Re: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 870383@bugs.debian.org, debian-qt-kde@lists.debian.org, debian-dpkg@lists.debian.org
Cc: Thorsten Glaser <tg@mirbsd.de>
Subject: Re: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE
From: Guillem Jover <guillem@debian.org>
Date: Tue, 7 Jul 2020 16:02:35 +0200
Message-id: <[🔎] 20200707140235.GB264391@thunder.hadrons.org>
Mail-followup-to: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 870383@bugs.debian.org, debian-qt-kde@lists.debian.org, debian-dpkg@lists.debian.org, Thorsten Glaser <tg@mirbsd.de>
In-reply-to: <[🔎] 20200707050634.GA83994@thunder.hadrons.org>
References: <150833237799.18919.11886280153814160555.reportbug@tglase.lan.tarent.de> <alpine.DEB.2.22.394.2003091121490.8413@tglase.lan.tarent.de> <[🔎] 87eepvue3b.fsf@fifthhorseman.net> <[🔎] 20200707050634.GA83994@thunder.hadrons.org>

Control: reopen -1
Control: tag -1 - patch

On Tue, 2020-07-07 at 07:06:34 +0200, Guillem Jover wrote:
> On Wed, 2020-07-01 at 17:20:40 -0400, Daniel Kahn Gillmor wrote:
> > Further conversation about problems compiling and linking against Qt and
> > GPGME in debian suggest that the problem might be related to dpkg's
> > default spec files, and confused by Qt's compiler warnings.
> > 
> > I'm attaching a patch to dpkg which (i think) reflects the fix proposed
> > by Guillem Jover (in cc):
> 
> Yes this is what I had locally, thanks for testing! I'm including a
> fix in the next upload.

> > --- a/data/no-pie-compile.specs
> > +++ b/data/no-pie-compile.specs
> > @@ -1,2 +1,2 @@
> > -*self_spec:
> > ++self_spec:
> >  + %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fno-PIE}}}}}}

Ok, so Thorsten Glaser very helpfully pointed out that this is actually
bogus, as the + is supposed to go with the text not the spec name (which
was already there!). In this case I assume it gets interpreted as a
«[SUFFIX]:» entry, and then this get completely ignored (w/o an error
diagnostic), disabling all the specs files (confirmed by Thorsten on
x32), that's why the specific problem with gpgme+Qt stopped failing in
Daniel's tests.

I'll revert this in a quick .5 upload later today, and then try to
track down what's going on, and add some unit tests for the specs files,
so that this gets tested on architectures where it truly affects them.

Thanks,
Guillem

Reply to:

References:
- Re: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: dpkg_1.20.4_amd64.changes ACCEPTED into unstable
Next by Date: Processing of dpkg_1.20.5_amd64.changes
Previous by thread: Re: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE
Next by thread: Re: Bug#964111: dpkg-source: False positive 'points outside source root'
Index(es):
- Date
- Thread