Re: [PATCH] Makefile: Enable _FORTIFY_SOURCE iff needed

On 8/29/24 19:03, Stefano Brivio wrote:
...
  On Thu, 29 Aug 2024 16:16:03 +0200
 Michal Privoznik <mprivozn(a)redhat.com> wrote:
 
  On some systems source fortification is enabled
whenever code
 optimization is enabled (e.g. with -O2). Since code fortification
 is explicitly enabled too (with possibly different value than the
 system wants, there are three levels [1]), distros are required
 to patch our Makefile, e.g. [2]. 
 
 Hah, thanks for the patch, I would have never guessed. I just tried
 this on Alpine and, also there, gcc enables -D_FORTIFY_SOURCE=2 by
 default, while it's not the case on Debian and Fedora.
 
  Detect whether fortification is not already
enabled and enable it
 explicitly only if really needed.

 1: https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html
 2: https://github.com/gentoo/gentoo/commit/edfeb8763ac56112c59248c62c9cda13e5d…
 
 Rahil, I'm going to apply this in a bit, once it's released you can
 drop Makefile-2024.03.20.patch (I didn't understand why you needed that
 patch and I forgot to ask, but Michal just explained). 
Gentoo actually have so called live ebuilds - recipes to install an app
from its git. And seeing a patch applied on top of git made me write
this patch.

Anyway, PR posted here:

https://github.com/gentoo/gentoo/pull/38342

Michal