Re: No relro when building from inside a Git package ?
Hi,
On Fri, Nov 22, 2013 at 06:08:51PM +0900, Charles Plessy wrote:
> Le Fri, Nov 22, 2013 at 09:31:25AM +0100, Andreas Tille a écrit :
> > On Fri, Nov 22, 2013 at 09:10:44AM +0100, Raphael Hertzog wrote:
> > >
> > > On Fri, 22 Nov 2013, Andreas Tille wrote:
> > > > $ gbp-clone ssh://git.debian.org/git/debian-med/htslib.git
> > > > $ cd htslib
> > > > (debian/unstable) $ git branch
> > > > * debian/unstable
> > > > develop
> > > > pristine-tar
> > > > (debian/unstable) $ git-buildpackage
> > > > (debian/unstable) $ lintian -I --pedantic ../build-area/htslib_0.2.0~rc4-1_amd64.changes
> > >
> > > The mere fact that the generated files are in ../build-area/ means that
> > > you're using --git-export-dir (via ~/.gbp.conf) and thus you are building
> > > in a directory that doesn't have the .git dir. It's an export (with
> > > git archive) that is unpacked in ../build-area/<package>/ that you use as
> > > build directory.
> >
> > Well, that's correct. So trying again:
> >
> > $ cd ..
> > $ ln -s build-area/htslib_0.2.0~rc4.orig.tar.gz
> > $ cd htslib
> > (debian/unstable) $ pdebuild
>
> Hi Andreas,
>
> I suspect that pdebuild is also using either an export or an unpacked source package.
>
> I think that if you use dpkg-buildpackage directly, you will reproduce the problem.
OK, now I've got it using debuild. While I can not see any suspicious
difference inside the build log I can confirm the effect that with
debuild the hardening-no-relro warning occures (even if `-Wl,-z,relro`
is properly specified - a lack of this option is the usual cause of this
problem). I can confirm this for an up to date testing and unstable
system. I noticed as well that the file size of the binary in question
is smaller in the later cases (with hardening-no-relro problem) as if I
build using pbuilder.
I further observed that it only happens if the dir is named .git. I
tried
mv .git .tig
cat > debian/source/include-binaries <<EOT
.tig/index
.tig/objects/pack/pack-0c4620137efe646d9d99b9b2b09b861e364bc678.idx
.tig/objects/pack/pack-0c4620137efe646d9d99b9b2b09b861e364bc678.pack
EOT
debuild
and the problem vanishes (the lintian warning vanishes and the file size
is larger again == same as when using pdebuild).
So lacking better advise I can only say:
- just use pbuilder (simply closing the eyes for the issue)
- <evil grin>use svn instead of git</evil grin>
Now its time for you Git experts to solve this riddle. I'm out.
Kind regards
Andreas.
--
http://fam-tille.de
Reply to: