Bug#1113774: Disabling -fcf-protection in sudo for bookworm

To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: Christoph Berg <myon@debian.org>, Marcos Del Sol Vives <marcos@orca.pet>, 1113774@bugs.debian.org
Subject: Bug#1113774: Disabling -fcf-protection in sudo for bookworm
From: Helmut Grohne <helmut@subdivi.de>
Date: Fri, 26 Sep 2025 16:10:46 +0200
Message-id: <[🔎] 20250926141046.GA2662@subdivi.de>
Reply-to: Helmut Grohne <helmut@subdivi.de>, 1113774@bugs.debian.org
In-reply-to: <[🔎] aNaFpbA4P1DeTEVG@torres.zugschlus.de>
References: <[🔎] 0ef6f9b2-e5ed-4f4d-b08f-b2d4a5fd6255@orca.pet> <[🔎] 20250902162812.GA342841@subdivi.de> <[🔎] be775cf1-2b1f-4772-bfb5-0c8234cb14bf@orca.pet> <[🔎] 20250903114252.GA3814119@subdivi.de> <[🔎] 0ef6f9b2-e5ed-4f4d-b08f-b2d4a5fd6255@orca.pet> <[🔎] e42710b5-8907-4f23-b0c8-a021069eff90@orca.pet> <[🔎] aNQoKbFGnuZwSdwU@msg.df7cb.de> <[🔎] aNUt5YtLBX4bXA1a@torres.zugschlus.de> <[🔎] 20250926091108.GA4148893@subdivi.de> <[🔎] aNaFpbA4P1DeTEVG@torres.zugschlus.de> <[🔎] 0ef6f9b2-e5ed-4f4d-b08f-b2d4a5fd6255@orca.pet>

Hi Marc,

On Fri, Sep 26, 2025 at 02:23:01PM +0200, Marc Haber wrote:
> I would consider a failed built a non-identical result. Am I being naive
> here?

You can do that, but you need to use the exact same debian/changelog.
Otherwise your SOURCE_DATE_EPOCH will differ and that'll likely change
the binary. Cross building will not help you, because the cross
toolchain presently imposes build-id differences. You may use a
porterbox to build the package twice (with and without the patch but
without changing d/changelog). Alternatively, debusine.debian.net (I'm
being compensated for working on that) also has native arm builders and
you might upload packages there for comparison.

Helmut

Reply to:

Follow-Ups:
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

References:
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Marcos Del Sol Vives <marcos@orca.pet>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Helmut Grohne <helmut@subdivi.de>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Marcos Del Sol Vives <marcos@orca.pet>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Helmut Grohne <helmut@subdivi.de>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Marcos Del Sol Vives <marcos@orca.pet>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Christoph Berg <myon@debian.org>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Helmut Grohne <helmut@subdivi.de>
- Bug#1113774: Disabling -fcf-protection in sudo for bookworm
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

Prev by Date: Bug#1113774: Disabling -fcf-protection in sudo for bookworm
Next by Date: Bug#1113774: Disabling -fcf-protection in sudo for bookworm
Previous by thread: Bug#1113774: Disabling -fcf-protection in sudo for bookworm
Next by thread: Bug#1113774: Disabling -fcf-protection in sudo for bookworm
Index(es):
- Date
- Thread