Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

missing hardening flags on Debian building #261

Open
yuzibo opened this issue Jul 22, 2024 · 1 comment
Open

missing hardening flags on Debian building #261

yuzibo opened this issue Jul 22, 2024 · 1 comment

Comments

@yuzibo
Copy link

yuzibo commented Jul 22, 2024

hi,
when I was packaging the new upstream release(1.0.1), I got one blhc test failed:

vimer@dev:~/build/rfs/python/ftbfs/opentsne$ blhc ../build-area/opentsne_1.0.1-1_amd64.build
CFLAGS missing (-g -O2 -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection): x86_64-linux-gnu-gcc <<PKGBUILDDIR>>/tmp6x6svb_h/omp.o -o /<<PKGBUILDDIR>>/tmp6x6svb_h/omp.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): x86_64-linux-gnu-gcc <<PKGBUILDDIR>>/tmp6x6svb_h/omp.o -o /<<PKGBUILDDIR>>/tmp6x6svb_h/omp.c
LDFLAGS missing (-Wl,-z,relro -Wl,-z,now): x86_64-linux-gnu-gcc <<PKGBUILDDIR>>/tmp6x6svb_h/omp.o -o /<<PKGBUILDDIR>>/tmp6x6svb_h/omp.c

I am not sure if this is false positive for blhc checking, so report it here and please have a look, thanks.
@pavlin-policar
Copy link
Owner

Hi, thanks for reporting the issue. Unfortunately, I am unfamiliar with the Debian build system and don't really have any idea what build flags could be missing. The compilation flags are all speciifed in the setup.py.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pavlin-policar @yuzibo