[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#845193: dpkg: recent -specs PIE changes break openssl

clone 845193 -1
reassign -1 dpkg
retitle -1 dpkg: please do not add -specs= flags only on some architectures

Guillem Jover dixit:

>> I cannot build openssl1.0 any longer. Downgrading all binary
>> packages from src:dpkg to 1.18.10 makes the build succeed.

Interestingly enough, src:openssl (1.1) works, so…

>So, I think I'll reassign this to openssl1.0, if no other feedback

… this is probably legit. But I would *still* like to raise
another point.

>Those specs files should make it possible to build stuff with PIE

Yes, but they *do* break anything that
- acts on the CFLAGS (and LDFLAGS) variables
- uses klcc or other compiler wrappers that don't understand -specs
- uses clang or pcc or whatever other compilers

Worse, they break *differently* on whether…

>Precisely to make the behavior consistent on all architectures, dpkg
>enables PIE (conditionally if no other flags marks it as to be
>disabled) on all architectures were gcc has not enabled this by

… that. And that is just plain wrong. Either dpkg should inject
-specs= stuff on all architectures or on none. Differing like this
just invites hidden and hard to track down bugs.

Please get an agreement with the GCC maintainer on how to proceed
from here.

Personally, I’d still prefer for GCC to behave as on other systems,
i.e. not to enable PIE by default, and to have it done completely
within dpkg, but I can *also* live with it being done exclusively
in GCC.

Either are *much* better than the current way.

>if no other feedback is provided showing that this is a problem in
>dpkg itself, such as PIE not working at all there, and a request to
>disable it for x32 in dpkg as non-functional.

This can be done just as well on the GCC side.

>Also BTW the gcc maintainer asked that porters
>interested could request PIE to be enabled by default in gcc.

What difference does it make on whether GCC or dpkg enables PIE?

The two last quote sections make it clear that any architecture
that currently has PIE enabled in dpkg should have it enabled in
GCC in the first place. (Did dpkg enable that on porters’ requests?
It does not look like that to me. This smells like overstepping

tl;dr: I don’t care as much _which_ of GCC xor dpkg does it,
as long as only one does it. FFS, just enable it on all of them
unless known to absolutely not work; that’d still be better than
the current mess.

[00:02] <Vutral> gecko: benutzt du emacs ?
[00:03] <gecko> nö          [00:03] <gecko> nur n normalen mac
[00:04] <Vutral> argl       [00:04] <Vutral> ne den editor
	-- Vutral und gecko2 in #deutsch (NB: Editor? Betriebssystem.)

Reply to: