15 Sep
2015
15 Sep
'15
12:26 p.m.
Hi, I was quite surprised today that gcc suddenly started defaulting to -fstack-check. After some confusion and a bit of exploration, it turned out that hardening-wrapper, which came as a makedep with python, was responsible. It is quite unfortunate that hardening-wrapper unexpectedly alters system-wide compiler behavior. In addition, since makepkg layers ccache in front of hardening-wrapper, ccache will now miss compiler updates. IMO it should be a makedepend on any package. If we want to harden our packages we can do this via makepkg.conf or adjusting CFLAGS in the PKGBUILD, not supposedly-per-package system-wide hacks. Thoughts? Greetings, Jan