On Sun, 15 Mar 2015 11:46:13 +0100, Daniel Dehennin wrote: > gregor herrmann <gre...@debian.org> writes: > >> I just rework my packaging[1] against the latest MoarVM 2015.02 : > > % git clone git://git.baby-gnu.net/pkg-moarvm.git > > Cloning into 'pkg-moarvm'... > > fatal: remote error: access denied or repository not exported: > > /pkg-moarvm.git > Sorry, I forgot the git-daemon-export-ok, it's ok now.
Works, thanks! > >> P: moarvm source: debian-watch-may-check-gpg-signature > > Can be ignored. > Sure, it's just pedantic And nothing we can fix. > >> W: moarvm: hardening-no-relro usr/bin/moar > >> I: moarvm: hardening-no-fortify-functions usr/bin/moar > >> W: moarvm: hardening-no-relro usr/lib/moar/libmoar.so > >> I: moarvm: hardening-no-fortify-functions usr/lib/moar/libmoar.so > >> I: moarvm: extended-description-is-probably-too-short > > > > That's unfortunate and needs investigation. > > > >> I think I'll need to patch the build system to use the environment > >> variables for *FLAGS for hardening. > > > > Yup, looks like the *FLAGS are ignored. I looked into this now, see the attached patch series. (Not perfect but a starting point.) > > Maybe you could push the git repo to alioth (to the rakudo team > > maybe?), then it's easier for others to clone/look/help out. What dou > > you think? - No idea how pkg-rakudo works but I assume they are > > welcoming since I know the some guys there :) And you're already a > > project member. > Yes, that's why I rename my repository to pkg-moarvm like pkg-rakudo. Excellent! Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Ry Cooder: The Very Thing That Makes You Rich (Makes Me Poor)
From edf93a0173b295d74cc761f0264f6cf00dd7d29d Mon Sep 17 00:00:00 2001 From: gregor herrmann <gre...@debian.org> Date: Sun, 15 Mar 2015 14:48:40 +0100 Subject: [PATCH 1/3] make build verbose and add build target to phony NOTE: maybe NOISY should be guarded by DH_VERBOSE or something --- debian/rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 800e46a..74b7b31 100755 --- a/debian/rules +++ b/debian/rules @@ -43,9 +43,9 @@ override_dh_auto_build: -w "release:MoarVM-$(MOAR_VERSION)" \ -w "date:$(MOAR_DATE)" \ docs/moar.pod - dh_auto_build + dh_auto_build -- NOISY=1 override_dh_strip: dh_strip --dbg-package=moarvm-dbg -.PHONY: override_dh_auto_configure override_dh_auto_build override_dh_strip +.PHONY: override_dh_auto_configure override_dh_auto_build override_dh_strip build -- 2.1.4
From 5f0616fea61b9fd661535c0114ed6e193ad417fb Mon Sep 17 00:00:00 2001 From: gregor herrmann <gre...@debian.org> Date: Sun, 15 Mar 2015 14:56:01 +0100 Subject: [PATCH 2/3] add patch buildflags.patch to honour FLAGS TODO: - add DEP3 headers - maybe some fine-tuning, now we have duplicates - might be good to discuss with upstream --- debian/patches/buildflags.patch | 18 ++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 19 insertions(+) create mode 100644 debian/patches/buildflags.patch create mode 100644 debian/patches/series diff --git a/debian/patches/buildflags.patch b/debian/patches/buildflags.patch new file mode 100644 index 0000000..ceac91e --- /dev/null +++ b/debian/patches/buildflags.patch @@ -0,0 +1,18 @@ +--- a/build/setup.pm ++++ b/build/setup.pm +@@ -269,13 +269,13 @@ + cc => 'gcc', + ld => undef, + +- ccmiscflags => '', ++ ccmiscflags => "$ENV{CFLAGS} $ENV{CPPFLAGS}", + ccwarnflags => '', + ccoptiflags => '-O%s -DNDEBUG', + ccdebugflags => '-g%s', + ccinstflags => '-pg', + +- ldmiscflags => '', ++ ldmiscflags => "$ENV{LDFLAGS}", + ldoptiflags => undef, + lddebugflags => undef, + ldinstflags => undef, diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..896fdf1 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +buildflags.patch -- 2.1.4
From d09339a226612766f5dfbd3a552e6ecccf2a7815 Mon Sep 17 00:00:00 2001 From: gregor herrmann <gre...@debian.org> Date: Sun, 15 Mar 2015 15:00:32 +0100 Subject: [PATCH 3/3] debian/rules: drop dpkg buildflags import happens automatically with dh9 NOTE: leave DEB_BUILD_MAINT_OPTIONS for now, adds more hardening flags --- debian/rules | 4 ---- 1 file changed, 4 deletions(-) diff --git a/debian/rules b/debian/rules index 74b7b31..7058785 100755 --- a/debian/rules +++ b/debian/rules @@ -5,10 +5,6 @@ # export DH_VERBOSE=1 # export DH_OPTIONS=-v -# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/* -DPKG_EXPORT_BUILDFLAGS = 1 -include /usr/share/dpkg/default.mk - ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) else -- 2.1.4
signature.asc
Description: Digital Signature