Every package MUST honour the compiler flags when building. Honouring means that the compiler that is compiling code is actually using them.
They are set in the environment in CFLAGS and CXXFLAGS environment variables.
Hardening
By default, code that is created by the IPFire compiler is hardened. In particular we have -fstack-protector-all and -fPIE enabled.
PIE
All libraries and binaries MUST be compiled with -fPIC. The quality-agent won't accept code that is not compiled in that way.
In some cases, it is required to disable it in the compiler in order to create code, that is NOT running in the userspace (Linux kernel, bootloaders, memtest, etc.). In that case, add -fno-PIE to the compiler flags.
Stack Smashing Protector
All the code is compiled with -fstack-protector-all.
In the same circumstances as in the PIE section, it may be required to disable that feature. Add -fno-stack-protector to the compiler flags.
Altering CFLAGS
It is not recommended to alter CFLAGS in any other cases than described above.
If you need to, ask the distribution maintainers and add a comment to the makefile.
Additional optimization
It is strongly discouraged to turn on experimental flags like -ffast-math or -O3.
If you can prove significant increase of performance on the compiled code you need to document that in the makefile.
Safe flags to use
-fno-strict-aliasing
Some code cannot be strictly aliased (turned on by -O2). You will notice numerous compiler warnings. In that case, it is safe to add -fno-strict-aliasing to the compiler flags.