CXXFLAGS not always used during build leads to missing hardening features
Steps to reproduce
$ curl -o icmake-13.02.00.tar.gz https://gitlab.com/fbb-git/icmake/-/archive/13.01.00/icmake-13.01.00.tar.gz
$ tar -xf icmake-13.02.00.tar.gz
$ cd icmake-13.02.00/icmake/
$ export CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -Wp,-D_GLIBCXX_ASSERTIONS -g -ffile-prefix-map=/build/icmake/src=/usr/src/debug/icmake -flto=auto"
$ ./prepare /
$ ./buildlib /
$ ICMAKE_CPPSTD="-std=c++26" ./build all
$ readelf -n tmp/usr/bin/icmake
Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x00000030 NT_GNU_PROPERTY_TYPE_0
Properties: x86 ISA needed: x86-64-baseline
x86 feature used: x86, XMM
x86 ISA used: x86-64-baseline
Displaying notes found in: .note.gnu.build-id
Owner Data size Description
GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
Build ID: ab1ced5ec649451d06c4074d224e5ed90a866d82
Displaying notes found in: .note.ABI-tag
Owner Data size Description
GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
OS: Linux, ABI: 4.4.0expected:
readelf -n tmp/usr/bin/icmake
Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x00000040 NT_GNU_PROPERTY_TYPE_0
Properties: x86 feature: IBT, SHSTK
x86 ISA needed: x86-64-baseline
x86 feature used: x86, XMM
x86 ISA used: x86-64-baseline
Displaying notes found in: .note.gnu.build-id
Owner Data size Description
GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
Build ID: 0b9eef60a73c36aa5435e73c5d4757a0f07acda0
Displaying notes found in: .note.ABI-tag
Owner Data size Description
GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
OS: Linux, ABI: 4.4.0Note the missing x86 feature: IBT, SHSTK. I believe this is due to CXXFLAGS not being passed to g++ in icmake/buildscripts/multicomp and icmake/buildscripts/precomp.