[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#845193: dpkg: recent -specs PIE changes break openssl

Guillem Jover dixit:

>> Yes, but they *do* break anything that
>> - acts on the CFLAGS (and LDFLAGS) variables
>> - uses klcc or other compiler wrappers that don't understand -specs
>> - uses clang or pcc or whatever other compilers
>The default dpkg build flags have always been tied to the specific
>language compiler version currently marked as the default (for C that
>would currently be gcc-6).

Sure, but we do have other compilers and compiler wrappers in the
archive, and packages are using them.

>As long as gcc enables PIE on a subset, there will be need to inject
>some form of specs on either subset of those arches, either on
>hardening=+pie or on hardening=-pie, pick yout poison. :(

>> Either are *much* better than the current way.
>Well you and me both, I'm just adapting the dpkg-buildflags to the
>current gcc situation. :/

This sounds to me like we should reassign this to GCC (and remove
all the… well, “offending”, no offence intended, code from dpkg).

>Having a subset of architectures is a pain for maintainers as they

True, so GCC should just enable it on all architectures where it
at all works.

>Well I think we should be enabling all hardening flags directly in
>gcc, but now that we have the specs files I guess it would not be
>too bad to enable them just in dpkg, but I agree either would be
>preferable. :/

OK, thank you.

  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
                                         -- Henry Nelson, March 1999

Reply to: