* Laszlo Kajan <[email protected]>, 2012-08-17, 18:50:
Lintian says:
W: python-librcsb-core-wrapper: hardening-no-fortify-functions
usr/lib/python2.6/dist-packages/CorePyWrap.so
W: python-librcsb-core-wrapper: hardening-no-fortify-functions
usr/lib/python2.7/dist-packages/CorePyWrap.so
which might be false-positive, but on the other hand blhc seems to confirm that
*FLAGS are lost somewhere:
CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): libtool --mode=compile gcc
-D_FORTIFY_SOURCE=2 -O -fPIC -DHAVE_STRCASECMP -DINCL_TEMPLATE_SRC
-DHAVE_PLACEMENT_NEW -I./include -I../include -DPOSIX_MISTAKE -c
src/regcomp.c -o ./obj/regcomp.o
[snip - more complaints about CFLAGS missing]
LDFLAGS missing (-Wl,-z,relro): g++ -D_FORTIFY_SOURCE=2 -w -L/usr/lib
obj/xml2mmcif.o ../lib/pdbml-parser.a ../lib/dict-obj-file.a
../lib/cif-file-util.a ../lib/cif-file.a ../lib/cifparse-obj.a ../lib/tables.a
../lib/common.a ../lib/regex.a -lxerces-c -lm -o ./bin/xml2mmcif
Ok, I tried to address this. svn-buildpackage | tee ... blhc does not
report anything for me now. The gcc/g++ lines look right to my eyes.
But I still get the lintian warning! *What can I do now?*
Run away screaming? Wait, no, maybe not. ;)
In my experience, blhc is much more reliable than lintian. So most
likely hardening-no-fortify-functions is a false-positive.
It's customary to build extension modules also with python2.X-dbg
interpreters, and put them into a separate python-foo-dbg package. If
you build-depend on python-all-dbg then dh_auto_* will do most of the
work for you. (It's a feature added in debhelper 7.3.5, so you should
bump debhelper build-dependency if you decide to use it.)
Ok, I added this. Building the wrapper (the binding) is painfully
slow... it's a pity the four versions of this module can not be built
in parallel.
They probably can, it's just somebody has to write code to make that
happen. See e.g. how gamera[0] does this. Or you could write a patch to
debhelper, so that dh_auto_build takes care of parallel building
automatically. :)
[0]
http://anonscm.debian.org/viewvc/python-modules/packages/gamera/trunk/debian/rules?revision=22402&view=markup
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
