dpkg-buildflags.man 21 KB


  1. .\" dpkg manual page - dpkg-buildflags(1)
  2. .\"
  3. .\" Copyright © 2010-2011 Raphaël Hertzog <hertzog@debian.org>
  4. .\" Copyright © 2011 Kees Cook <kees@debian.org>
  5. .\" Copyright © 2011-2015 Guillem Jover <guillem@debian.org>
  6. .\"
  7. .\" This is free software; you can redistribute it and/or modify
  8. .\" it under the terms of the GNU General Public License as published by
  9. .\" the Free Software Foundation; either version 2 of the License, or
  10. .\" (at your option) any later version.
  11. .\"
  12. .\" This is distributed in the hope that it will be useful,
  13. .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. .\" GNU General Public License for more details.
  16. .\"
  17. .\" You should have received a copy of the GNU General Public License
  18. .\" along with this program. If not, see <https://www.gnu.org/licenses/>.
  19. .
  20. .TH dpkg\-buildflags 1 "%RELEASE_DATE%" "%VERSION%" "dpkg suite"
  21. .nh
  22. .SH NAME
  23. dpkg\-buildflags \- returns build flags to use during package build
  24. .
  25. .SH SYNOPSIS
  26. .B dpkg\-buildflags
  27. .RI [ option "...] [" command ]
  28. .
  29. .SH DESCRIPTION
  30. \fBdpkg\-buildflags\fP is a tool to retrieve compilation flags to use during
  31. build of Debian packages.
  32. .
  33. The default flags are defined by the vendor but they can be
  34. extended/overridden in several ways:
  35. .IP 1.
  36. system-wide with \fB%PKGCONFDIR%/buildflags.conf\fP;
  37. .IP 2.
  38. for the current user with \fB$XDG_CONFIG_HOME/dpkg/buildflags.conf\fP
  39. where \fB$XDG_CONFIG_HOME\fP defaults to \fB$HOME/.config\fP;
  40. .IP 3.
  41. temporarily by the user with environment variables (see section
  42. \fBENVIRONMENT\fP);
  43. .IP 4.
  44. dynamically by the package maintainer with environment variables set via
  45. \fBdebian/rules\fP (see section \fBENVIRONMENT\fP).
  46. .P
  47. The configuration files can contain four types of directives:
  48. .TP
  49. .BI SET " flag value"
  50. Override the flag named \fIflag\fP to have the value \fIvalue\fP.
  51. .TP
  52. .BI STRIP " flag value"
  53. Strip from the flag named \fIflag\fP all the build flags listed in \fIvalue\fP.
  54. .TP
  55. .BI APPEND " flag value"
  56. Extend the flag named \fIflag\fP by appending the options given in \fIvalue\fP.
  57. A space is prepended to the appended value if the flag's current value is non-empty.
  58. .TP
  59. .BI PREPEND " flag value"
  60. Extend the flag named \fIflag\fP by prepending the options given in \fIvalue\fP.
  61. A space is appended to the prepended value if the flag's current value is non-empty.
  62. .P
  63. The configuration files can contain comments on lines starting with a hash
  64. (#). Empty lines are also ignored.
  65. .SH COMMANDS
  66. .TP
  67. .BI \-\-dump
  68. Print to standard output all compilation flags and their values. It prints
  69. one flag per line separated from its value by an equal sign
  70. (“\fIflag\fP=\fIvalue\fP”). This is the default action.
  71. .TP
  72. .BI \-\-list
  73. Print the list of flags supported by the current vendor
  74. (one per line). See the \fBSUPPORTED FLAGS\fP section for more
  75. information about them.
  76. .TP
  77. .BI \-\-status
  78. Display any information that can be useful to explain the behaviour of
  79. \fBdpkg\-buildflags\fP (since dpkg 1.16.5): relevant environment variables,
  80. current vendor, state of all feature flags.
  81. Also print the resulting compiler flags with their origin.
  82. This is intended to be run from \fBdebian/rules\fP, so that the build log
  83. keeps a clear trace of the build flags used. This can be useful to diagnose
  84. problems related to them.
  85. .TP
  86. .BI \-\-export= format
  87. Print to standard output commands that can be used to export all the
  88. compilation flags for some particular tool. If the \fIformat\fP value is not
  89. given, \fBsh\fP is assumed. Only compilation flags starting with an
  90. upper case character are included, others are assumed to not be suitable
  91. for the environment. Supported formats:
  92. .RS
  93. .TP
  94. .B sh
  95. Shell commands to set and export all the compilation flags in the
  96. environment. The flag values are quoted so the output is ready for
  97. evaluation by a shell.
  98. .TP
  99. .B cmdline
  100. Arguments to pass to a build program's command line to use all the
  101. compilation flags (since dpkg 1.17.0). The flag values are quoted in
  102. shell syntax.
  103. .TP
  104. .B configure
  105. This is a legacy alias for \fBcmdline\fP.
  106. .TP
  107. .B make
  108. Make directives to set and export all the compilation flags in the
  109. environment. Output can be written to a makefile fragment and
  110. evaluated using an \fBinclude\fP directive.
  111. .RE
  112. .TP
  113. .BI \-\-get " flag"
  114. Print the value of the flag on standard output. Exits with 0
  115. if the flag is known otherwise exits with 1.
  116. .TP
  117. .BI \-\-origin " flag"
  118. Print the origin of the value that is returned by \fB\-\-get\fP. Exits
  119. with 0 if the flag is known otherwise exits with 1. The origin can be one
  120. of the following values:
  121. .RS
  122. .TP
  123. .B vendor
  124. the original flag set by the vendor is returned;
  125. .TP
  126. .B system
  127. the flag is set/modified by a system-wide configuration;
  128. .TP
  129. .B user
  130. the flag is set/modified by a user-specific configuration;
  131. .TP
  132. .B env
  133. the flag is set/modified by an environment-specific configuration.
  134. .RE
  135. .TP
  136. .BI \-\-query\-features " area"
  137. Print the features enabled for a given area (since dpkg 1.16.2).
  138. The only currently recognized
  139. areas on Debian and derivatives are \fBqa\fP, \fBreproducible\fP,
  140. \fBsanitize\fP and \fBhardening\fP, see the \fBFEATURE AREAS\fP
  141. section for more details.
  142. Exits with 0 if the area is known otherwise exits with 1.
  143. .IP
  144. The output is in RFC822 format, with one section per feature.
  145. For example:
  146. .IP
  147. .nf
  148. Feature: pie
  149. Enabled: yes
  150. Feature: stackprotector
  151. Enabled: yes
  152. .fi
  153. .TP
  154. .B \-\-help
  155. Show the usage message and exit.
  156. .TP
  157. .B \-\-version
  158. Show the version and exit.
  159. .
  160. .SH SUPPORTED FLAGS
  161. .TP
  162. .B CFLAGS
  163. Options for the C compiler. The default value set by the vendor
  164. includes \fB\-g\fP and the default optimization level (\fB\-O2\fP usually,
  165. or \fB\-O0\fP if the \fBDEB_BUILD_OPTIONS\fP environment variable defines
  166. \fInoopt\fP).
  167. .TP
  168. .B CPPFLAGS
  169. Options for the C preprocessor. Default value: empty.
  170. .TP
  171. .B CXXFLAGS
  172. Options for the C++ compiler. Same as \fBCFLAGS\fP.
  173. .TP
  174. .B OBJCFLAGS
  175. Options for the Objective C compiler. Same as \fBCFLAGS\fP.
  176. .TP
  177. .B OBJCXXFLAGS
  178. Options for the Objective C++ compiler. Same as \fBCXXFLAGS\fP.
  179. .TP
  180. .B GCJFLAGS
  181. Options for the GNU Java compiler (gcj). A subset of \fBCFLAGS\fP.
  182. .TP
  183. .B FFLAGS
  184. Options for the Fortran 77 compiler. A subset of \fBCFLAGS\fP.
  185. .TP
  186. .B FCFLAGS
  187. Options for the Fortran 9x compiler. Same as \fBFFLAGS\fP.
  188. .TP
  189. .B LDFLAGS
  190. Options passed to the compiler when linking executables or shared
  191. objects (if the linker is called directly, then
  192. .B \-Wl
  193. and
  194. .B ,
  195. have to be stripped from these options). Default value: empty.
  196. .PP
  197. New flags might be added in the future if the need arises (for example
  198. to support other languages).
  199. .
  200. .SH FEATURE AREAS
  201. .P
  202. Each area feature can be enabled and disabled in the \fBDEB_BUILD_OPTIONS\fP
  203. and \fBDEB_BUILD_MAINT_OPTIONS\fP environment variable's area value with the
  204. ‘\fB+\fP’ and ‘\fB\-\fP’ modifier.
  205. For example, to enable the \fBhardening\fP “pie” feature and disable the
  206. “fortify” feature you can do this in \fBdebian/rules\fP:
  207. .P
  208. export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,\-fortify
  209. .P
  210. The special feature \fBall\fP (valid in any area) can be used to enable or
  211. disable all area features at the same time.
  212. Thus disabling everything in the \fBhardening\fP area and enabling only
  213. “format” and “fortify” can be achieved with:
  214. .P
  215. export DEB_BUILD_MAINT_OPTIONS=hardening=\-all,+format,+fortify
  216. .
  217. .SS qa
  218. Several compile-time options (detailed below) can be used to help detect
  219. problems in the source code or build system.
  220. .TP
  221. .B bug
  222. This setting (disabled by default) adds any warning option that reliably
  223. detects problematic source code. The warnings are fatal.
  224. The only currently supported flags are \fBCFLAGS\fP and \fBCXXFLAGS\fP
  225. with flags set to \fB\-Werror=array\-bounds\fP, \fB\-Werror=clobbered\fP,
  226. \fB\-Werror=implicit\-function\-declaration\fP and
  227. \fB\-Werror=volatile\-register\-var\fP.
  228. .
  229. .TP
  230. .B canary
  231. This setting (disabled by default) adds dummy canary options to the build
  232. flags, so that the build logs can be checked for how the build flags
  233. propagate and to allow finding any omission of normal build flag settings.
  234. The only currently supported flags are \fBCPPFLAGS\fP, \fBCFLAGS\fP,
  235. \fBOBJCFLAGS\fP, \fBCXXFLAGS\fP and \fBOBJCXXFLAGS\fP with flags set
  236. to \fB\-D__DEB_CANARY_\fP\fIflag\fP_\fIrandom-id\fP\fB__\fP, and
  237. \fBLDFLAGS\fP set to \fB\-Wl,\-z,deb-canary\-\fP\fIrandom-id\fP.
  238. .
  239. .SS sanitize
  240. Several compile-time options (detailed below) can be used to help sanitize
  241. a resulting binary against memory corruptions, memory leaks, use after free,
  242. threading data races and undefined behavior bugs.
  243. .TP
  244. .B address
  245. This setting (disabled by default) adds \fB\-fsanitize=address\fP to
  246. \fBLDFLAGS\fP and \fB\-fsanitize=address \-fno\-omit\-frame\-pointer\fP to
  247. \fBCFLAGS\fP and \fBCXXFLAGS\fP.
  248. .TP
  249. .B thread
  250. This setting (disabled by default) adds \fB\-fsanitize=thread\fP to
  251. \fBCFLAGS\fP, \fBCXXFLAGS\fP and \fBLDFLAGS\fP.
  252. .TP
  253. .B leak
  254. This setting (disabled by default) adds \fB\-fsanitize=leak\fP to
  255. \fBLDFLAGS\fP. It gets automatically disabled if either the \fBaddress\fP
  256. or the \fBthread\fP features are enabled, as they imply it.
  257. .TP
  258. .B undefined
  259. This setting (disabled by default) adds \fB\-fsanitize=undefined\fP to
  260. \fBCFLAGS\fP, \fBCXXFLAGS\fP and \fBLDFLAGS\fP.
  261. .SS hardening
  262. Several compile-time options (detailed below) can be used to help harden
  263. a resulting binary against memory corruption attacks, or provide
  264. additional warning messages during compilation.
  265. Except as noted below, these are enabled by default for architectures
  266. that support them.
  267. .TP
  268. .B format
  269. This setting (enabled by default) adds
  270. .B \-Wformat \-Werror=format\-security
  271. to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBOBJCFLAGS\fP and \fBOBJCXXFLAGS\fP.
  272. This will warn about improper format
  273. string uses, and will fail when format functions are used in a way
  274. that represent possible security problems. At present, this warns about
  275. calls to \fBprintf\fP and \fBscanf\fP functions where the format string is
  276. not a string literal and there are no format arguments, as in
  277. \fBprintf(foo);\fP instead of \fPprintf("%s", foo);\fP
  278. This may be a security hole if the format string came from untrusted
  279. input and contains ‘%n’.
  280. .
  281. .TP
  282. .B fortify
  283. This setting (enabled by default) adds
  284. .B \-D_FORTIFY_SOURCE=2
  285. to \fBCPPFLAGS\fP. During code generation the compiler
  286. knows a great deal of information about buffer sizes (where possible), and
  287. attempts to replace insecure unlimited length buffer function calls with
  288. length-limited ones. This is especially useful for old, crufty code.
  289. Additionally, format strings in writable memory that contain ‘%n’ are
  290. blocked. If an application depends on such a format string, it will need
  291. to be worked around.
  292. Note that for this option to have any effect, the source must also
  293. be compiled with \fB\-O1\fP or higher. If the environment variable
  294. \fBDEB_BUILD_OPTIONS\fP contains \fInoopt\fP, then \fBfortify\fP
  295. support will be disabled, due to new warnings being issued by
  296. glibc 2.16 and later.
  297. .TP
  298. .B stackprotector
  299. This setting (enabled by default if stackprotectorstrong is not in use) adds
  300. .B \-fstack\-protector \-\-param=ssp\-buffer\-size=4
  301. to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBOBJCFLAGS\fP, \fBOBJCXXFLAGS\fP,
  302. \fBGCJFLAGS\fP, \fBFFLAGS\fP and \fBFCFLAGS\fP.
  303. This adds safety checks against stack
  304. overwrites. This renders many potential code injection attacks into
  305. aborting situations. In the best case this turns code injection
  306. vulnerabilities into denial of service or into non-issues (depending on
  307. the application).
  308. This feature requires linking against glibc (or another provider of
  309. \fB__stack_chk_fail\fP), so needs to be disabled when building with
  310. \fB\-nostdlib\fP or \fB\-ffreestanding\fP or similar.
  311. .
  312. .TP
  313. .B stackprotectorstrong
  314. This setting (enabled by default) adds
  315. .B \-fstack\-protector\-strong
  316. to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBOBJCFLAGS\fP, \fBOBJCXXFLAGS\fP,
  317. \fBGCJFLAGS\fP, \fBFFLAGS\fP and \fBFCFLAGS\fP.
  318. This is a stronger variant of \fBstackprotector\fP, but without significant
  319. performance penalties.
  320. Disabling \fBstackprotector\fP will also disable this setting.
  321. This feature has the same requirements as \fBstackprotector\fP, and in
  322. addition also requires gcc 4.9 and later.
  323. .
  324. .TP
  325. .B relro
  326. This setting (enabled by default) adds
  327. .B \-Wl,\-z,relro
  328. to \fBLDFLAGS\fP. During program load, several ELF memory sections need
  329. to be written to by the linker. This flags the loader to turn these
  330. sections read-only before turning over control to the program. Most
  331. notably this prevents GOT overwrite attacks. If this option is disabled,
  332. \fBbindnow\fP will become disabled as well.
  333. .
  334. .TP
  335. .B bindnow
  336. This setting (disabled by default) adds
  337. .B \-Wl,\-z,now
  338. to \fBLDFLAGS\fP. During program load, all dynamic symbols are resolved,
  339. allowing for the entire PLT to be marked read-only (due to \fBrelro\fP
  340. above). The option cannot become enabled if \fBrelro\fP is not enabled.
  341. .
  342. .TP
  343. .B pie
  344. This setting (with no default since dpkg 1.18.23, and injected by default
  345. by gcc on the amd64, arm64, armel, armhf, i386, kfreebsd-amd64, kfreebsd-i386,
  346. mips, mipsel, mips64el, ppc64el, s390x, sparc and sparc64 Debian architectures)
  347. adds the required options via gcc specs files if
  348. needed to enable or disable PIE. When enabled and injected by gcc,
  349. adds nothing. When enabled and not injected by gcc, adds \fB\-fPIE\fP
  350. to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBOBJCFLAGS\fP, \fBOBJCXXFLAGS\fP,
  351. \fBGCJFLAGS\fP, \fBFFLAGS\fP and \fBFCFLAGS\fP, and \fB\-fPIE \-pie\fP
  352. to \fBLDFLAGS\fP. When disabled and injected by gcc, adds \fB\-fno\-PIE\fP
  353. to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBOBJCFLAGS\fP, \fBOBJCXXFLAGS\fP,
  354. \fBGCJFLAGS\fP, \fBFFLAGS\fP and \fBFCFLAGS\fP, and
  355. \fB\-fno\-PIE \-no\-pie\fP to \fBLDFLAGS\fP.
  356. Position Independent
  357. Executable are needed to take advantage of Address Space Layout
  358. Randomization, supported by some kernel versions. While ASLR can already
  359. be enforced for data areas in the stack and heap (brk and mmap), the code
  360. areas must be compiled as position-independent. Shared libraries already
  361. do this (\fB\-fPIC\fP), so they gain ASLR automatically, but binary .text
  362. regions need to be build PIE to gain ASLR. When this happens, ROP (Return
  363. Oriented Programming) attacks are much harder since there are no static
  364. locations to bounce off of during a memory corruption attack.
  365. PIE is not compatible with \fB\-fPIC\fP, so in general care must be taken
  366. when building shared objects. But because the PIE flags emitted get injected
  367. via gcc specs files, it should always be safe to unconditionally set them
  368. regardless of the object type being compiled or linked.
  369. Static libraries can be used by programs or other shared libraries.
  370. Depending on the flags used to compile all the objects within a static
  371. library, these libraries will be usable by different sets of objects:
  372. .RS
  373. .TP
  374. none
  375. Cannot be linked into a PIE program, nor a shared library.
  376. .TP
  377. .B \-fPIE
  378. Can be linked into any program, but not a shared library (recommended).
  379. .TP
  380. .B \-fPIC
  381. Can be linked into any program and shared library.
  382. .RE
  383. .IP
  384. If there is a need to set these flags manually, bypassing the gcc specs
  385. injection, there are several things to take into account. Unconditionally
  386. and explicitly passing \fB\-fPIE\fP, \fB\-fpie\fP or \fB\-pie\fP to a
  387. build-system using libtool is safe as these flags will get stripped
  388. when building shared libraries.
  389. Otherwise on projects that build both programs and shared libraries you
  390. might need to make sure that when building the shared libraries \fB\-fPIC\fP
  391. is always passed last (so that it overrides any previous \fB\-PIE\fP) to
  392. compilation flags such as \fBCFLAGS\fP, and \fB\-shared\fP is passed last
  393. (so that it overrides any previous \fB\-pie\fP) to linking flags such as
  394. \fBLDFLAGS\fP. \fBNote:\fP This should not be needed with the default
  395. gcc specs machinery.
  396. .IP
  397. Additionally, since PIE is implemented via a general register, some
  398. register starved architectures (but not including i386 anymore since
  399. optimizations implemented in gcc >= 5) can see performance losses of up to
  400. 15% in very text-segment-heavy application workloads; most workloads
  401. see less than 1%. Architectures with more general registers (e.g. amd64)
  402. do not see as high a worst-case penalty.
  403. .SS reproducible
  404. The compile-time options detailed below can be used to help improve
  405. build reproducibility or provide additional warning messages during
  406. compilation. Except as noted below, these are enabled by default for
  407. architectures that support them.
  408. .TP
  409. .B timeless
  410. This setting (enabled by default) adds
  411. .B \-Wdate\-time
  412. to \fBCPPFLAGS\fP.
  413. This will cause warnings when the \fB__TIME__\fP, \fB__DATE__\fP and
  414. \fB__TIMESTAMP__\fP macros are used.
  415. .
  416. .TP
  417. .B fixdebugpath
  418. This setting (enabled by default) adds
  419. .BI \-fdebug\-prefix\-map= BUILDPATH =.
  420. to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBOBJCFLAGS\fP, \fBOBJCXXFLAGS\fP,
  421. \fBGCJFLAGS\fP, \fBFFLAGS\fP and \fBFCFLAGS\fP where \fBBUILDPATH\fP is
  422. set to the top-level directory of the package being built.
  423. This has the effect of removing the build path from any generated debug
  424. symbols.
  425. .
  426. .SH ENVIRONMENT
  427. There are 2 sets of environment variables doing the same operations, the
  428. first one (DEB_\fIflag\fP_\fIop\fP) should never be used within
  429. \fBdebian/rules\fP. It's meant for any user that wants to rebuild the
  430. source package with different build flags. The second set
  431. (DEB_\fIflag\fP_MAINT_\fIop\fP) should only be used in \fBdebian/rules\fP
  432. by package maintainers to change the resulting build flags.
  433. .TP
  434. .BI DEB_ flag _SET
  435. .TQ
  436. .BI DEB_ flag _MAINT_SET
  437. This variable can be used to force the value returned for the given
  438. \fIflag\fP.
  439. .TP
  440. .BI DEB_ flag _STRIP
  441. .TQ
  442. .BI DEB_ flag _MAINT_STRIP
  443. This variable can be used to provide a space separated list of options
  444. that will be stripped from the set of flags returned for the given
  445. \fIflag\fP.
  446. .TP
  447. .BI DEB_ flag _APPEND
  448. .TQ
  449. .BI DEB_ flag _MAINT_APPEND
  450. This variable can be used to append supplementary options to the value
  451. returned for the given \fIflag\fP.
  452. .TP
  453. .BI DEB_ flag _PREPEND
  454. .TQ
  455. .BI DEB_ flag _MAINT_PREPEND
  456. This variable can be used to prepend supplementary options to the value
  457. returned for the given \fIflag\fP.
  458. .TP
  459. .B DEB_BUILD_OPTIONS
  460. .TQ
  461. .B DEB_BUILD_MAINT_OPTIONS
  462. These variables can be used by a user or maintainer to disable/enable
  463. various area features that affect build flags.
  464. The \fBDEB_BUILD_MAINT_OPTIONS\fP variable overrides any setting in the
  465. \fBDEB_BUILD_OPTIONS\fP feature areas.
  466. See the \fBFEATURE AREAS\fP section for details.
  467. .TP
  468. .B DEB_VENDOR
  469. This setting defines the current vendor.
  470. If not set, it will discover the current vendor by reading
  471. \fB%PKGCONFDIR%/origins/default\fP.
  472. .TP
  473. .B DEB_BUILD_PATH
  474. This variable sets the build path (since dpkg 1.18.8) to use in features
  475. such as \fBfixdebugpath\fP so that they can be controlled by the caller.
  476. This variable is currently Debian and derivatives-specific.
  477. .
  478. .SH FILES
  479. .SS Configuration files
  480. .TP
  481. .B %PKGCONFDIR%/buildflags.conf
  482. System wide configuration file.
  483. .TP
  484. .BR $XDG_CONFIG_HOME/dpkg/buildflags.conf " or "
  485. .TQ
  486. .BR $HOME/.config/dpkg/buildflags.conf
  487. User configuration file.
  488. .SS Packaging support
  489. .TP
  490. .B %PKGDATADIR%/buildflags.mk
  491. Makefile snippet that will load (and optionally export) all flags
  492. supported by \fBdpkg-buildflags\fP into variables (since dpkg 1.16.1).
  493. .
  494. .SH EXAMPLES
  495. To pass build flags to a build command in a makefile:
  496. .PP
  497. .RS 4
  498. .nf
  499. $(MAKE) $(shell dpkg\-buildflags \-\-export=cmdline)
  500. \&./configure $(shell dpkg\-buildflags \-\-export=cmdline)
  501. .fi
  502. .RE
  503. .PP
  504. To set build flags in a shell script or shell fragment, \fBeval\fP can be
  505. used to interpret the output and to export the flags in the environment:
  506. .PP
  507. .RS 4
  508. .nf
  509. eval "$(dpkg\-buildflags \-\-export=sh)" && make
  510. .fi
  511. .RE
  512. .PP
  513. or to set the positional parameters to pass to a command:
  514. .PP
  515. .RS 4
  516. .nf
  517. eval "set \-\- $(dpkg\-buildflags \-\-export=cmdline)"
  518. for dir in a b c; do (cd $dir && ./configure "$@" && make); done
  519. .fi
  520. .RE
  521. .
  522. .SS Usage in debian/rules
  523. You should call \fBdpkg\-buildflags\fP or include \fBbuildflags.mk\fP
  524. from the \fBdebian/rules\fP file to obtain the needed build flags to
  525. pass to the build system.
  526. Note that older versions of \fBdpkg\-buildpackage\fP (before dpkg 1.16.1)
  527. exported these flags automatically. However, you should not rely on this,
  528. since this breaks manual invocation of \fBdebian/rules\fP.
  529. .PP
  530. For packages with autoconf-like build systems, you can pass the relevant
  531. options to configure or \fBmake\fP(1) directly, as shown above.
  532. .PP
  533. For other build systems, or when you need more fine-grained control
  534. about which flags are passed where, you can use \fB\-\-get\fP. Or you
  535. can include \fBbuildflags.mk\fP instead, which takes care of calling
  536. \fBdpkg\-buildflags\fP and storing the build flags in make variables.
  537. .PP
  538. If you want to export all buildflags into the environment (where they
  539. can be picked up by your build system):
  540. .PP
  541. .RS 4
  542. .nf
  543. DPKG_EXPORT_BUILDFLAGS = 1
  544. include %PKGDATADIR%/buildflags.mk
  545. .fi
  546. .RE
  547. .PP
  548. For some extra control over what is exported, you can manually export
  549. the variables (as none are exported by default):
  550. .PP
  551. .RS 4
  552. .nf
  553. include %PKGDATADIR%/buildflags.mk
  554. export CPPFLAGS CFLAGS LDFLAGS
  555. .fi
  556. .RE
  557. .PP
  558. And you can of course pass the flags to commands manually:
  559. .PP
  560. .RS 4
  561. .nf
  562. include %PKGDATADIR%/buildflags.mk
  563. build\-arch:
  564. \& $(CC) \-o hello hello.c $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)
  565. .fi
  566. .RE