Hi!
On Sun, 2014-09-07 at 15:01:35 +0200, Balint Reczey wrote:
> Package: dpkg
> Version: 1.17.13
> Severity: wishlist
> Tags: patch
> I'm working on a new port, hardened-amd64 [1].
This does not what dpkg ports are meant to denote, as I think was
mentioned in that thread. If the ports are ABI compatible then they
are the same port. The lpia port was such a thing, which I disagreed
with at the time but accepted anyway, and that was a mistake I'm not
going to repeat. I'm planning on removing lpia support soonish to
avoid anyone else take that as a precedent to follow.
This is the equivalent of bumping the instruction set baseline or
enabling a different set of build flags by default, etc. Please see
the recent Boostrap Sprint notes on the multiple ISAs section, which
is relevant for your scenario.
In any case I'm not planning on adding support for a hardened-amd64
architecture, sorry.
> The attached patches adds
> the new port and enables ASAN and UBSAN through the hardening flags.
> The flags are disabled on other architectures by default even when using
> hardening=all, since ASAN causes significant slowdown and UBSAN will
> probably reveal a lot of issues in many packages.
I'd be fine with adding ASAN and UBSAN or any other hardening stuff,
disabled by default on a feature area, but if they do not make sense
to be enabled by “all” then they do not belong in the hardening feature
area, probably in another one. OOC how many packages do enable all
hardening features?
> Dpkg for example builds fine with ASAN (with fixed #760690), but UBSAN
> makes it FTBFS due to the following issue:
> .../dpkg.git$ DEB_BUILD_MAINT_OPTIONS=hardening=all,+asan,+ubsan
> dpkg-buildpackage
> ...
>
> PATH="../src:../scripts:../utils:/usr/lib/ccache:/home/rbalint/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
> \
> LC_ALL=C \
> \
> srcdir=../../src builddir=. \
> PERL_DL_NONLAZY=1 \
> PERL5OPT= \
> /usr/bin/perl -MTAP::Harness -e ' my $harness = TAP::Harness->new({
> lib => [ "../../scripts" ], color => 1, verbosity => 0, failures => 1,
> }); my $aggregate = $harness->runtests(@ARGV); die "FAIL: test suite has
> errors\n" if $aggregate->has_errors;' \
> ../../src/t/dpkg_divert.t
> ../../src/t/dpkg_divert.t .. 1/257
> not ok 62 - --list stderr
>
> # Failed test '--list stderr'
> # at ../../src/t/dpkg_divert.t line 106.
> # got: '../../src/filesdb.c:581:21: runtime error: signed
> integer overflow: 313137907 * 1787 cannot be represented in type 'int'
> # '
> # expected: ''
> not ok 65 - --list * stderr
>
> The third patch fixes the issue.
Thanks! I've merged this one locally, will be included in 1.17.14.
> Please consired accepting the patches despite the fact that
> hardened-amd64 is not an official port yet. It would help the
> bootstrapping efforts and patch 2 would make it easier to experiment
> with ASAN and UBSAN for others.
It's not a matter of it being or not an official port, the main
requirement is that the GNU triplet is officially recognized and that
the naming and the thing makes sense. Which does not in this case.
Thanks,
Guillem
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
