mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-22 02:48:08 +01:00
debian: enable build hardening features
Debian's build hardening toolchain options produce binary artifacts that are more resistant to compromise. The most visible change for notmuch today is likely to be the addition of the "bindnow" linker flag, which contributes to making the "Global Offset Table" fully read-only. See https://wiki.debian.org/Hardening for more details. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
00c63bf736
commit
cd733b079f
1 changed files with 2 additions and 0 deletions
2
debian/rules
vendored
2
debian/rules
vendored
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
python3_all = py3versions -s | xargs -n1 | xargs -t -I {} env {}
|
python3_all = py3versions -s | xargs -n1 | xargs -t -I {} env {}
|
||||||
|
|
||||||
|
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
|
||||||
|
|
||||||
%:
|
%:
|
||||||
dh $@ --with python2,python3,elpa
|
dh $@ --with python2,python3,elpa
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue