2016-10-26 17:21 GMT+02:00 Bálint Réczey <bal...@balintreczey.hu>: > Hi, > > 2016-10-26 5:41 GMT+02:00 Guillem Jover <guil...@debian.org>: >> Hi! >> >> On Wed, 2016-10-26 at 05:08:52 +0200, Guillem Jover wrote: >>> On Wed, 2016-09-07 at 00:48:17 +0200, Bálint Réczey wrote: >>> > 2016-09-04 3:03 GMT+02:00 Balint Reczey <bal...@balintreczey.hu>: >>> > > Many packages fail to build due to gcc ... -shared -no-pie ... failing. >>> > > I have reported the issue to GCC but they don't seem to fix that: >>> > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77464 >>> > > >>> > > The proposed workarounds don't seem to be viable in Debian thus I >>> > > propose making the -pie dpkg hardening flag a noop instead of passing >>> > > -no-pie and friends as compiler/ flags like in the proposed patch. >>> > > This is not symmetric but consistent with Ubuntu's way of enabling PIE. >>> >>> Wow, that sucks, and we circle back at the situation of enabling PIE by >>> default and shared libraries failing, but in the inverse. :)
One option would be setting CC to $(CC) -no-pie to work around GCC's behavior, but I did not want to go this way since dpkg-buildflags did not modify CC in the past. From pragmatic POV this would work for many of the affected packages and would also work for clang. Cheers, Balint