On 2024-07-01 03:12, Emanuele Rocca wrote: > I haven't tested it on cross-builds of the native compiler as that > currently fails due to unsatisfied dependencies in sid. That case > should work fine too though.
Double-checked today, cross-builds of the native compiler work as well both with and without the flag. Without -mbranch-protection=standard: DEB_BUILD_MAINT_OPTIONS=hardening=-branch DEB_BUILD_OPTIONS=nolang=m2 sbuild --host=arm64 With -mbranch-protection=standard: DEB_BUILD_OPTIONS=nolang=m2 sbuild --host=arm64 Note that sbuild whitelists a set of variables that are passed into the schroot and all others are dropped, so you'll need the following in ~/.sbuildrc for DEB_BUILD_MAINT_OPTIONS to go through: $environment_filter = [Dpkg::BuildInfo::get_build_env_allowed(), 'DEB_BUILD_MAINT_OPTIONS']; Alternatively, one can also just take the easy route and pass hardening=-branch in DEB_BUILD_OPTIONS, which is whitelisted by default: DEB_BUILD_OPTIONS='nolang=m2 hardening=-branch' sbuild --host=arm64
