On Mon, Feb 20, 2012 at 09:28:49PM +0100, Simon Ruderich wrote:
> dpkg-buildflags >& /dev/null
>
> Dash, which is (now) the default shell for scripts on Debian,
> doesn't support that - and it's used by the buildds I think. I
> guess you have bash as your /bin/sh which accepts that syntax.
>
> The following works fine:
>
> dpkg-buildflags > /dev/null 2>&1
>
> And fixes the hardening flags for me.
OK, I'll try this and see how that works out.
> But you don't need to check if dpkg-buildflags is available. You
> could use the method I suggested in the last message and call
> dpkg-buildflags unconditionally - if it doesn't exist no output
> is added to the *FLAGS variables.
I believe I do need to do the check, because if the *FLAGS are set
(even if they are set to the empty string), they will override what
dpkg-buildpackage sets on Ubuntu obsolete systems (per corporate
security dictats, I'm forced to run Ubuntu 10.04 LTS on my laptop).
That's why if dpkg-buildflags isn't available, I'm explicitly setting
CFLAGS and LDFLAGS to what was the default on older versions of dpkg.
> Btw. I think there's one problem with the current debian/rules:
> If dpkg-buildflags is found and used then
> -Wl,-Bsymbolic-functions is missing from LDFLAGS, I'm not sure if
> this was intended.
Yes, that was the default from Ubuntu 10.04. But if dpkg-buildflags
is going to supply something else, we'll use whatever the distro
defaults are. If I understand things correctly, even Debian
obsolete^H^H^H^H^H^H^H stable supports dpkg-buildflags so this is
really only something needed to support Ubuntu LTS.
Sometime after Ubuntu LTS 12.04 I'll stop worrying about this, but for
right now, I'm forced to use Ubuntu LTS, so I'm trying to support it.
- Ted
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
