Code: Select all
I: zpaqfranz: hardening-no-bindnow usr/bin/zpaqfranz
N:
I: hardening-no-bindnow
N:
N: This package provides an ELF binary that lacks the "bindnow" linker
N: flag.
N:
N: This is needed (together with "relro") to make the "Global Offset
N: Table" (GOT) fully read-only. The bindnow feature trades startup time
N: for improved security. Please consider enabling this feature or
N: consider overriding the tag (possibly with a comment about why).
N:
N: If you use dpkg-buildflags, you may have to add hardening=+bindnow or
N: hardening=+all to DEB_BUILD_MAINT_OPTIONS.
N:
N: The relevant compiler flags are set in LDFLAGS.
N:
N: Refer to https://wiki.debian.org/Hardening for details.
N:
N: Severity: info
I definitely make some mistakes
Code: Select all
#!/usr/bin/make -f
export DEB_CFLAGS_MAINT_APPEND = -Wno-stringop-overflow
include /usr/share/dpkg/architecture.mk
ifeq ($(DEB_HOST_GNU_CPU), x86_64)
DEB_CPPFLAGS_MAINT_APPEND = -DHWSHA2
endif
ifneq ($(DEB_HOST_GNU_CPU), x86_64)
DEB_CPPFLAGS_MAINT_APPEND = -DNOJIT
endif
ifneq ($(DEB_HOST_ARCH_ENDIAN), little)
DEB_CPPFLAGS_MAINT_APPEND = -DBIG -DNOJIT
endif
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
%:
dh $@
override_dh_auto_install:
dh_auto_install -- prefix=/usr