On Friday, July 10, 2020 7:06 PM, Eli Schwartz via arch-dev-public <arch-dev-public@archlinux.org> wrote:
On 7/10/20 2:38 PM, Jan Alexander Steffens (heftig) via arch-dev-public wrote:
From: "Jan Alexander Steffens (heftig)" heftig@archlinux.org I recently read Fedora's documentation on build flags and I think they have some useful ideas.
1. Move -D_FORTIFY_SOURCE=2 from CPPFLAGS to CFLAGS using -Wp: Unfortunately, there are still build systems (e.g. CMake, homegrown Makefile rules) which use CFLAGS but not CPPFLAGS. Ultimately, we can cover more code with this workaround.
Sounds like a job for
build() { export CFLAGS="$CPPFLAGS $CFLAGS" ... }
(I do not understand how -Wp, helps here, its purpose is only to prevent the compiler driver from reinterpreting it before passing it to the preprocessor, and only if you have special needs and believe it will mangle your flags. -D_FORTIFY_SOURCE sounds sufficiently boring to say it won't be mangled.)
IIRC main concern against -D_FORTIFY_SOURCE in CFLAGS (made by Allan?) was about purity of passing preprocessor flags only to preprocessor. I think using "Wp" prefix for fortify solves purity issue. Side note: can you get rid of "-march=x86-64 -mtune=generic" which are default options for gcc on x86_64? It would be easier to read buildflags without this useless spam especially when they will be extended by other meaningful things. Yours sincerely G. K.