On Friday, July 10, 2020 7:06 PM, Eli Schwartz via arch-dev-public <arch-dev-public@xxxxxxxxxxxxx> wrote:
> On 7/10/20 2:38 PM, Jan Alexander Steffens (heftig) via arch-dev-public
> wrote:
>
> > From: "Jan Alexander Steffens (heftig)" heftig@xxxxxxxxxxxxx
> > I recently read Fedora's documentation on build flags and I think
> > they have some useful ideas.
> >
> > 1. Move -D_FORTIFY_SOURCE=2 from CPPFLAGS to CFLAGS using -Wp:
> > Unfortunately, there are still build systems (e.g. CMake, homegrown
> > Makefile rules) which use CFLAGS but not CPPFLAGS. Ultimately, we can
> > cover more code with this workaround.
> >
>
> Sounds like a job for
>
> build() {
> export CFLAGS="$CPPFLAGS $CFLAGS"
> ...
> }
>
> (I do not understand how -Wp, helps here, its purpose is only to prevent
> the compiler driver from reinterpreting it before passing it to the
> preprocessor, and only if you have special needs and believe it will
> mangle your flags. -D_FORTIFY_SOURCE sounds sufficiently boring to say
> it won't be mangled.)
IIRC main concern against -D_FORTIFY_SOURCE in CFLAGS (made by Allan?) was about purity of passing preprocessor flags only to preprocessor. I think using "Wp" prefix for fortify solves purity issue.
Side note: can you get rid of "-march=x86-64 -mtune=generic" which are default options for gcc on x86_64? It would be easier to read buildflags without this useless spam especially when they will be extended by other meaningful things.
Yours sincerely
G. K.
