Re: [PATCH] Makefile: Enable _FORTIFY_SOURCE iff needed

On 8/29/24 19:03, Stefano Brivio wrote:

On Thu, 29 Aug 2024 16:16:03 +0200 Michal Privoznik wrote:

...

On some systems source fortification is enabled whenever code optimization is enabled (e.g. with -O2). Since code fortification is explicitly enabled too (with possibly different value than the system wants, there are three levels [1]), distros are required to patch our Makefile, e.g. [2].

Hah, thanks for the patch, I would have never guessed. I just tried this on Alpine and, also there, gcc enables -D_FORTIFY_SOURCE=2 by default, while it's not the case on Debian and Fedora.

...

Detect whether fortification is not already enabled and enable it explicitly only if really needed.

1: https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html 2: https://github.com/gentoo/gentoo/commit/edfeb8763ac56112c59248c62c9cda13e5d0...

Rahil, I'm going to apply this in a bit, once it's released you can drop Makefile-2024.03.20.patch (I didn't understand why you needed that patch and I forgot to ask, but Michal just explained).

Gentoo actually have so called live ebuilds - recipes to install an app from its git. And seeing a patch applied on top of git made me write this patch. Anyway, PR posted here: https://github.com/gentoo/gentoo/pull/38342 Michal