[arch-dev-public] hardening-wrapper
Jan Alexander Steffens
jan.steffens at gmail.com
Tue Sep 15 12:26:37 UTC 2015
Hi,
I was quite surprised today that gcc suddenly started defaulting to
-fstack-check. After some confusion and a bit of exploration, it turned out
that hardening-wrapper, which came as a makedep with python, was
responsible.
It is quite unfortunate that hardening-wrapper unexpectedly alters
system-wide compiler behavior.
In addition, since makepkg layers ccache in front of hardening-wrapper,
ccache will now miss compiler updates.
IMO it should be a makedepend on any package. If we want to harden our
packages we can do this via makepkg.conf or adjusting CFLAGS in the
PKGBUILD, not supposedly-per-package system-wide hacks. Thoughts?
Greetings,
Jan
More information about the arch-dev-public
mailing list