From: Ian Jackson <ian.jackson@citrix.com>
Date: Tue, 4 Feb 2020 14:11:10 +0000 (+0000)
Subject: debian/rules: Set DEB_BUILD_MAINT_OPTIONS in shell
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~67
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=aea75949fba1d7e4d72a91cd2ffbfb2f6b48eb76;p=xen.git

debian/rules: Set DEB_BUILD_MAINT_OPTIONS in shell

This makes these hardening options actually effective.

Closes: #939560 (1/3)
Reported-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Ian Jackson <ian.jackson@citrix.com>
---

diff --git a/debian/rules b/debian/rules
index b96017a7ba..fdf68805b4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,7 +16,10 @@ SHELL    := bash -e
 # of them are sane to use in the hypervisor context, rather than
 # simply in userland binaries.
 #
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+# Inexplicably, if you tell make `export V=value' and `$(shell ...)'
+# it does not pass V to the shell.  WTF.  So we set a variable
+# dbmo which we include in the relevant $(shell ...) invocations.
+dbmo= DEB_BUILD_MAINT_OPTIONS=hardening=+all
 
 # Architecture handling.
 #
@@ -127,9 +130,9 @@ export WGET=/bin/false GIT=/bin/false
 
 t=$(PWD)/debian/tmp
 
-dpkg_CFLAGS   := $(shell dpkg-buildflags --get CFLAGS)
-dpkg_CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS)
-dpkg_LDFLAGS  := $(shell dpkg-buildflags --get LDFLAGS)
+dpkg_CFLAGS   := $(shell $(dbmo) dpkg-buildflags --get CFLAGS)
+dpkg_CPPFLAGS := $(shell $(dbmo) dpkg-buildflags --get CPPFLAGS)
+dpkg_LDFLAGS  := $(shell $(dbmo) dpkg-buildflags --get LDFLAGS)
 
 make_args_xen= $(make_args_common) \
 	XEN_COMPILE_ARCH=$(xen_arch_$(DEB_BUILD_ARCH)) \