FTBFS with PIE & bindnow (was: Re: Porter roll call for Debian Stretch)
First of all thanks to Lucas Nussbaum who ran the first test build!
2016-08-31 19:21 GMT+02:00 Steve Langasek <firstname.lastname@example.org>:
> On Wed, Aug 31, 2016 at 11:26:55AM +0100, Dimitri John Ledkov wrote:
>> > Results are available at
>> > https://people.debian.org/~lucas/logs/2016/08/30/pie-bindnow-20160830/
>> > I did a full rebuild with bindnow and PIE enabled, then rebuilt all
>> > failed packages with a pristine unstable chroot.
>> > You can take a look at
>> > https://people.debian.org/~lucas/logs/2016/08/30/pie-bindnow-20160830/diff.txt
>> > and grep for "OK Failed" (failed with PIE+bindnow, built fine in
>> > unstable). (There are 1188 packages failing to build)
>> > Logs for both builds are available in the respective subdirectories.
>> Are you sure these are correct? The numbers for PIE+bindnow are a lot
>> higher than what we see in Ubuntu, for same unmodified packages.
>> E.g. looking at http://qa.ubuntuwire.org/ftbfs/
>> amd64/ppc64el/s390x have PIE+bindnow enabled, and
>> i386/armhf/arm64/powerpc do not. here is nothing in the thousands
>> range. There might be a dozen packages with PIE+bindnow fixes in
>> ubuntu, that's not in debian, but that amount cannot be more than a
>> dozen or two.
Is there a list available or an easy way of collecting them?
> Note that enabling PIE by default is going to cause build failures for a
> number of packages which link against static libraries, if those static
> libraries have not been rebuilt yet with PIE/PIC. Ubuntu has worked through
> this transition, so a direct comparison would require a rebootstrap test in
> Debian instead of just a rebuild test (i.e.: test rebuild packages in
> dependency order, and build later packages against the output of the earlier
True. Full rebootstrapping of the archive is not available
automatically and this
was really useful as a first test.
I have added more dpkg patches  to make -pie hardening flag a noop since GCC
upstream is not interested in making -no-pie easily usable .
I tested the packages failing to build with the previous patches and
many of them
could be built.
The logs of the remaining failures can be found here:
If we ignore the packages having "haskell" in their name the failures are down
to 295 packages.
I'm starting ot file bugs for the FTBFS-s.
Patched dpkg and gcc is still available for those who would like to reproduce