Subject: Re: overly forceful checking of CFLAGS vs CPPFLAGS?

Re: overly forceful checking of CFLAGS vs CPPFLAGS?

From: Peter Pentchev <>
Date: Fri, 26 Jun 2015 17:15:15 +0300

On Fri, Jun 26, 2015 at 11:32:44AM -0000, Karl Palsson wrote:
> Hi,
> in OpenWRT projects like FORTIFY_SOURCE have been making inroads, but
> c-ares has been a bit of a hiccup. Nothing major, but I'm trying to
> keep local changes to packages as minimal as possible, so I wanted to
> bring this up here.
> The autotools macro m4/xc-val-flgs.m4 is, in my opinion, rather
> excessively forceful on aborting the build if it finds any -D flags in
> CFLAGS, when it wants them to be only in CPPFLAGS.
> Does this _really_ need to be a fatal error? (Does it even need to be
> checking this at all?)

Hm, it's not my place to speak for the c-ares authors and maintainers,
but IMHO, at least to the second question, yes - if a project supports
a separation between CPPFLAGS and CFLAGS, then -I, -U, -D and friends
should indeed be passed in CPPFLAGS. One of the major reasons for that
is that there are some build tools that only use CPPFLAGS and then try
to #include stuff or perform feature tests; the same features should be
enabled for them as for the actual program build.

At least in Debian, the hardening support is split pretty much evenly

[roam_at_straylight ~]$ dpkg-buildflags --get CPPFLAGS
[roam_at_straylight ~]$ dpkg-buildflags --get CFLAGS
-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
[roam_at_straylight ~]$ dpkg-buildflags --get LDFLAGS
[roam_at_straylight ~]$

So, yes, preprocessor flags are passed in CPPFLAGS, C compiler
directives go into CFLAGS, and instructions to the linker - in LDFLAGS.

> See and the two different
> approaches there.


Peter Pentchev
PGP key:
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

Received on 2015-06-26