Mailinglist Archive: opensuse-packaging (75 mails)

< Previous Next >
Re: [opensuse-packaging] Lightweight buffer overflow handling in 10.0 / Factory
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Fri, 13 Jan 2006 10:24:30 +0100
  • Message-id: <20060113092430.GA25370@xxxxxxx>
> Thanks for that information, I'll try to fix them all from now on.
> Sometimes I do, sometimes I don't, depends on the number (and the time I have ;)).
> I'll do my best to fix them all from now on.
> Hopefully upstream will pick up the patches.
> Could it be possible to have a "packager corner" on the opensuse wiki and post stuff like that over
> there ? Would be helpful when we submit patches to upstream, we can give them a link to your
> explanation, which should give some weight to the patches ;)

This should be in the package howto ... not sure if it is there.

> > * Make sure your package uses RPM_OPT_FLAGS for compiling C and C++
> > code.
> > There is still a number of package that does not do this.
> > I have run a heuristics (grep ;) over all our autobuild logfiles
> > to find such offenders.
> Yeah, indeed, still happens sometimes.
> A very stupid trick, but works pretty well: when I compile the sources for the first time (to gather
> information to write the spec file), I pass -DXXXXXXXXXXXXXXXXXXXXXXXXXXXX (or something like that)
> to CFLAGS/CXXFLAGS. It's very easy to see whether it's used when the source is compiling ;)) (and it
> doesn't have any side effects).

I have a similar check included in our checkscripts.

> > NOTE! There might be reasons you can't use RPM_OPT_FLAGS,
> > or that only matches for package internal buildtools where found.
> > These are cases where the heuristic failed.
> > This is no official endorsement of RPM_OPT_FLAGS (yet).
> What do you mean with "no official endorsement of RPM_OPT_FLAGS yet" ?

We can make our buildsystem fail the packagebuild on certain conditions.
One of them could be "not using RPM_OPT_FLAGS". Unfortunately there are
still too many of those packages that do not use them.

Note that this mail was sent to our internal packagers and was meant for
them. It is only for your information for external packagers ;)

Ciao, Marcus

< Previous Next >
Follow Ups