From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=EVhXdJU8;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTP id AC6915A004C
	for <passt-dev@passt.top>; Fri, 30 Aug 2024 09:54:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1725004466;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=DYm68l56MJvWUd6TxsMZ8iOX/pqdwwVhnD2rscetMrA=;
	b=EVhXdJU8Y72kmQuXiRN+A4pIiFkEeI2D2d58EVNg39x2Dic4f/dF+VZrvWhnN/2mv5ZkFm
	5DUOOSdxA7/2lZyRA+UQQvYtsNFtYToJfZKGTQXoxeR4RWkY8OtogOjV3DlZMrvVzdFNMk
	5ZKiZwkoPtXH3Q+N0lBOBpTbZ4kP2Gc=
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-121-0aogm6QzO7i1KwkYIZbUeA-1; Fri, 30 Aug 2024 03:54:22 -0400
X-MC-Unique: 0aogm6QzO7i1KwkYIZbUeA-1
Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-42bb2efc0b5so7820525e9.0
        for <passt-dev@passt.top>; Fri, 30 Aug 2024 00:54:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1725004461; x=1725609261;
        h=content-transfer-encoding:in-reply-to:content-language:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=DYm68l56MJvWUd6TxsMZ8iOX/pqdwwVhnD2rscetMrA=;
        b=c6fy49NSv3Tvs63h12jFq3Vzpi21xcBeVKbGURIKJjAZzK2MY3o6M2XZ76TGO67xMc
         icRKJTb2cOLYKk6i4Y5TWGMAIyIMVBy5nx5XA3ldZJBkeZNWKdJS2SsVB3VoWfezpu1s
         ZqNr++fth09ZHae0QHQJIAJRZS2fxlJAD6p8Oum6KEuV8ynSIP6LnZ0QKgsQDDIPB6II
         GmX5G3s7E5g8Ys7RlCoMAQsjI00RjXKERjbKjkeINM6s5ybsatG/O2pS1b7726uUQ2yZ
         th5BqLqGWlU/jRhDnXY4yIFN+8pdk+E+yXq6wDlLVbCKO/TNJu73zc9GCf1eLORKKqlK
         pqTA==
X-Gm-Message-State: AOJu0Yw0XZT5+B169oJ1HDDB0gpnG5PAZXkAkz0MKm8Yo/lG/NFvo6Mx
	jl8Akw+WJaT5Q5OewptSMDVMzCmNii/t8UswVBGkhVUx5PleO02FvEZbv82Kj1QIR/HPeMdUV/Y
	bK7/so2IJ94JNnSVPEY9d3wRm43EeidPdn1bGfSHtOPY32eL/jQ==
X-Received: by 2002:a5d:6086:0:b0:36d:255e:39b0 with SMTP id ffacd0b85a97d-374a918b936mr771904f8f.14.1725004461230;
        Fri, 30 Aug 2024 00:54:21 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IE7qpGd3XSD355ySFZFl7FOS/A8y3od27lQAmnTEPbdxjjuFIVIcct7YDzY6QK7oD/X4MW4ig==
X-Received: by 2002:a5d:6086:0:b0:36d:255e:39b0 with SMTP id ffacd0b85a97d-374a918b936mr771887f8f.14.1725004460727;
        Fri, 30 Aug 2024 00:54:20 -0700 (PDT)
Received: from [10.43.3.102] (nat-pool-brq-t.redhat.com. [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3749ee9c48csm3250459f8f.51.2024.08.30.00.54.19
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 30 Aug 2024 00:54:20 -0700 (PDT)
Message-ID: <d6e816ae-ba63-4d24-b62b-157fcc636b20@redhat.com>
Date: Fri, 30 Aug 2024 09:54:20 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH] Makefile: Enable _FORTIFY_SOURCE iff needed
To: Stefano Brivio <sbrivio@redhat.com>
References: <6f3c749d01ab15eea130ddd6d879b3c7b60e191f.1724940903.git.mprivozn@redhat.com>
 <20240829190321.1743a5b4@elisabeth>
From: =?UTF-8?B?TWljaGFsIFByw612b3puw61r?= <mprivozn@redhat.com>
In-Reply-To: <20240829190321.1743a5b4@elisabeth>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Message-ID-Hash: ULIVPYZYK7KYAIV66SIVBDYK3N4T7UIH
X-Message-ID-Hash: ULIVPYZYK7KYAIV66SIVBDYK3N4T7UIH
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Rahil Bhimjiani <me@rahil.rocks>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/d6e816ae-ba63-4d24-b62b-157fcc636b20@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/ULIVPYZYK7KYAIV66SIVBDYK3N4T7UIH/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On 8/29/24 19:03, Stefano Brivio wrote:
> On Thu, 29 Aug 2024 16:16:03 +0200
> Michal Privoznik <mprivozn@redhat.com> wrote:
> 
>> On some systems source fortification is enabled whenever code
>> optimization is enabled (e.g. with -O2). Since code fortification
>> is explicitly enabled too (with possibly different value than the
>> system wants, there are three levels [1]), distros are required
>> to patch our Makefile, e.g. [2].
> 
> Hah, thanks for the patch, I would have never guessed. I just tried
> this on Alpine and, also there, gcc enables -D_FORTIFY_SOURCE=2 by
> default, while it's not the case on Debian and Fedora.
> 
>> Detect whether fortification is not already enabled and enable it
>> explicitly only if really needed.
>>
>> 1: https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html
>> 2: https://github.com/gentoo/gentoo/commit/edfeb8763ac56112c59248c62c9cda13e5d01c97
> 
> Rahil, I'm going to apply this in a bit, once it's released you can
> drop Makefile-2024.03.20.patch (I didn't understand why you needed that
> patch and I forgot to ask, but Michal just explained).

Gentoo actually have so called live ebuilds - recipes to install an app
from its git. And seeing a patch applied on top of git made me write
this patch.

Anyway, PR posted here:

https://github.com/gentoo/gentoo/pull/38342

Michal