[SCM] Debian packaging for OpenSAML 2.0 branch, master, updated. debian/2.4.3-3-6-ga979396
Russ Allbery
rra at debian.org
Wed Feb 1 10:01:54 UTC 2012
The following commit has been merged in the master branch:
commit b4d66bf608e1d72e08d40f10993a70132d625507
Author: Russ Allbery <rra at debian.org>
Date: Tue Jan 31 17:03:08 2012 -0800
Add PIE to the hardening options, strip all flags from pkgconfig
* Enable PIE for the opensaml2-tools binaries.
* Strip all of the build flags added by Debian from the pkgconfig
configuration file installed by the package.
diff --git a/debian/changelog b/debian/changelog
index 472c6c3..12a07b1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ opensaml2 (2.4.3-4) UNRELEASED; urgency=low
drops the linkage because it uses -nostdlib. See #468555.
* Pass --as-needed to the linker to reduce unnecessary shared library
dependencies in the opensaml2-tools package.
+ * Enable PIE for the opensaml2-tools binaries.
+ * Strip all of the build flags added by Debian from the pkgconfig
+ configuration file installed by the package.
-- Russ Allbery <rra at debian.org> Tue, 31 Jan 2012 16:44:48 -0800
diff --git a/debian/rules b/debian/rules
index ee3a8b8..a3be399 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,18 +1,17 @@
#!/usr/bin/make -f
# Enable compiler hardening flags.
-export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
+export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow,+pie
# Force linking with -lpthread, working around a bug in libtool that drops
# the linkage because it uses -nostdlib. See #468555.
export DEB_LDFLAGS_MAINT_APPEND = -lpthread
-# For stripping the flags back out of pkgconfig. Note that $(shell) does
-# not pick up environment changes defined in the makefile, such as those
-# above, so this misses the bindnow options (unintentionally) and the
-# -lpthread option (intentionally).
-STRIP_CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS)
-STRIP_LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS)
+# Set the results of dpkg-buildflags as make variables. We don't use this
+# to communicate to dh_auto_configure; it calls dpkg-buildflags itself.
+# It's only used to strip those flags out of the pkgconfig file. If we
+# can't import this, we don't care.
+-include /usr/share/dpkg/buildflags.mk
DOCS = debian/libsaml2-doc/usr/share/doc/libsaml2-doc
@@ -25,14 +24,15 @@ endif
override_dh_auto_configure:
dh_auto_configure -- --disable-dependency-tracking $(DEBUG)
-# Remove the upstream-installed documentation, and strip the hardening flags
-# out of the Cflags and Libs pkgconfig configuration.
+# Remove the upstream-installed documentation, and strip the build flags out
+# of the Cflags and Libs pkgconfig configuration. LDFLAGS and CPPFLAGS are
+# set by /usr/share/dpkg/buildflags.mk above.
override_dh_install:
rm -r debian/tmp/usr/share/doc/opensaml*
dh_install -a -i --fail-missing
- perl -i -pe 's/^(Libs: .*)\Q$(STRIP_LDFLAGS)\E/$$1/' \
+ perl -i -pe 's/^(Libs: .*)\Q$(LDFLAGS)\E/$$1/' \
debian/*/usr/lib/*/pkgconfig/opensaml.pc
- perl -i -pe 's/^(Cflags: .*)\Q$(STRIP_CPPFLAGS)\E/$$1/' \
+ perl -i -pe 's/^(Cflags: .*)\Q$(CPPFLAGS)\E/$$1/' \
debian/*/usr/lib/*/pkgconfig/opensaml.pc
override_dh_installdocs:
@@ -50,3 +50,6 @@ override_dh_autoreconf:
%:
dh $@ --with autoreconf
+
+# Don't attempt to build the buildflags.mk file if it doesn't exist.
+/usr/share/dpkg/buildflags.mk:
--
Debian packaging for OpenSAML 2.0
More information about the Pkg-shibboleth-devel
mailing list