[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#845193: dpkg: recent -specs PIE changes break openssl

Hi Guillem,

2016-11-24 17:00 GMT+01:00 John Paul Adrian Glaubitz
> On 11/24/2016 04:35 PM, Guillem Jover wrote:
>> Hi!
>> On Thu, 2016-11-24 at 14:52:33 +0000, Thorsten Glaser wrote:
>>> clone 845193 -1
>>> reassign -1 dpkg
>>> retitle -1 dpkg: please do not add -specs= flags only on some architectures
>>> thanks
>> I'm afraid I'll have to wontfix this because it is not really
>> implementable. See below… :/

I appreciate that you would like to do the *right thing*, but the original
proposal for syncing with gcc was the following:

If GCC uses PIE by default then +pie and -pie are noops.
If GCC does not use PIE by default -pie is a noop, +pie sets PIE flags.

This has been tested archive-wide and does not involve risks due to
manipulating specs.


I do admit that this does not allow easily disabling PIE, but
1. Upstreams already need to adapt to GCC-s setting PIE by
default since Ubuntu 16.10 already ships such a GCC.
2. Disabling PIE does not have to be easy. I for myself prefer
making disabling protection hard in any system which include
systems outside of the software world.

I believe the proposal which does not involve setting specs is
tested better, less risky and compatible with more compilers.


> Fixing the issue in a similar way as it was fixed on sparc64 [1] is
> not possible?
> Adrian
>> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843826
> --
>  .''`.  John Paul Adrian Glaubitz
> : :' :  Debian Developer - glaubitz@debian.org
> `. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
>   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply to: