Bug#837359: ocaml: Please build libasmrun.a with -fPIC

To: Balint Reczey <balint@balintreczey.hu>
Cc: 837359@bugs.debian.org
Subject: Bug#837359: ocaml: Please build libasmrun.a with -fPIC
From: Stéphane Glondu <glondu@crans.org>
Date: Tue, 13 Sep 2016 10:53:47 +0200
Message-id: <[🔎] 481e319f-493f-fae0-560b-2a6cd4b46e38@crans.org>
Reply-to: Stéphane Glondu <glondu@crans.org>, 837359@bugs.debian.org
In-reply-to: <[🔎] 17e60547-3e18-2689-825f-00dc95ee2b67@balintreczey.hu>
References: <[🔎] 17e60547-3e18-2689-825f-00dc95ee2b67@balintreczey.hu>

On 10/09/2016 23:27, Balint Reczey wrote:

During a rebuild of all packages in sid, many ocaml packages
failed to build on amd64 with patched GCC and dpkg. The root cause
seems to be that libasmrun.a is shipped as a non-PIC library.

There is already a version of libasmrun.a compiled with -fPIC:libasmrun_pic.a. But to use it, a specific option (-runtime-variant_pic) must be used. This is done in sks, for example.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.
[...]
The attached patch fixed the problem.

Your patch injects -fPIC in all calls to gcc. Is that what we want fromnow on? Why isn't that done inside gcc itself, then?

I read on https://lintian.debian.org/tags/hardening-no-pie.html that-fPIC is not compatible with -fPIE. Then, I don't understand why youtalk about adding -fPIC in this bugreport which is about enabling PIE.



Cheers,

--
Stéphane

Reply to:

Follow-Ups:
- Bug#837359: ocaml: Please build libasmrun.a with -fPIC
  - From: Bálint Réczey <balint@balintreczey.hu>

References:
- Bug#837359: ocaml: Please build libasmrun.a with -fPIC
  - From: Balint Reczey <balint@balintreczey.hu>

Prev by Date: Bug#837456: frama-c: FTBFS with bindnow and PIE enabled
Next by Date: Bug#837359: ocaml: Please build libasmrun.a with -fPIC
Previous by thread: Processed: Re: ocaml: Please build libasmrun.a with -fPIC
Next by thread: Bug#837359: ocaml: Please build libasmrun.a with -fPIC
Index(es):
- Date
- Thread