[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE

Control: affects 879014 + dpkg src:qtbase-opensource-src
Control: tags 879014 + patch

Hi folks--

Further conversation about problems compiling and linking against Qt and
GPGME in debian suggest that the problem might be related to dpkg's
default spec files, and confused by Qt's compiler warnings.

I'm attaching a patch to dpkg which (i think) reflects the fix proposed
by Guillem Jover (in cc):

From 8d01f1419c62e24b662abc2e1ec708a7c63fbbfe Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 1 Jul 2020 17:00:02 -0400
Subject: [PATCH] Use +self_spec: instead of *self_spec:

After discussion with NIIBE Yutaka on https://dev.gnupg.org/T4982 and
Guillem Jover on IRC, I think this is the correct fix for problems
when compiling Qt/GPGME code in debian systems.

I don't fully understand the implications of this change, but i
believe it is related to #870383 and #879014 (in the debian BTS) as
 data/no-pie-compile.specs | 2 +-
 data/no-pie-link.specs    | 2 +-
 data/pie-compile.specs    | 2 +-
 data/pie-link.specs       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/no-pie-compile.specs b/data/no-pie-compile.specs
index 2277b97ef..70cb36095 100644
--- a/data/no-pie-compile.specs
+++ b/data/no-pie-compile.specs
@@ -1,2 +1,2 @@
 + %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fno-PIE}}}}}}
diff --git a/data/no-pie-link.specs b/data/no-pie-link.specs
index 54db649b1..fa4162793 100644
--- a/data/no-pie-link.specs
+++ b/data/no-pie-link.specs
@@ -1,2 +1,2 @@
 + %{!shared:%{!r:%{!fPIE:%{!pie:-fno-PIE -no-pie}}}}
diff --git a/data/pie-compile.specs b/data/pie-compile.specs
index 74d82155c..c1ee08c71 100644
--- a/data/pie-compile.specs
+++ b/data/pie-compile.specs
@@ -1,2 +1,2 @@
 + %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:%{!fno-PIE:%{!no-pie:-fPIE}}}}}}}}
diff --git a/data/pie-link.specs b/data/pie-link.specs
index 94c122fd3..9b401e34a 100644
--- a/data/pie-link.specs
+++ b/data/pie-link.specs
@@ -1,2 +1,2 @@
 + %{!static:%{!shared:%{!r:%{!fno-PIE:%{!no-pie:-fPIE -pie}}}}}

gniibe also identified a problem in how Qt reports compilation warnings
related to the PIE/PIC mismatch.  I've tried to address that in the
following patch to qtbase-opensource-src:

From 107f387ea625a67ef03b916ef965761f36de2bf4 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 1 Jul 2020 17:15:12 -0400
Subject: [PATCH] Clarify warning message about PIC/PIE

As noted in discussion at https://dev.gnupg.org/T4982#135524, the
warning message produced when there is a mismatch between
position-independence of the Qt library and other compilations, the
warning produced by Qt is confusing.

This is an attempt to express a warning that is more closely aligned
with the actual test used.
 src/corelib/global/qglobal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/corelib/global/qglobal.h b/src/corelib/global/qglobal.h
index fe8e8e8..971ee56 100644
--- a/src/corelib/global/qglobal.h
+++ b/src/corelib/global/qglobal.h
@@ -1280,7 +1280,7 @@ Q_CORE_EXPORT int qrand();
 #if !defined(QT_BOOTSTRAPPED) && defined(QT_REDUCE_RELOCATIONS) && defined(__ELF__) && \
     (!defined(__PIC__) || (defined(__PIE__) && defined(Q_CC_GNU) && Q_CC_GNU >= 500))
 #  error "You must build your code with position independent code if Qt was built with -reduce-relocations. "\
-         "Compile your code with -fPIC (-fPIE is not enough)."
+         "Compile your code with -fPIC (and not with -fPIE unless you have a very old version of GCC)."
 namespace QtPrivate {

If either of these two fixes are not appropriate to help resolve the
problem, i'd appreciate help in figuring out what the right fixes are.

I am not an expert in either Qt or dpkg, so pointers and explanations
are welcome.



Attachment: signature.asc
Description: PGP signature

Reply to: