Re: Better communication about spectre/meltdown
On Tue, Mar 20, 2018 at 12:30:28AM +0000, Ben Hutchings wrote:
>
> I released Linux 3.2.101 today with a backport of the retpoline
> changes, and have rebased that branch onto it. The new orig tarball is
> at https://people.debian.org/~benh/linux_3.2.101.orig.tar.xz
>
> I was able to build this branch for amd64 using gcc-4.9 from jessie,
> and it reports full retpoline support.
>
Hi everyone.
My apologies for the unreasonably long delay in my follow-up to this. I
was able to backport the gcc-4.9 packages to wheezy. It required
adjusting several of the build dependencies:
- libcloog-isl-dev: 0.18 -> 0.17
- libmpc-dev: 1.0 -> 0.9
- dpkg-dev: 1.17.11 -> 1.16.18
- libc6-dev-x32: removed (x32 achitecture not supported in wheezy)
- libx32gcc1: removed (x32 achitecture not supported in wheezy)
- binutils: 2.25-3 -> 2.22-8
- binutils-multiarch: 2.25-3 -> 2.22-8
At first I was worried about the versions of the build dependencies.
However, in each case I looked at the packaging history and tried to
identify if there was an identifiable reason for the specific version of
the build dependency. In nearly every case I was able to conclusively
determine that the version was simply "the current version of that
package when the build dependency was introduced/updated."
Based on that, I am comfortable that successful completion of the build
indicates that my backport was "correct" and that the build dependency
version adjustments did not break anything.
That said, I did notice a difference between the built packages on
jessie and wheezy. Specifically, none of the lib64<foo>, libn32<foo>,
and libx32<foo> packages were built on wheezy. I expected the libx32
packages to be missing, but I was surprised by the others. I presume
that they too are associated with x32 in some way. Is this correct?
I was also concerned about building amd64 packages only and uploading
those. In particular, I would have preferred to perform a source upload,
but as I understand it, that will not work for wheezy. Additionally,
when I checked the PTS for information on the recent jessie upload it
was a binary upload built for amd64. That makes me somewhat less
concerned. Would it be correct to think that this would be a "normal"
upload that will end up getting built for all supported LTS
architectures? I don't suppose that there would be a reason to restrict
the upload to amd64 only.
The packages can be found here:
https://people.debian.org/~roberto/
https://people.debian.org/~roberto/gcc-4.9_4.9.2-10+deb7u1.dsc
(I have signed the .dsc and .changes files with my GPG key)
At this point I feel like the packages are ready for upload, but it
seems prudent to first wait for confirmation that the kernel build on
wheezy works with this backported gcc. Once I receive that confirmation,
I will proceed with uploading and releasing a DLA (patterned after
DSA-4117-1). Is there anything special that will need to be done in
order to introduce a new source package to wheezy?
As I was finishing this message I just noticed that I forgot to include
the orig.tar.gz in the packages that I built, so I have started another
build that will include it. That will be what I end up uploading, unless
changes are required.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: