FTBFS with PIE & bindnow (was: Re: Porter roll call for Debian Stretch)

To: Dimitri John Ledkov <xnox@debian.org>, Lucas Nussbaum <lucas@debian.org>, Bálint Réczey <balint@balintreczey.hu>, Niels Thykier <niels@thykier.net>, Kurt Roeckx <kurt@roeckx.be>, Debian Release Team <debian-release@lists.debian.org>, debian developers <debian-devel@lists.debian.org>, Matthias Klose <doko@debian.org>
Subject: FTBFS with PIE & bindnow (was: Re: Porter roll call for Debian Stretch)
From: Bálint Réczey <balint@balintreczey.hu>
Date: Fri, 9 Sep 2016 16:04:21 +0200
Message-id: <[🔎] CAK0OdpwTHyzPbDfXLqp2XZsBtgfE=YZcE9dSmXGf4jsJafyuRQ@mail.gmail.com>
Reply-to: balint@balintreczey.hu

Hi,

First of all thanks to Lucas Nussbaum who ran the first test build!

2016-08-31 19:21 GMT+02:00 Steve Langasek <vorlon@debian.org>:
> On Wed, Aug 31, 2016 at 11:26:55AM +0100, Dimitri John Ledkov wrote:
>> Hello,
>> > Results are available at
>> > https://people.debian.org/~lucas/logs/2016/08/30/pie-bindnow-20160830/
>
>> > I did a full rebuild with bindnow and PIE enabled, then rebuilt all
>> > failed packages with a pristine unstable chroot.
>
>> > You can take a look at
>> > https://people.debian.org/~lucas/logs/2016/08/30/pie-bindnow-20160830/diff.txt
>> > and grep for "OK Failed" (failed with PIE+bindnow, built fine in
>> > unstable). (There are 1188 packages failing to build)
>
>> > Logs for both builds are available in the respective subdirectories.
>
>> Are you sure these are correct? The numbers for PIE+bindnow are a lot
>> higher than what we see in Ubuntu, for same unmodified packages.
>
>> E.g. looking at http://qa.ubuntuwire.org/ftbfs/
>
>> amd64/ppc64el/s390x have PIE+bindnow enabled, and
>> i386/armhf/arm64/powerpc do not. here is nothing in the thousands
>> range. There might be a dozen packages with PIE+bindnow fixes in
>> ubuntu, that's not in debian, but that amount cannot be more than a
>> dozen or two.

Is there a list available or an easy way of collecting them?

>
> Note that enabling PIE by default is going to cause build failures for a
> number of packages which link against static libraries, if those static
> libraries have not been rebuilt yet with PIE/PIC.  Ubuntu has worked through
> this transition, so a direct comparison would require a rebootstrap test in
> Debian instead of just a rebuild test (i.e.: test rebuild packages in
> dependency order, and build later packages against the output of the earlier
> rebuilds).

True. Full rebootstrapping of the archive is not available
automatically and this
was really useful as a first test.

I have added more dpkg patches [1] to make -pie hardening flag a noop since GCC
upstream is not interested in making -no-pie easily usable [2].

I tested the packages failing to build with the previous patches and
many of them
could be built.
The logs of the remaining failures can be found here:
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/

If we ignore the packages having "haskell" in their name the failures are down
to 295 packages.

I'm starting ot file bugs for the FTBFS-s.

Patched dpkg and gcc is still available for those who would like to reproduce
the issues.

Cheers,
Balint

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835149
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77464
[3] https://people.debian.org/~rbalint/ppa/pie-bindnow/

Reply to:

Follow-Ups:
- Re: FTBFS with PIE & bindnow (was: Re: Porter roll call for Debian Stretch)
  - From: Matthias Klose <doko@debian.org>

Prev by Date: Re: Network access during build
Next by Date: Re: Network access during build
Previous by thread: Bug#837159: ITP: python-udatetime -- Fast RFC3339 compliant date-time library
Next by thread: Re: FTBFS with PIE & bindnow (was: Re: Porter roll call for Debian Stretch)
Index(es):
- Date
- Thread