[openssl-dev] OpenSSL version 1.1.0 pre release 2 published
Kurt Roeckx
kurt at roeckx.be
Sun Jan 17 13:16:04 UTC 2016
On Sun, Jan 17, 2016 at 01:14:14AM +0100, Richard Levitte wrote:
> OPT_FLAGS would be for optimizing, do I get that right? I suggest you
> have a look at Configurations/10-main.conf, you might notice
> configuration items like debug_cflags, release_cflags, debug_lflags
> and release_lflags. If you have a look at my refactor-build branch,
> you will see a fairly thorough Configurations/README. If you look the
> commit titled "Refactor config - move templates docs asm templates to
> Configurations", you'll find the documentation that's applicable to
> what Configure in the master branch supports... later editions are
> currently only supported in my branch.
In Debian we have a system that where you can override things like
the CFLAGS, and I wonder how easy it will be to integrate that
with your new system.
We have a tool called dpkg-buildflags. By default it now returns:
$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
FCFLAGS=-g -O2 -fstack-protector-strong
FFLAGS=-g -O2 -fstack-protector-strong
GCJFLAGS=-g -O2 -fstack-protector-strong
LDFLAGS=-Wl,-z,relro
OBJCFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
OBJCXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
In the 1.0.2 branch I use this:
my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
And then use $debian_cflags in the targets.
There were was no way to separate clfags/lfdlags, so I needed to
combine it.
dpkg-buildflags can return different things depending on environment variables.
Some examples:
$ DEB_BUILD_OPTIONS=noopt dpkg-buildflags --get CFLAGS
-g -O0 -fstack-protector-strong -Wformat -Werror=format-security
$ DEB_BUILD_OPTIONS=hardening=-all dpkg-buildflags --get CFLAGS
-g -O2
$ DEB_CFLAGS_APPEND=-O3 dpkg-buildflags --get CFLAGS
-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -O3
There are environment variables for both the maintainer to set the
defaults and someone who then wants to build the package with
different settings.
(I should move the -Wa,--noexecstack -Wall to environment
variables.)
Is there an easy way to I can override the flags with
dpkg-buildflags?
Kurt
More information about the openssl-dev
mailing list