On 18/11/21 00:08, Levente Polyak via arch-dev-public wrote:
On 11/17/21 13:27, Allan McRae via arch-dev-public wrote:
On 17/11/21 22:03, Jelle van der Waa via arch-dev-public wrote:
## Devtools
* pacman's makepkg.conf is synced with new hardening CFLAGS such as `-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection`
Any chance we enable LTO too. This was not added by default to the pacman package - my opinion is the build resources for LTO are a bit high, so the user should enable it if wanted in the system makepkg.conf. But we did agree to enable it for system packages, and thus needs added to devtools makepkg.conf:
https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0004-lto-by-d...
The idea so far was to release LTO in a second iteration as some concerns were raised to do both set of changes at the very same time.
My concerns about this are rather limited, as other distros use many (all?) of the new build flags and LTO. And compiler/linker errors should make it clear which is the issue. Can we have a timeline for when it will be acceptable to also add LTO? For example, after a certain proportion of packages have been rebuilt? Is there plans for a distro-wide rebuild to get the benefits of the added flags, and bulk fix any issues? Allan