Re: Seeking hardening flag / blhc expoert
- Date: Fri, 5 Apr 2019 21:55:34 +0300
- From: Otto Kekäläinen <otto@xxxxxxxxxx>
- Subject: Re: Seeking hardening flag / blhc expoert
> > Is there any hardening flag / cmake expert around who could help me
> > get the hardening flags perfect in MariaDB 10.3?
> Start with https://wiki.debian.org/Hardening#Notes_for_packages_using_CMake
I've read this section many times over but I don't get it. A
workaround is presented but since we are on a new debhelper it is
advised not to be used. It suggests using
/usr/share/dpkg/buildflags.mk but since we already call default.mk the
buildflags.mk should be included. There are some variables set, but
since the cmake command does not include them, changes in them does
not have an effect. There is no explanation about that flags do what
and which are the relevant ones, so blindly just defining everything
does not seem like a savvy solution.
I would appreciate if you can pinpoint what is the missing flag
exactly and what is now not passed to cmake correctly..
> > d/rules:
> > https://salsa.debian.org/mariadb-team/mariadb-10.3/blob/master/debian/rules
> One of the problems is using $(MAKE) instead of dh_auto_build and so on.
> There are other problems in this file.
Since the build command is constructed in the
override_dh_auto_configure stanza this is the only way I am aware that
I can pass it on to dh_auto_build. I am happy to try out alternative
ways if you have concrete suggestions on how to refactor the d/rules
Thanks for pointers and help!