Arch Linux

Description:

Recently, I had a very annoying bug caused by hardening-wrapper and I spent several hours to find why I couldn't compile the package influxdb from the AUR : influxdb build process stops with an error if your kernel was compiled with hardening-wrapper installed. The weird detail is that hardening-wrapper can be installed when compiling influxdb, but not during the kernel compilation !

So, after the incident I looked at the source of hardening-wrapper on https://github.com/thestinger/hardening-wrapper and now my questions are :

Is hardening-wrapper still useful ? I am wondering because:
- the default values used nowadays in /etc/makepkg.conf for CPPFLAGS, CFLAGS and CXXFLAGS are close to the default values in /etc/hardening-wrapper.conf.
- hardening-wrapper is not required by many packages

Is it safe to remove hardening-wrapper, even if I have to compile nginx ?

Also, if I put all variables to zero in /etc/hardening-wrapper.conf, it is exactly the same as uninstalling the package ? I don't fully understand the source code so I am not sure. I don't want to remove the default flags given by /etc/makepkg.conf.

I really don't want to have another hard-to-find bug during compilation, or worse, when programs are running...

Of course, thanks for your work on Archlinux.org !

Regards

Additional info:
* package version(s) : 10-1
* default config