Subject: Re: overly forceful checking of CFLAGS vs CPPFLAGS?

Re: overly forceful checking of CFLAGS vs CPPFLAGS?

From: Peter Pentchev <roam_at_ringlet.net>
Date: Fri, 26 Jun 2015 17:15:15 +0300

On Fri, Jun 26, 2015 at 11:32:44AM -0000, Karl Palsson wrote:
>
> Hi,
>
> in OpenWRT projects like FORTIFY_SOURCE have been making inroads, but
> c-ares has been a bit of a hiccup. Nothing major, but I'm trying to
> keep local changes to packages as minimal as possible, so I wanted to
> bring this up here.
>
> The autotools macro m4/xc-val-flgs.m4 is, in my opinion, rather
> excessively forceful on aborting the build if it finds any -D flags in
> CFLAGS, when it wants them to be only in CPPFLAGS.
>
> Does this _really_ need to be a fatal error? (Does it even need to be
> checking this at all?)

Hm, it's not my place to speak for the c-ares authors and maintainers,
but IMHO, at least to the second question, yes - if a project supports
a separation between CPPFLAGS and CFLAGS, then -I, -U, -D and friends
should indeed be passed in CPPFLAGS. One of the major reasons for that
is that there are some build tools that only use CPPFLAGS and then try
to #include stuff or perform feature tests; the same features should be
enabled for them as for the actual program build.

At least in Debian, the hardening support is split pretty much evenly
among CPPFLAGS, CFLAGS, and LDFLAGS:

[roam_at_straylight ~]$ dpkg-buildflags --get CPPFLAGS
-D_FORTIFY_SOURCE=2
[roam_at_straylight ~]$ dpkg-buildflags --get CFLAGS
-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
[roam_at_straylight ~]$ dpkg-buildflags --get LDFLAGS
-Wl,-z,relro
[roam_at_straylight ~]$

So, yes, preprocessor flags are passed in CPPFLAGS, C compiler
directives go into CFLAGS, and instructions to the linker - in LDFLAGS.

> See https://github.com/openwrt/packages/pull/1464 and the two different
> approaches there.

G'luck,
Peter

-- 
Peter Pentchev  roam_at_ringlet.net roam_at_FreeBSD.org p.penchev_at_storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

Received on 2015-06-26