[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Porter roll call for Debian Stretch


2016-08-21 8:22 GMT+02:00 Niels Thykier <niels@thykier.net>:
> Kurt Roeckx:
>> On Wed, Aug 17, 2016 at 10:05:06PM +0200, niels@thykier.net wrote:
>>>  * If we were to enable -fPIE/-pie by default in GCC-6, should that change
>>>    also apply to this port? [0]
>> If -fPIE is the default will -fPIC override it?
>> It will also default to tell the linker to use -pie, but then
>> don't do it when you want to create a shared library?
> I believe so.  At least, Ubuntu made PIE default in their compiler
> without having to change all SO packages to still build.
> Admittedly, it could also be that GCC uses some built "compiler spec"
> files for this case (a la an implicit "-specs=$FILE"), which are similar
> to those Redhat uses for this purposes (see [1] for an example of such
> files).
> Regardless, it seems to "just work(TM)" if you pass the proper flags
> when compiling your SOs.
>>>From what I understand, depending on what the .o file is going to
>> be used for you want different things:
>> - shared library: -fPIC
>> - executable: -fPIC or -fPIE both work, but prefer -fPIE
>> - static library: Same as executables
>> For static libraries we now have a policy to not use -fPIC,
>> should that then get replaced by using -fPIE?
>> Kurt
> Honestly, I had not thought about that.  From the looks of it, de facto
> we will end up with -fPIE being the default for static libraries as well.
>   I would be supporting that change on the assumption that it requires
> less work from individual maintainers (and presumably has no notable
> downsides in the final result).

I'm testing a set of patches [2] for gcc and dpkg which enable bindnow for all
arches and PIE for amd64, ppc64el and s390x in sync with Ubuntu.

My assumption was that this set of architectures need the least amount of
additional work since they are tested already in Ubuntu, but I would be happy
if more ports would opt in for PIE.

I plan filing wishlist bugs against dpkg and gcc with the patches
after I rebuilt a
few packages with the defaults.


[2] https://people.debian.org/~rbalint/ppa/pie-bindnow/

> Thanks,
> ~Niels
> [1] Example spec files for this case seems to be something like:
> pie-compile.specs
> """
> *cc1_options:
> + %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
> """
> pie-link.specs:
> """
> *self_spec:
> + %{!shared:%{!r:-pie}}
> """
> NB: I manually carved them out of a diff without testing them.

Reply to: