#!/usr/bin/make -f

# The binary is installed setgid "games", so enable the full hardening set.
# In particular this turns on bindnow, which (together with the default relro)
# gives full RELRO; the dpkg default only enables partial RELRO.
export DEB_BUILD_MAINT_OPTIONS = hardening=+all

%:
	dh $@

# The upstream Makefile assigns CFLAGS unconditionally (clobbering whatever
# debhelper exports) and never references CPPFLAGS, so the dpkg-buildflags
# hardening (FORTIFY_SOURCE, -fstack-protector-strong, ...) was being dropped.
# The Makefile does expand an otherwise-empty $(MOREOPTS) at the end of CFLAGS
# and uses $(LDFLAGS) at link time. We therefore feed the compile/preprocess
# flags in through MOREOPTS, while the LDFLAGS exported by debhelper keep
# applying to the link step unchanged.
override_dh_auto_build:
	dh_auto_build -- MOREOPTS="$(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS)"