[openssl-dev] OpenSSL version 1.1.0 pre release 2 published
Richard Levitte
levitte at openssl.org
Sun Jan 17 13:56:37 UTC 2016
In message <20160117131603.GA10909 at roeckx.be> on Sun, 17 Jan 2016 14:16:04 +0100, Kurt Roeckx <kurt at roeckx.be> said:
kurt> On Sun, Jan 17, 2016 at 01:14:14AM +0100, Richard Levitte wrote:
kurt> > OPT_FLAGS would be for optimizing, do I get that right? I suggest you
kurt> > have a look at Configurations/10-main.conf, you might notice
kurt> > configuration items like debug_cflags, release_cflags, debug_lflags
kurt> > and release_lflags. If you have a look at my refactor-build branch,
kurt> > you will see a fairly thorough Configurations/README. If you look the
kurt> > commit titled "Refactor config - move templates docs asm templates to
kurt> > Configurations", you'll find the documentation that's applicable to
kurt> > what Configure in the master branch supports... later editions are
kurt> > currently only supported in my branch.
kurt>
kurt> In Debian we have a system that where you can override things like
kurt> the CFLAGS, and I wonder how easy it will be to integrate that
kurt> with your new system.
kurt>
kurt> We have a tool called dpkg-buildflags. By default it now returns:
kurt> $ dpkg-buildflags
kurt> CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
kurt> CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2
kurt> CXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
kurt> FCFLAGS=-g -O2 -fstack-protector-strong
kurt> FFLAGS=-g -O2 -fstack-protector-strong
kurt> GCJFLAGS=-g -O2 -fstack-protector-strong
kurt> LDFLAGS=-Wl,-z,relro
kurt> OBJCFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
kurt> OBJCXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
kurt>
kurt> In the 1.0.2 branch I use this:
kurt> my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
kurt>
kurt> And then use $debian_cflags in the targets.
kurt>
kurt> There were was no way to separate clfags/lfdlags, so I needed to
kurt> combine it.
kurt>
kurt> dpkg-buildflags can return different things depending on environment variables.
kurt> Some examples:
kurt> $ DEB_BUILD_OPTIONS=noopt dpkg-buildflags --get CFLAGS
kurt> -g -O0 -fstack-protector-strong -Wformat -Werror=format-security
kurt>
kurt> $ DEB_BUILD_OPTIONS=hardening=-all dpkg-buildflags --get CFLAGS
kurt> -g -O2
kurt>
kurt> $ DEB_CFLAGS_APPEND=-O3 dpkg-buildflags --get CFLAGS
kurt> -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -O3
kurt>
kurt>
kurt> There are environment variables for both the maintainer to set the
kurt> defaults and someone who then wants to build the package with
kurt> different settings.
kurt>
kurt> (I should move the -Wa,--noexecstack -Wall to environment
kurt> variables.)
kurt>
kurt> Is there an easy way to I can override the flags with
kurt> dpkg-buildflags?
I see where you're going with this.
As it is right now, there is no way to affect Configure via the
environment, except for the names of certain commands. Personally,
I'd say that using those should be done carefully. I have no plans to
expand on the use of environment variables...
However, there is always the possibility to quickly write up a small
config target for yourself in Configurations, and have them inherit
the items for an already existing target. For example:
cflags=` ... dpkg-buildflags --get CFLAGS`; \
cat <<EOF > Configurations/01-debian-tmp.conf
%targets = (
"debian-linux-x86_64" => {
inherit_from => [ "linux-x86_64" ],
cflags => "$cflags",
}
);
1;
EOF
If you want to just append or prepend your flags, you do this with the
cflags item:
cflags => sub { join(" ", $@, "$cflags"); },
In my refactor-build branch, I've added some lazy functions to do the
same:
cflags => add("$cflags"),
or
cflags => add_before("$cflags"), # to prepend
Did that help?
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list