[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No relro when building from inside a Git package ?

Hi,

On Fri, Nov 22, 2013 at 06:08:51PM +0900, Charles Plessy wrote:
> Le Fri, Nov 22, 2013 at 09:31:25AM +0100, Andreas Tille a écrit :
> > On Fri, Nov 22, 2013 at 09:10:44AM +0100, Raphael Hertzog wrote:
> > > 
> > > On Fri, 22 Nov 2013, Andreas Tille wrote:
> > > > $ gbp-clone ssh://git.debian.org/git/debian-med/htslib.git
> > > > $ cd htslib
> > > > (debian/unstable) $ git branch
> > > > * debian/unstable
> > > >   develop
> > > >   pristine-tar
> > > > (debian/unstable) $ git-buildpackage
> > > > (debian/unstable) $ lintian -I --pedantic ../build-area/htslib_0.2.0~rc4-1_amd64.changes 
> > > 
> > > The mere fact that the generated files are in ../build-area/ means that
> > > you're using --git-export-dir (via ~/.gbp.conf) and thus you are building
> > > in a directory that doesn't have the .git dir. It's an export (with
> > > git archive) that is unpacked in ../build-area/<package>/ that you use as
> > > build directory.
> > 
> > Well, that's correct.  So trying again:
> > 
> > $ cd ..
> > $ ln -s build-area/htslib_0.2.0~rc4.orig.tar.gz
> > $ cd htslib
> > (debian/unstable) $ pdebuild
> 
> Hi Andreas,
> 
> I suspect that pdebuild is also using either an export or an unpacked source package.
> 
> I think that if you use dpkg-buildpackage directly, you will reproduce the problem.

OK, now I've got it using debuild.  While I can not see any suspicious
difference inside the build log I can confirm the effect that with
debuild the hardening-no-relro warning occures (even if `-Wl,-z,relro`
is properly specified - a lack of this option is the usual cause of this
problem).  I can confirm this for an up to date testing and unstable
system.  I noticed as well that the file size of the binary in question
is smaller in the later cases (with hardening-no-relro problem) as if I
build using pbuilder.

I further observed that it only happens if the dir is named .git.  I
tried

mv .git .tig
cat > debian/source/include-binaries <<EOT
.tig/index
.tig/objects/pack/pack-0c4620137efe646d9d99b9b2b09b861e364bc678.idx
.tig/objects/pack/pack-0c4620137efe646d9d99b9b2b09b861e364bc678.pack
EOT

debuild

and the problem vanishes (the lintian warning vanishes and the file size
is larger again == same as when using pdebuild).

So lacking better advise I can only say:

  - just use pbuilder (simply closing the eyes for the issue)
  - <evil grin>use svn instead of git</evil grin>

Now its time for you Git experts to solve this riddle.  I'm out.

Kind regards

     Andreas.

-- 
http://fam-tille.de
Reply to: