I saw this situation from the firefox build: * strip-flags: CFLAGS: changed '-march=x86-64 -msse4.2 -fno-strict-overflow -fstack-protector-all -fstack-check=specific' to '-march=x86-64 -fno-strict-overflow -fstack-protector-all' it deleted -fstack-check=specific -fstack-check=specific comes from the current hardened gcc setup we have: # gcc -E -v - </dev/null 2>&1 | sed -n 's/.* -v - //p' -fno-strict-overflow -mtune=generic -march=x86-64 -fPIE -fstack-protector-all -fstack-check=specific So while I want to replicate an hardened build of some package via package.env, strip-flags deleted something. Do you think is fine/safe have it in ALLOWED_FLAGS?
sounds fine: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=009a9bb650c015c3d9c9eeb9c484d0c8eb12d168