• How to sneak in CFLAGS and LDFLAGS into findimagedupes build

    From Andreas Tille@21:1/5 to All on Sat Apr 17 11:10:01 2021
    Hi Perl experts,

    Debian Trends motivated me to switch findimagedupes[1] from cdbs to dh.
    I also enabled salsa-ci and learned that the hardening flags are not
    propagated properly[2]. I admit I have no idea how the build might work
    at all. Can you give any hint how the hardening flags can be
    propagated?

    Kind regards
    Andreas.

    [1] https://salsa.debian.org/science-team/findimagedupes
    [2] https://salsa.debian.org/science-team/findimagedupes/-/jobs/1589952

    --
    http://fam-tille.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?utf-8?Q?=C3=89tienne?= Mollier@21:1/5 to All on Sun Apr 18 17:50:02 2021
    Hi Andreas,

    Andreas Tille, on 2021-04-17 11:04:54 +0200:
    Hi Perl experts,

    Debian Trends motivated me to switch findimagedupes[1] from cdbs to dh.
    I also enabled salsa-ci and learned that the hardening flags are not propagated properly[2]. I admit I have no idea how the build might work
    at all. Can you give any hint how the hardening flags can be
    propagated?

    I don't consider myself a Perl expert, but I had a look at this
    issue, and had the general impression that FLAGS needed to be
    manually pushed through ExtUtil::MakeMaker(3pm), and then down
    to Inline::C(3pm). I came up with propagate-flags.patch, which
    I pushed on Salsa[1], if you wish to have a look.

    But maybe there are better options than my implementation, I'm
    not exactly happy of the -shared I had to manually append to
    LDDLFLAGS in the C.pm, and the various FLAGS behavior in Inline
    is not especially clear without having the manual at hand.

    Kind regards
    Andreas.

    [1] https://salsa.debian.org/science-team/findimagedupes
    [2] https://salsa.debian.org/science-team/findimagedupes/-/jobs/1589952

    Have a nice day, :)
    --
    Étienne Mollier <etienne.mollier@mailoo.org>
    Fingerprint: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
    Sent from /dev/pts/2, please excuse my verbosity.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmB8U5YACgkQeTz2fo8N EdpGqw/+JiaTKxBKtrzOdJajGO+CzYvo7+OBJDnB7WK4s6WNIDKGZlmqykBtPcmr cJa7maJ/eMABTcD3rQug5UtrynExUorfPUwGVYKbYTvZ0Yvf9xINgNJgTy/lHxOh xvdvDtuXDA0195tpH4PTTDnCSSw8MO2C48HpOKSzFVrx35Ku1Ludb3tI4OqLqpkk H35dxIJQCpYpYnIltQmiV953ovr3xe/klLbd7CvwSIulhsMPyt1zTWce2JN2KAFJ fQdBnUCCIwXHblZbjGfKQtEFxSBnqEgm8RFQmIxuP5+E3NEafL20iIdo1zwxtG3f 2CQJ7tnMBO2MG5/HXHr01uZVrGB50b2BjRhS15lJG/AnquWrwUVFByuMP27sHoR2 FbzSEC4zxbii9iJRbBspDp/YI1P/uQ9j3f6qrbqNnC/ly+/dBR/akRCcstLzTV8X C3kJ+6lrVMkO6G/svaIgYOQAL5mGmRLCFwVdkls4PXZANKjMW5IGky3lE4vitAPz JaFR/TS1EmTTYvcfUvkPqmg8o0xTYYQSMBoNmXkVDQhRUXofymi//FtH4ONQGDF+ wFzADWLvJX6ue2LW4uT+KU0LKnqVGQWB3TBZCMavmvoXfVawbapY9Bs+sqyau7eZ POMTPlDmCDFxqfik5nFN68eqpMeg1BxIva6dZY2xp1jAcPEzMhM=
    =Ewxw
    -----END PGP SIGNATURE-----

    --
  • From gregor herrmann@21:1/5 to All on Sun Apr 18 18:30:02 2021
    On Sun, 18 Apr 2021 17:43:19 +0200, Étienne Mollier wrote:

    I don't consider myself a Perl expert, but I had a look at this
    issue, and had the general impression that FLAGS needed to be
    manually pushed through ExtUtil::MakeMaker(3pm), and then down
    to Inline::C(3pm). I came up with propagate-flags.patch, which
    I pushed on Salsa[1], if you wish to have a look.

    Ha, there are _two_ places, nice find.
    (I had a brief look yesterday and came only up with the changes in
    Makefile.PL which were not enough.)

    But maybe there are better options than my implementation, I'm
    not exactly happy of the -shared I had to manually append to
    LDDLFLAGS in the C.pm, and the various FLAGS behavior in Inline
    is not especially clear without having the manual at hand.

    From some of the patches we have in the perl team:

    --- a/Makefile.PL
    +++ b/Makefile.PL
    @@ -1,6 +1,7 @@
    use strict;
    use warnings;
    use Inline::MakeMaker;
    +use Config;

    sub MY::libscan {
    return if ($_[1] eq 'USB.pm' or $_[1] eq 'dump_usb.pl');
    @@ -88,6 +89,8 @@
    test => {
    TESTS => 't/*.t xt/*.t',
    },
    + CCFLAGS => "$Config{ccflags} $ENV{CFLAGS} $ENV{CPPFLAGS}",
    + LDFLAGS => "$Config{lddlflags} $ENV{LDFLAGS}",
    );


    $Config{lddlflags} is '-shared -L/usr/local/lib
    -fstack-protector-strong', so this should fix the "-shared" part.


    Cheers,
    gregor

    --
    .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
    : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
    `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
    `- NP: Element of Crime: Moonlight

    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmB8Xc9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
    RTE
  • From =?utf-8?Q?=C3=89tienne?= Mollier@21:1/5 to All on Sun Apr 18 19:00:02 2021
    gregor herrmann, on 2021-04-18 18:26:48 +0200:
    On Sun, 18 Apr 2021 17:43:19 +0200, Étienne Mollier wrote:
    But maybe there are better options than my implementation, I'm
    not exactly happy of the -shared I had to manually append to
    LDDLFLAGS in the C.pm, and the various FLAGS behavior in Inline
    is not especially clear without having the manual at hand.

    From some of the patches we have in the perl team:

    --- a/Makefile.PL
    +++ b/Makefile.PL
    @@ -1,6 +1,7 @@
    use strict;
    use warnings;
    use Inline::MakeMaker;
    +use Config;

    sub MY::libscan {
    return if ($_[1] eq 'USB.pm' or $_[1] eq 'dump_usb.pl');
    @@ -88,6 +89,8 @@
    test => {
    TESTS => 't/*.t xt/*.t',
    },
    + CCFLAGS => "$Config{ccflags} $ENV{CFLAGS} $ENV{CPPFLAGS}",
    + LDFLAGS => "$Config{lddlflags} $ENV{LDFLAGS}",
    );


    $Config{lddlflags} is '-shared -L/usr/local/lib
    -fstack-protector-strong', so this should fix the "-shared" part.

    Hi Gregor,

    Thanks, I'll also take the merge of CPPFLAGS into CFLAGS, since
    Salsa CI and blhc reminded me about the missing flag. The minor
    is issue is fixed in my last push. Flags should be properly
    caught now.

    As a side note, apparently Inline is only able to use the C
    preprocessor when combined to Inline::Filters tuned to
    "Preprocessor", which does not seem available in Debian; maybe
    some more prospective work[1].

    [1]: https://metacpan.org/pod/Inline::Filters

    Have a nice day, :)
    --
    Étienne Mollier <etienne.mollier@mailoo.org>
    Fingerprint: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
    Sent from /dev/pts/2, please excuse my verbosity.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmB8Y0YACgkQeTz2fo8N EdqnpBAAiiJFaqBS+vRM54pgtQ4X52WGLDoDz7hfRSPI1kWgTIvf3LFK3Z+4i+3W 2Fdi/v2bLAYLgIKiyi8VrkdhthDYivjJG0RqwOLqm/B0ENda0/wiAhKTG2ZjznMV ATM+lpgYENHjKfsiOrf2T1Px1qt2IeLY36s0JXDfy5M68bq2oMzlR8JZNY75kmT7 UHK3VBLA9YpxQJRgbXrMXOhxOIik9r0ypbAk73WWYVBLoj9h+qR7HY+U3Mjl2gg0 Y8EsYCo7sqVnznuyhkZ0ze6Cyassx6sVi9jsoynLkkSuo2Z4wln2542LWu+hxjo5 WoC8fuwczHrIzNxCTJ5jYbA5dmyZWOCY69GudLyNWebiYmJL4NgCgXSbfw9HwcRA fUur3XfcBufVRQ6G9Ade6NduOKJwB6CcsXTKjE4LRJRRyXKU1C7oO0t1gL6eLlz/ eVsEcqd4tyT6rdflme18AvyUd65KUQ2A/wuJVa8HYlwEP8DvDQVoQJHQxyerIDEs 6nVwTurEJBqoKoV93WXTH1jT1HOuQ80VLCkhdliUUU3nJvzMBRITL7BDIjg6p2L7 1OT8xij4Qu0HE8bdnTq+sWMFfD5IIL4JfvZ9tC4So7GrNCshuD2God6B0BC6NSnV uSsuznIkk9s/wxTP2Jy5IiEcYAEMm0JlCgj9U1NNXsgHiO6wCv0=
    =DfyQ
    -----END PGP SIGNATURE-----

    --