Hi Gianfranco, Thanks for taking care of this.
On 12/22/2016 12:05 PM, Gianfranco Costamagna wrote: > 1) chmod a-x debian/ondir/usr/share/ondir/integration/* > > why no dh_fixperms override? I forgot about dh_fixperms, will change that in the next iteration. > 2) > CFLAGS_FOR_MAKEFILE=$(shell dpkg-buildflags --get CPPFLAGS) $(shell > dpkg-buildflags --get CFLAGS) -DVERSION=\"$(VERSION)\" > -DGLOBAL_CONF=\"/etc/onddirrc\" > > I prefer CFLAGS and then CPPFLAGS > LDFLAGS_FOR_MAKEFILE=$(shell dpkg-buildflags --get CFLAGS) $(shell > dpkg-buildflags --get LDFLAGS) > > why CFLAGS in LDFLAGS? Good question. I'll get back to you on that. I think I had a reason for it, but I don't remember it. If there is a good reason, I'll add a comment to d/rules, if there isn't, I'll drop CFLAGS from there. > why override dh_auto_build and dh_auto_install? > probably exporting LDFLAGS and CFLAGS should work No, it won't, because I have to override the variables in the Makefile. For a simple example, take the following Makefile: CFLAGS = -O2 all: @echo $(CFLAGS) Then you get: env var: $ CFLAGS=-O0 make -O2 argument: $ make CFLAGS=-O0 -O0 If one uses cmake or autoconf or similar, then environment variables are sufficient. If the Makefile uses ?= to set the environment variables, then as well. But since upstream's Makefile uses a plain and = for the assignment of the environment variable, we need to override that explicitly via an argument to make. > 3) please ask upstream about the "+" in license I've sent upstream an email about this. > 4) missing hardening flags > http://debomatic-amd64.debian.net/distribution#unstable/ondir/0.2.3+git0.55279f03-1/blhc That's a false positive: since gcc now sets PIE by default on various architectures (amd64 included), dpkg-buildflags doesn't pass it any more. The binary itself is PIE: readelf -d /usr/bin/ondir | grep PIE 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE Compare the output of: DEB_BUILD_MAINT_OPTIONS=hardening=+pie dpkg-buildflags --get CFLAGS and DEB_BUILD_MAINT_OPTIONS=hardening=-pie dpkg-buildflags --get CFLAGS on both Jessie and Stretch/sid. Once I hear back from upstream about GPL-2/2+, I'll get back to you again. (With an updated package that also cleans up the other issues.) Regards, Christian