On 11/17/21 13:27, Allan McRae via arch-dev-public wrote:
On 17/11/21 22:03, Jelle van der Waa via arch-dev-public wrote:
## Devtools
* pacman's makepkg.conf is synced with new hardening CFLAGS such as `-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection`
Any chance we enable LTO too. This was not added by default to the pacman package - my opinion is the build resources for LTO are a bit high, so the user should enable it if wanted in the system makepkg.conf. But we did agree to enable it for system packages, and thus needs added to devtools makepkg.conf:
https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0004-lto-by-d...
The idea so far was to release LTO in a second iteration as some concerns were raised to do both set of changes at the very same time. So far the rollout has been blocked by reproducible tooling - otherwise we would screw over reproducibility. This has been solved and finalized in several iterations in makerepropkg [0] and the approach/implementation communicated and coordinated with 'repro'. The expected time frame for the release is this week. cheers, Levente [0] https://github.com/archlinux/devtools/commit/d3cf6ad57078b66a6f75d0694c2b83d...