1) buildflags.patch / build type

First of all, the patch works fine. Actually, after removing the forced 
variable overrides Cmake
recognizes already the standard environment build flags.

I've came across that Debhelper 20130504 was set to always switch to 
RelWithDebInfo build type
(#701233), which yes puts -DNDEBUG into building on current Sid (Debhelper 
20130605) - are there
different opinions on that issue?

Dropping any custom switches (instead of addition of --as-needed linker flag) 
Scantailor on Sid for
now builds with the flags (CPP_FLAGS got injected into C_FLAGS since Debhelper 
20120417, #653916):
-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security
-D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG

Please further discuss that.

2) hardening of scantailor-cli

As another issue remains that scantailor-cli still doesn't got fortified:

$ hardening-check scantailor-cli
scantailor-cli:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: no not found!

I'll get deeper into that issue.

Latest commit:
http://anonscm.debian.org/gitweb/?p=collab-maint/scantailor.git;a=commitdiff;h=e37cf9eecb8223e524958de150a897cfba28a9dd
build log: 
http://www.danielstender.com/uploads/scantailor_0.9.11.1-1_amd64.build

Much thanks for comments so far & greetings,
Daniel Stender

On 18.06.2013 15:15, Mathieu Malaterre wrote:
> On Sat, Jun 15, 2013 at 6:20 PM, Dmitry Smirnov <only...@debian.org> wrote:
>> Build type is better to leave as "RELWITHDEBINFO". This might be
>> useful if you decide to provide -dbg package or just to (re-)build
>> with debugging info with command like
> 
> Technically RelWithDebInfo should not be used anymore with cmake from sid:
> 
> http://lists.debian.org/debian-devel/2013/06/msg00278.html
> 
> It now appends -DNDEBUG ... see #701231 for more info
> 
> 2cts

-- 
http://www.danielstender.com/blog/
GPG key ID: 1654BD9C


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to