DEB_BUILD_MAINT_OPTIONS=hardening=+pie breaks shared library builds
If the pie hardening option is enabled, then dpkg-buildflags --get
LDFLAGS emits:
-fPIE -pie -Wl,-z,relro
According to the dpkg-buildflags man page:
LDFLAGS
Options passed to the compiler when linking executables or
shared objects
Unfortunate the linker will blow up if -fPIE is specified:
(cd elfshared; gcc --shared -o libcom_err.so.2.1 \
-L../../../lib -fPIE -pie -Wl,-z,relro \
-Wl,-soname,libcom_err.so.2 error_message.o et_name.o init_et.o com_err.o com_right.o -lpthread)
/usr/lib/gcc/x86_64-linux-gnu/5/../../../x86_64-linux-gnu/Scrt1.o: In function `_start':
(.text+0x20): undefined reference to `main'
collect2: error: ld returned 1 exit status
Should I file a bug against dpkg-buildflags? Or the
hardening-includes package? What is the suggested workaround if you
have a package that has both executables and shared libraries, and you
want to enable pie hardening for the executables?
Thanks,
- Ted
Reply to: