors of lintian do not recommend running it with root privileges! W: histring: hardening-no-relro usr/bin/histring W: ... For the maximum-fixed version, the one from github, here is the binary package build log: $ debuild -i -us -uc -b dpkg-buildpackage -rfakeroot -D -us -uc -i -b dpkg-buildpackage: warning: using a gain-root-command while being root dpkg-buildpackage: source package histring dpkg-buildpackage: source version 1.1.0-2 dpkg-buildpackage: source distribution unstable dpkg-buildpackage: source changed by Tong Sun <suntong...@users.sourceforge.net> dpkg-source -i --before-build histring-1.1.0 dpkg-buildpackage: host architecture amd64 fakeroot debian/rules clean dh clean dh_testdir dh_auto_clean make[1]: Entering directory '/export/build/pkg/histring/bld/ histring-1.1.0' rm -f *.o *~ make[1]: Leaving directory '/export/build/pkg/histring/bld/ histring-1.1.0' dh_clean debian/rules build dh build dh_testdir dh_auto_configure dh_auto_build make[1]: Entering directory '/export/build/pkg/histring/bld/ histring-1.1.0' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/export/build/pkg/histring/bld/ histring-1.1.0' dh_auto_test fakeroot debian/rules binary dh binary dh_testroot dh_prep dh_auto_install make[1]: Entering directory '/export/build/pkg/histring/bld/ histring-1.1.0' /usr/bin/install -c -m 755 -d /export/build/pkg/histring/bld/ histring-1.1.0/debian/histring/usr/bin /usr/bin/install -c -m 755 -d /export/build/pkg/histring/bld/ histring-1.1.0/debian/histring/usr/share/man/man1 /usr/bin/install -c -m 755 -s histring /export/build/pkg/histring/bld/ histring-1.1.0/debian/histring/usr/bin /usr/bin/install -c -m 644 debian/histring.1 /export/build/pkg/histring/ bld/histring-1.1.0/debian/histring/usr/share/man/man1 make[1]: Leaving directory '/export/build/pkg/histring/bld/ histring-1.1.0' dh_installdocs dh_installchangelogs dh_installman dh_perl dh_link dh_compress dh_fixperms dh_strip dh_makeshlibs dh_shlibdeps dh_installdeb dh_gencontrol dh_md5sums dh_builddeb dpkg-deb: building package `histring' in `../histring_1.1.0-2_amd64.deb'. dpkg-genchanges -b >../histring_1.1.0-2_amd64.changes dpkg-genchanges: binary-only upload - not including any source code dpkg-source -i --after-build histring-1.1.0 dpkg-buildpackage: binary-only upload (no source included) Now running lintian... warning: the authors of lintian do not recommend running it with root privileges! W: histring: hardening-no-relro usr/bin/histring Finished running lintian. Thanks for your help! -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ltovoc$n2l$1...@ger.gmane.org
