[hdf4] 03/08: Enable all hardening buildflags, except PIE (causes build failure).

Sebastiaan Couwenberg sebastic at moszumanska.debian.org
Sat May 7 20:01:20 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch experimental
in repository hdf4.

commit d343577a44556af95c88ceabe996b445b183a791
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Sat May 7 11:14:15 2016 +0200

    Enable all hardening buildflags, except PIE (causes build failure).
---
 debian/changelog                    |  1 +
 debian/hdf4-tools.lintian-overrides |  3 +++
 debian/rules                        | 25 +++++++++++++++++++------
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index aa69657..5c4f92b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,7 @@ libhdf4 (4.2.11-1~exp) UNRELEASED; urgency=medium
 
   [ Bas Couwenberg ]
   * Update Vcs-* URLs to use HTTPS.
+  * Enable all hardening buildflags, except PIE (causes build failure).
 
  -- Johan Van de Wauw <johan.vandewauw at gmail.com>  Sat, 14 Feb 2015 13:43:51 +0100
 
diff --git a/debian/hdf4-tools.lintian-overrides b/debian/hdf4-tools.lintian-overrides
new file mode 100644
index 0000000..062e297
--- /dev/null
+++ b/debian/hdf4-tools.lintian-overrides
@@ -0,0 +1,3 @@
+# PIE breaks the build
+hdf4-tools: hardening-no-pie *
+
diff --git a/debian/rules b/debian/rules
index 83ab04b..8e1092c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,6 +5,9 @@
 # more information about the license.
 #
 
+# Enable hardening build flags
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+
 RELEASE := 4.2.11
 ARCHIVE	:= upstream/HDF$(RELEASE).tar.gz
 PACKAGE := libhdf4
@@ -17,8 +20,9 @@ CC	:= gcc
 CXX	:= g++
 LIBS    := -ljpeg -lz -lm 
 
-CFLAGS = $(shell dpkg-buildflags --get CFLAGS; dpkg-buildflags --get CPPFLAGS)
-LDFLAGS = $(shell dpkg-buildflags --get  LDFLAGS)
+CFLAGS  = $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie dpkg-buildflags --get CFLAGS)
+CFLAGS += $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie dpkg-buildflags --get CPPFLAGS)
+LDFLAGS = $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie dpkg-buildflags --get LDFLAGS)
 
 ifneq (,$(findstring verbose,$(DEB_BUILD_OPTIONS)))
    DH_VERBOSE=1
@@ -61,16 +65,23 @@ stamps/configure-stamp: patch
 	cd HDF4 \
 		&& libtoolize \
 		&& autoreconf -i \
-		&& F77="$(F77)" CC="$(CC)" CXX="$(CXX)" ./configure --prefix=/usr --includedir=/usr/include/hdf \
-			      				     --enable-shared  --enable-fortran
+		&& F77="$(F77)" CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \
+			--prefix=/usr \
+			--includedir=/usr/include/hdf \
+			--enable-shared \
+			--enable-fortran
 	# ./hdf/fmpool/config.sub
 	#
 	# build a netcdf compatible flavor, without fortran functions.
 	cd HDF4_ALT \
 		&& libtoolize \
 		&& autoreconf -i \
-		&& CC="$(CC)" CXX="$(CXX)" ./configure --prefix=/usr --includedir=/usr/include/hdf --disable-netcdf \
-			      				      --enable-shared --disable-fortran
+		&& CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \
+			--prefix=/usr \
+			--includedir=/usr/include/hdf \
+			--enable-shared \
+			--disable-fortran \
+			--disable-netcdf
 	touch $@
 
 stamps/build-arch-stamp: patch configure
@@ -146,6 +157,7 @@ binary-arch: install
 	dh_installman -a
 	dh_strip -a
 	dh_link -a
+	dh_lintian -a
 	dh_compress -a
 	dh_fixperms -a
 	dh_makeshlibs -a
@@ -164,6 +176,7 @@ binary-indep: install-doc
 	dh_installdocs -i
 	dh_installman -i
 	dh_link -i
+	dh_lintian -i
 	dh_compress -i 
 	dh_fixperms -i
 	dh_installdeb -i

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/hdf4.git

More information about the Pkg-grass-devel mailing list