debian/rules: add hardening=+all

Because of dpkg-buildflags we already get most of the hardening
features, +all adds -fPIE and ld -z now

Thanks: Simon Ruderich, Markus Waldeck

diff --git a/debian/rules b/debian/rules
index c7b5aa3..f031cfd 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -21,9 +21,12 @@ endif
 -include build/environment.mak
 
 ifneq (,$(shell which dpkg-buildflags))
-  export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS)
-  export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
-  export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS)
+  # make does not export to $(shell) so we need to workaround 
+  # (http://savannah.gnu.org/bugs/?10593)
+  dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags
+  export CXXFLAGS = $(shell $(dpkg_buildflags) --get CXXFLAGS)
+  export LDFLAGS = $(shell $(dpkg_buildflags) --get LDFLAGS)
+  export CPPFLAGS = $(shell $(dpkg_buildflags) --get CPPFLAGS)
 else
   ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
     export CXXFLAGS = -O0 -g -Wall