Re: Bug#845193: dpkg: recent -specs PIE changes break openssl
Guillem Jover dixit:
>> Yes, but they *do* break anything that
>> - acts on the CFLAGS (and LDFLAGS) variables
>> - uses klcc or other compiler wrappers that don't understand -specs
>> - uses clang or pcc or whatever other compilers
>The default dpkg build flags have always been tied to the specific
>language compiler version currently marked as the default (for C that
>would currently be gcc-6).
Sure, but we do have other compilers and compiler wrappers in the
archive, and packages are using them.
>As long as gcc enables PIE on a subset, there will be need to inject
>some form of specs on either subset of those arches, either on
>hardening=+pie or on hardening=-pie, pick yout poison. :(
>> Either are *much* better than the current way.
>Well you and me both, I'm just adapting the dpkg-buildflags to the
>current gcc situation. :/
This sounds to me like we should reassign this to GCC (and remove
all the… well, “offending”, no offence intended, code from dpkg).
>Having a subset of architectures is a pain for maintainers as they
True, so GCC should just enable it on all architectures where it
at all works.
>Well I think we should be enabling all hardening flags directly in
>gcc, but now that we have the specs files I guess it would not be
>too bad to enable them just in dpkg, but I agree either would be
OK, thank you.
"Using Lynx is like wearing a really good pair of shades: cuts out
the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
-- Henry Nelson, March 1999