Re: Bug#845193: dpkg: recent -specs PIE changes break openssl
On Thu, Nov 24, 2016 at 04:35:28PM +0100, Guillem Jover wrote:
> On Thu, 2016-11-24 at 14:52:33 +0000, Thorsten Glaser wrote:
> > Worse, they break *differently* on whether…
> > >Precisely to make the behavior consistent on all architectures, dpkg
> > >enables PIE (conditionally if no other flags marks it as to be
> > >disabled) on all architectures were gcc has not enabled this by
> > >default.
> > … that. And that is just plain wrong. Either dpkg should inject
> > -specs= stuff on all architectures or on none. Differing like this
> > just invites hidden and hard to track down bugs.
> As long as gcc enables PIE on a subset, there will be need to inject
> some form of specs on either subset of those arches, either on
> hardening=+pie or on hardening=-pie, pick yout poison. :(
Both gcc and dpkg playing with PIE just increased the number of bugs
without bringing any benefit.
I fixed many PIE related issues in packages when the gcc change was.
And now we got a new batch of FTBFS bugs for cases where the
dpkg specs change broke packages using "hardening=+all,-pie".
Please do the following:
1. discuss with porters whether PIE is working on their architecture
2. gcc and dpkg maintainers have to agree which package enables PIE
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed