- Added -fPIE to QMAKE_CFLAGS and QMAKE_CXXFLAGS for position-independent code. - Ensured consistent security compilation flags across all project files.

[dengzhongyuan365-dev]

• Added -fPIE to QMAKE_CFLAGS and QMAKE_CXXFLAGS for position-independent code.
  • Ensured consistent security compilation flags across all project files.

Summary by Sourcery

Enhancements:

• Add '-fPIE' to QMAKE_CFLAGS and QMAKE_CXXFLAGS and remove redundant '-fPIC' from QMAKE_LFLAGS in app.pro, libdbm.pro, and service.pro to enforce uniform hardening settings across the project.

[sourcery-ai]

Reviewer's Guide

This PR standardizes security and PIE compilation flags across all QMake project files by removing redundant PIC options and adding PIE support to both C and C++ compilation flags.

File-Level Changes

Change	Details	Files
Remove redundant -fPIC from linker flags	Dropped '-fPIC' from QMAKE_LFLAGS in each project file Retained '-pie' option for PIE linking	src/app/app.pro src/libdbm/libdbm.pro src/service/service.pro
Enable position-independent code compilation	Appended '-fPIE' to QMAKE_CFLAGS Appended '-fPIE' to QMAKE_CXXFLAGS	src/app/app.pro src/libdbm/libdbm.pro src/service/service.pro

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @dengzhongyuan365-dev - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:
## Individual Comments

### Comment 1
<location> `src/libdbm/libdbm.pro:12` </location>
<code_context>
-QMAKE_CFLAGS += -fstack-protector-all
-QMAKE_CXXFLAGS += -fstack-protector-all
+QMAKE_LFLAGS += -z noexecstack -pie -z relro -z now
+QMAKE_CFLAGS += -fstack-protector-all -fPIE
+QMAKE_CXXFLAGS += -fstack-protector-all -fPIE

 ## 添加内存泄露检测
</code_context>

<issue_to_address>
Using -fPIE for static libraries is unnecessary and may cause portability issues.

-fPIE should be used for executables, not libraries. For static libraries, use -fPIC or omit -fPIE to avoid toolchain issues.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[github-actions]

TAG Bot

TAG: 6.0.5
EXISTED: no
DISTRIBUTION: unstable

[dengzhongyuan365-dev]

/forcemerge

[deepin-bot]

This pr force merged! (status: unstable)

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dengzhongyuan365-dev, lzwind

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dengzhongyuan365-dev, lzwind

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dengzhongyuan365-dev, lzwind

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-ci-robot]

deepin pr auto review

代码审查意见：

1. 编译参数更新：

   • 在app.pro、libdbm.pro、service.pro和libxsys.pro文件中，编译参数-fstack-protector-all被添加到了QMAKE_CFLAGS和QMAKE_CXXFLAGS中，这是一个好的安全措施，可以防止栈溢出攻击。但是，-fPIE和-fPIC参数在libdbm.pro和libxsys.pro中被添加了两次，应该检查是否有重复的添加。

2. 日志记录：

   • 在changelog文件中，添加了关于更新编译参数的日志记录，这是一个好的做法，有助于追踪代码变更和问题解决。

3. 代码风格：

   • 在changelog文件中，日期和时间格式应该保持一致，建议使用YYYY-MM-DD格式，例如Thu, 19 Jun 2025 16:44:18 +0800。

4. 安全性：

   • -z noexecstack参数用于防止栈溢出攻击，这是一个重要的安全措施，应该保留在编译参数中。

5. 代码质量：

   • 在libdbm.pro和libxsys.pro中，-fPIC参数应该只在需要生成位置无关代码（例如共享库）时使用，如果这些库不需要被动态加载，则不需要添加-fPIC参数。

6. 性能：

   • -fPIE和-fPIC参数可以提高程序的地址空间随机化，从而提高安全性，但也会增加编译时间和运行时开销。如果性能是一个关键考虑因素，应该评估这些参数对性能的影响。

综上所述，代码的总体改动是合理的，但需要注意编译参数的重复添加和代码风格的统一。