[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Porter roll call for Debian Stretch

On 22/08/16 at 19:12 +0200, Bálint Réczey wrote:
> Hi Guillem,
> 2016-08-21 14:02 GMT+02:00 Guillem Jover <guillem@debian.org>:
> > Hi!
> >
> > On Sun, 2016-08-21 at 10:24:42 +0200, Bálint Réczey wrote:
> >> I'm testing a set of patches [2] for gcc and dpkg which enable bindnow for all
> >> arches and PIE for amd64, ppc64el and s390x in sync with Ubuntu.
> >>
> >> My assumption was that this set of architectures need the least amount of
> >> additional work since they are tested already in Ubuntu, but I would be happy
> >> if more ports would opt in for PIE.
> >>
> >> I plan filing wishlist bugs against dpkg and gcc with the patches
> >> after I rebuilt a
> >> few packages with the defaults.
> >
> > TBH I think PIE should in fact be safer to enable globally than
> > bindnow, because the latter changes the run-time behavior and things
> > might break (perhaps even silently) when failing to load plugins
> > or similar.
> Yes, in that sense enabling PIE is safer indeed. Regarding bindnow
> I don't expect too many surprises either, since other distributions
> already tested enabling bindnow and probably they found
> most issues.
> >
> > From dpkg PoV enabling both, would at least require a full-archive
> > rebuild, for bindnow ideally also a full autopkgtest run (as the
> > updated dpkg FAQ states now, after Lucas Nussbaum approached me some
> > weeks ago mentioning he was willing to do such archive-wide rebuild).
> The patches at [2] seem to work well and since you expressed that you would
> prefer changing both toolchain and dpkg, too, I would like to suggest running
> the rebuild with those patches.
> I think Matthias would be OK with the patch since it is very small and brings
> Debian's gcc closer to Ubuntu's.
> Lucas, could you please run the rebuild with the three patches?


Results are available at

I did a full rebuild with bindnow and PIE enabled, then rebuilt all
failed packages with a pristine unstable chroot.

You can take a look at
and grep for "OK Failed" (failed with PIE+bindnow, built fine in
unstable). (There are 1188 packages failing to build)

Logs for both builds are available in the respective subdirectories.


Reply to: