https://bugzilla.redhat.com/show_bug.cgi?id=1753837 --- Comment #5 from Michal Schorm <mschorm@xxxxxxxxxx> --- (In reply to Jerry James from comment #4) > > 2) It's better to use the %{set_build_flags}, instead of just %{optflags}. > > As you can see e.g. here: > > https://src.fedoraproject.org/rpms/mariadb-connector-c/blob/master/f/mariadb- > > connector-c.spec#_78 > > I don't see how that can be used in this case. The whole point is to add > -DLIBDIVIDE_SSE2 to the build flags when an x86 architecture is in use. > Otherwise, we let the %cmake macro set the build flags. Am I missing > something? Let me explain: The code you use now: | %build | %ifarch %{ix86} x86_64 | export CFLAGS="%{optflags} -DLIBDIVIDE_SSE2" | export CXXFLAGS="$CFLAGS" | %endif If the IF-CLAUSE fail (other than x86 arch), it will result in a situation, when you don't have set any flags. | CFLAGS: | CXXFLAGS: | LDFLAGS: | FCFLAGS: If the IF-CLAUSE succeed (it is x86 arch), it will set only some of the flags. | CFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions | -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 | -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DLIBDIVIDE_SSE2 | CXXFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions | -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 | -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DLIBDIVIDE_SSE2 | LDFLAGS: | FCFLAGS: And if you would use the %{set_build_flags} macro, it would *first* set all of the Fedora common build flags: | CFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions | -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 | -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection | CXXFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions | -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 | -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection | LDFLAGS: -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld | FCFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions | -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 | -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -I/usr/lib64/gfortran/modules and than, you would change / append some on the arches you want. So there are generally 3 things I believe you missed: 1) You don't use propper flags on non x86 arches 2) You don't use propper flags on all arches (e.g. LDFLAGS) (thus you build binaries e.g. less secure than what Fedora project aims for) 3) As far as I know, the %{set_build_flags} is 'The right way' to set the flags. The point is that some bunch of wise folks agreed upon a set of flags; so they are IMHO expected to be used. The %{optflags} is just a subset of them. Even though, I haven't found the %{set_build_flags} to be required to use; it surely is an added value you can bring to Fedora with minimal effort, making it (both Fedora and your binaries) more stable, secure, and tuned. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
