Debian Bug report logs - #644412
dpkg-buildflags: use DEB_BUILD_MAINT_OPTIONS when including buildflags.mk

version graph

Package: dpkg-dev; Maintainer for dpkg-dev is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg-dev is src:dpkg.

Reported by: Pierre Chifflier <pollux@debian.org>

Date: Wed, 5 Oct 2011 15:30:13 UTC

Severity: normal

Found in version dpkg/1.16.1

Fixed in version dpkg/1.16.1.1

Done: Guillem Jover <guillem@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#644412; Package dpkg. (Wed, 05 Oct 2011 15:30:17 GMT) Full text and rfc822 format available.

Acknowledgement sent to Pierre Chifflier <pollux@debian.org>:
New Bug report received and forwarded. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Wed, 05 Oct 2011 15:30:17 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Pierre Chifflier <pollux@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dpkg-buildflags: use DEB_BUILD_MAINT_OPTIONS when including buildflags.mk
Date: Wed, 05 Oct 2011 17:29:32 +0200
Package: dpkg
Version: 1.16.1
Severity: normal

Hi,

When using the following Makefile snippet:

DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow
export DEB_BUILD_MAINT_OPTIONS
-include /usr/share/dpkg/buildflags.mk
export CFLAGS LDFLAGS

The variable DEB_BUILD_MAINT_OPTIONS is not used, and the variables
(CFLAGS etc.) does not have the expected value.

A possible solution would be to modify /usr/share/dpkg/buildflags.mk to
use the variables when running the shell command, for ex using something
like:
DEB_BUILD_MAINT_OPTIONS="$(DEB_BUILD_MAINT_OPTIONS)" dpkg-buildflags <args>

This would greatly help for the hardening goal by keeping the inclusion
of the file optional (for backports) and adding options like pie and
bindnow to the hardening flags.

Thanks,
Pierre




Bug reassigned from package 'dpkg' to 'dpkg-dev'. Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Wed, 05 Oct 2011 17:06:03 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions dpkg/1.16.1. Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Wed, 05 Oct 2011 17:06:03 GMT) Full text and rfc822 format available.

Bug Marked as found in versions dpkg/1.16.1. Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Wed, 05 Oct 2011 17:06:04 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Mon, 10 Oct 2011 09:03:19 GMT) Full text and rfc822 format available.

Message sent on to Pierre Chifflier <pollux@debian.org>:
Bug#644412. (Mon, 10 Oct 2011 09:03:26 GMT) Full text and rfc822 format available.

Message #16 received at 644412-submitter@bugs.debian.org (full text, mbox):

From: Raphaël Hertzog <hertzog@debian.org>
To: 644412-submitter@bugs.debian.org
Subject: Bug#644412 marked as pending
Date: Mon, 10 Oct 2011 09:01:03 +0000
tag 644412 pending
thanks

Hello,

Bug #644412 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=44aa764

---
commit 44aa764eb17a7665c291b424ddc3a4b6ef5a0754
Author: Raphaël Hertzog <hertzog@debian.org>
Date:   Mon Oct 10 10:50:02 2011 +0200

    scripts/mk: fix buildflags.mk to make use of the DEB_*_MAINT_* variables
    
    Make does not export its own variables (even those which have been
    exported explicitly) to sub-shells executed with $(shell …). Since
    dpkg-buildflags is called that way, we have to modify the command
    line to embed variable initializations to ensure that we forward the
    variables that have been set by the maintainer in debian/rules.
    
    Since this code required to loop over all possible flags, I took
    the opportunity to also set the output variables within a loop construct
    using a single template (avoids copy&paste mistakes).
    
    Reported-by: Pierre Chifflier <pollux@debian.org>

diff --git a/debian/changelog b/debian/changelog
index cb6e194..3376439 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,8 @@ dpkg (1.16.1.1) UNRELEASED; urgency=low
     triggers-pending or installed. Closes: #644492
   * Fix dpkg-source to ignore changes on debian/patches/.dpkg-source-applied
     when building a "2.0" source package. Closes: #642656
+  * Fix buildflags.mk to re-export the environment variables that
+    the maintainer can use to change the build flags. Closes: #644412
 
   [ Guillem Jover ]
   * Change dpkg-buildflags to set preprocessor option -D_FORTIFY_SOURCE=2




Reply sent to Guillem Jover <guillem@debian.org>:
You have taken responsibility. (Fri, 14 Oct 2011 05:51:19 GMT) Full text and rfc822 format available.

Notification sent to Pierre Chifflier <pollux@debian.org>:
Bug acknowledged by developer. (Fri, 14 Oct 2011 05:51:19 GMT) Full text and rfc822 format available.

Message #21 received at 644412-close@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 644412-close@bugs.debian.org
Subject: Bug#644412: fixed in dpkg 1.16.1.1
Date: Fri, 14 Oct 2011 05:47:19 +0000
Source: dpkg
Source-Version: 1.16.1.1

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.16.1.1_all.deb
  to main/d/dpkg/dpkg-dev_1.16.1.1_all.deb
dpkg_1.16.1.1.dsc
  to main/d/dpkg/dpkg_1.16.1.1.dsc
dpkg_1.16.1.1.tar.bz2
  to main/d/dpkg/dpkg_1.16.1.1.tar.bz2
dpkg_1.16.1.1_amd64.deb
  to main/d/dpkg/dpkg_1.16.1.1_amd64.deb
dselect_1.16.1.1_amd64.deb
  to main/d/dpkg/dselect_1.16.1.1_amd64.deb
libdpkg-dev_1.16.1.1_amd64.deb
  to main/d/dpkg/libdpkg-dev_1.16.1.1_amd64.deb
libdpkg-perl_1.16.1.1_all.deb
  to main/d/dpkg/libdpkg-perl_1.16.1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644412@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 14 Oct 2011 07:08:31 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.16.1.1
Distribution: unstable
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 642521 642656 643037 643148 643632 644412 644492
Changes: 
 dpkg (1.16.1.1) unstable; urgency=low
 .
   [ Raphaël Hertzog ]
   * Fix dpkg-source to not ignore the automatic patch when checking
     for unrecorded changes. Closes: #643148
   * Let dpkg-source --commit create debian/patches when required.
     Closes: #643037
   * Fix dpkg-buildflags --dump to return 0 as exit code and not 1.
   * Update dpkg-buildflags(1) to not include quotes in the examples
     setting DEB_BUILD_MAINT_OPTIONS.
   * Stop outputting build flags in dpkg-buildpackage as it confuses
     maintainers who are overriding them in debian/rules and who
     are not seeing the expected value in the build log.
   * Fix trigger setup code to not reset the status of packages
     when they are in a status different from triggers-awaited,
     triggers-pending or installed. Closes: #644492
   * Fix dpkg-source to ignore changes on debian/patches/.dpkg-source-applied
     when building a "2.0" source package. Closes: #642656
   * Fix buildflags.mk to re-export the environment variables that
     the maintainer can use to change the build flags. Closes: #644412
 .
   [ Guillem Jover ]
   * Change dpkg-buildflags to set preprocessor option -D_FORTIFY_SOURCE=2
     in CPPFLAGS, instead of CFLAGS and CXXFLAGS. Closes: #642521, #643632
   * Fix typo to correctly set DEB_*_ARCH_BITS instead of DEB_*_ARCH in
     architecture.mk. Thanks to Thorsten Glaser <tg@mirbsd.org>.
   * Make dpkg-buildflags disable full relro (bindnow) if relro is not enabled.
Checksums-Sha1: 
 84d661ab56634263bf86d2c6bc01f40194ff7942 1372 dpkg_1.16.1.1.dsc
 578c312accfaabf240f1cb8f6e13cfdabd8d8027 5432275 dpkg_1.16.1.1.tar.bz2
 f64f11f95012a185f6c3657c5c956f818bff110f 555334 libdpkg-dev_1.16.1.1_amd64.deb
 631f6ee4cdb7e8746275ba66dd02851d248a9e2c 2221654 dpkg_1.16.1.1_amd64.deb
 096aa4dee20bab855772723d36ee727149a67120 1009472 dselect_1.16.1.1_amd64.deb
 cd1d60c6fc72e9fad2e5661a4379e8096c986187 927372 dpkg-dev_1.16.1.1_all.deb
 ea256cf7c5ff4428f8f05029ed613f3dcdbcee1b 809766 libdpkg-perl_1.16.1.1_all.deb
Checksums-Sha256: 
 a265a786974128b5c9d9a59e9b0b8e080601217e320ea21f06a79376f80463f3 1372 dpkg_1.16.1.1.dsc
 7bd9861ddfa7408ca790ca0d8fa8a3b585afcb900fdee5b658d42f9fca09202d 5432275 dpkg_1.16.1.1.tar.bz2
 914a67584614415a99f5f1f2e9544af183a64b7660768e401ea36e6d833738a1 555334 libdpkg-dev_1.16.1.1_amd64.deb
 3dfe73a733a58a0718b0adcd1decc20c798a7f66a282714f1fd31d0095dbd65b 2221654 dpkg_1.16.1.1_amd64.deb
 e7459e18c8643e6cc3a2939e9b42656c83888507c8feab56c1b1cc8c8b3f5ac7 1009472 dselect_1.16.1.1_amd64.deb
 08f86079607e20285c2e49760150b09d83135dc03cecf0579f06ac0c8e338b8c 927372 dpkg-dev_1.16.1.1_all.deb
 747685b3b639cf1e4bcb86c1abd401fa8d53b89fa2d5186c432618ffa8af23bb 809766 libdpkg-perl_1.16.1.1_all.deb
Files: 
 61e4c4decca0d3fcf5273a511691faea 1372 admin required dpkg_1.16.1.1.dsc
 73fb4d67dbc9f9f14a776187429ce3f1 5432275 admin required dpkg_1.16.1.1.tar.bz2
 fe5f482b2d8f0c29166e64de8e7a057e 555334 libdevel optional libdpkg-dev_1.16.1.1_amd64.deb
 e8e587d015e07ee9e021dde794118178 2221654 admin required dpkg_1.16.1.1_amd64.deb
 ba40b0adceac93490b597deb7824ffbc 1009472 admin optional dselect_1.16.1.1_amd64.deb
 c03b149e046793a6adf4a5ad85fab218 927372 utils optional dpkg-dev_1.16.1.1_all.deb
 30f6b48d95cdeba197302daee1ec99b3 809766 perl optional libdpkg-perl_1.16.1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6XxdMACgkQuW9ciZ2SjJvdRwCbBBL7amUJAKoRAMSzur5JAlQ7
E8cAnjB+hj7Xzr7Jm7i1b0pX3cWUWxkV
=zyVA
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Nov 2011 07:32:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 10:37:50 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.