1 |
Jason Zaman schrieb: |
2 |
>> No. With -Werror, upstream indicates that if a warning occurs, the build |
3 |
>> should fail and the resulting code not be installed on user systems. |
4 |
>> |
5 |
>> Instead, someone knowledgeable should look at the situation *first* and |
6 |
>> determine whether it is a bogus warning, a trivial issue, or something which |
7 |
>> warrants further attention. |
8 |
>> |
9 |
>> I have long disagreed with QA policy on this, and think that ebuilds should |
10 |
>> respect upstream here. Of course giving users the ability to override. |
11 |
> |
12 |
> I disagree. -Werror means that upstream wants it to build without |
13 |
> warnings on their distro with their version of the compiler with their |
14 |
> versions of all the libraries. |
15 |
|
16 |
It means, upstream wants it to build without warnings everywhere. And if a |
17 |
warning occurs (due to change in compiler, libraries, architecture, etc.), |
18 |
have a developer look at it first before installing the code on user systems. |
19 |
|
20 |
> There are things that upstream absolutely should be setting which make a |
21 |
> big difference for security like FORTIFY_SOURCE but hardened already has |
22 |
> that set so I get this and thus basically everything would fail to |
23 |
> compile. |
24 |
> |
25 |
> $ gcc -O1 -D_FORTIFY_SOURCE=2 foo.c |
26 |
> <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined |
27 |
> <built-in>: note: this is the location of the previous definition |
28 |
> |
29 |
> This all on amd64 too. If we start with other arches or cross compilers |
30 |
> or other things then -Werror is just not possible. |
31 |
|
32 |
But you have looked at the issue, decided that it is harmless, and can now |
33 |
make this particular warning non-fatal. Or report upstream, so they can do |
34 |
the Right Thing™ and don't redefine. |
35 |
|
36 |
$ gcc -O1 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 foo.c |
37 |
|
38 |
That is all what is desired. |
39 |
|
40 |
|
41 |
Best regards, |
42 |
Chí-Thanh Christopher Nguyễn |