Toll Free Numbers
  • Last 5 Forum Topics
    Last post

The Web Only This Site



  • MARC

    Mailing list ARChives
    - Search by -


    Computing Dictionary

  • Text Link Ads
  • LINUX man pages
  • Linux Man Page Viewer

    The following form allows you to view linux man pages.





           dpkg-buildflags [option...] [command]


           dpkg-buildflags  is  a tool to retrieve compilation flags to use during
           build of Debian packages.  The default flags are defined by the  vendor
           but they can be extended/overriden in several ways:
           1.     system-wide with /etc/dpkg/buildflags.conf;
           2.     for  the current user with $XDG_CONFIG_HOME/dpkg/buildflags.conf
                  where $XDG_CONFIG_HOME defaults to $HOME/.config;
           3.     temporarily by the user with environment variables (see  section
           4.     dynamically by the package maintainer with environment variables
                  set via debian/rules (see section ENVIRONMENT).
           The configuration files can contain two types of directives:
           SET flag value
                  Override the flag named flag to have the value value.
           STRIP flag value
                  Strip from the flag named flag all the  build  flags  listed  in
           APPEND flag value
                  Extend  the  flag  named  flag by appending the options given in
                  value.  A space is prepended to the appended value if the flag's
                  current value is non-empty.
           PREPEND flag value
                  Extend  the  flag  named flag by prepending the options given in
                  value.  A space is appended to the prepended value if the flag's
                  current value is non-empty.
           The  configuration  files can contain comments on lines starting with a
           hash (#). Empty lines are also ignored.


           --dump Print to standard output all compilation flags and their values.
                  It prints one flag per line separated from its value by an equal
                  sign ("flag=value"). This is the default action.
           --list Print the list of flags supported by the current vendor (one per
                  line).  See  the  SUPPORTED  FLAGS  section for more information
                  about them.
                  Print to standard output shell (if format is  sh)  or  make  (if
                  can be one of the following values:
                  vendor the original flag set by the vendor is returned;
                  system the flag is set/modified by a system-wide configuration;
                  user   the  flag  is  set/modified by a user-specific configura-
                  env    the flag is set/modified by an environment-specific  con-
           --help Show the usage message and exit.
                  Show the version and exit.


           CFLAGS Options  for the C compiler. The default value set by the vendor
                  includes -g and the default optimization level (-O2 usually,  or
                  -O0   if  the  DEB_BUILD_OPTIONS  environment  variable  defines
                  Options for the C preprocessor. Default value: empty.
                  Options for the C++ compiler. Same as CFLAGS.
           FFLAGS Options for the Fortran compiler. Same as CFLAGS.
                  Options passed to  the  compiler  when  linking  executables  or
                  shared objects (if the linker is called directly, then -Wl and ,
                  have to be stripped from these options). Default value: empty.


                  System wide configuration file.
           $XDG_CONFIG_HOME/dpkg/buildflags.conf   or    $HOME/.config/dpkg/build-
                  User configuration file.


           There are 2 sets of environment variables doing  the  same  operations,
           the  first  one (DEB_flag_op) should never be used within debian/rules.
           It's meant for any user that wants to rebuild the source  package  with
           different  build  flags. The second set (DEB_flag_MAINT_op) should only
           be used in debian/rules by package maintainers to change the  resulting
           build flags.
                  DEB_flag_MAINT_PREPEND This variable can be used to prepend sup-
                  plementary options to the value returned for the given flag.
                  This variable can be used to  disable/enable  various  hardening
                  build flags through the hardening option. See the HARDENING sec-
                  tion for details.


           Several compile-time options (detailed  below)  can  be  used  to  help
           harden a resulting binary against memory corruption attacks, or provide
           additional warning messages during compilation. Except as noted  below,
           these are enabled by default for architectures that support them.
           Each   hardening   feature   can   be   enabled  and  disabled  in  the
           DEB_BUILD_MAINT_OPTIONS environment variable's hardening value with the
           "+" and "-" modifier. For example, to enable the "pie" feature and dis-
           able the "fortify" feature you can do this in debian/rules:
             export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,-fortify
           The special feature all can be used to enable or disable all  hardening
           features  at the same time. Thus disabling everything and enabling only
           "format" and "fortify" can be achieved with:
             export DEB_BUILD_MAINT_OPTIONS=hardening=-all,+format,+fortify
           format This setting (enabled by default) adds  -Wformat  -Wformat-secu-
                  rity  -Werror=format-security  to CFLAGS and CXXFLAGS. This will
                  warn about improper format string uses, and will fail when  for-
                  mat  functions  are  used  in a way that that represent possible
                  security problems. At present, this warns about calls to  printf
                  and scanf functions where the format string is not a string lit-
                  eral and there are  no  format  arguments,  as  in  printf(foo);
                  instead of printf("%s", foo); This may be a security hole if the
                  format string came from untrusted input and contains "%n".
                  This setting (enabled by default)  adds  -D_FORTIFY_SOURCE=2  to
                  CPPFLAGS. During code generation the compiler knows a great deal
                  of information about buffer sizes (where possible), and attempts
                  to  replace insecure unlimited length buffer function calls with
                  length-limited ones. This is especially useful for  old,  crufty
                  code.  Additionally, format strings in writable memory that con-
                  tain '%n' are blocked. If an application depends on such a  for-
                  mat string, it will need to be worked around.
                  Note  that  for  this option to have any effect, the source must
                  also be compiled with -O1 or higher.
                  This  setting  (enabled  by  default)   adds   -fstack-protector
                  Most notably this prevents GOT overwrite attacks.
                  This  setting  (disabled by default) adds -Wl,-z,now to LDFLAGS.
                  During program load, all dynamic symbols are resolved,  allowing
                  for  the entire PLT to be marked read-only (due to relro above).
           pie    This setting (disabled by default)  adds  -fPIE  to  CFLAGS  and
                  CXXFLAGS,  and  -fPIE -pie to LDFLAGS. Position Independent Exe-
                  cutable are needed to take advantage  of  Address  Space  Layout
                  Randomization, supported by some kernel versions. While ASLR can
                  already be enforced for data areas in the stack  and  heap  (brk
                  and  mmap), the code areas must be compiled as position-indepen-
                  dent. Shared libraries already do this  (-fPIC),  so  they  gain
                  ASLR  automatically,  but  binary .text regions need to be build
                  PIE to gain ASLR. When this happens, ROP (Return  Oriented  Pro-
                  gramming)  attacks  are  much  harder  since there are no static
                  locations to bounce off of during a memory corruption attack.
                  This is not compatible with -fPIC so care  must  be  taken  when
                  building shared objects.
                  Additionally,  since  PIE is implemented via a general register,
                  some architectures  (most  notably  i386)  can  see  performance
                  losses of up to 15% in very text-segment-heavy application work-
                  loads; most workloads see less than 1%. Architectures with  more
                  general  registers  (e.g. amd64) do not see as high a worst-case


           Copyright (C) 2010-2011 Raphael Hertzog
           Copyright (C) 2011 Kees Cook
           This is free software; see the GNU General Public Licence version 2  or
           later for copying conditions. There is NO WARRANTY.

    Debian Project 2011-09-13 dpkg-buildflags(1)


  • Linux

    The Distributions


    The Software


    The News


  • Toll Free

Toll Free Numbers
Copyright © 1999 - 2016 by LinuxGuruz