Dixi quod…
>Thank you for this change — now I can probably remove all the
>special CFLAGS handling from my packages again…
⚠ ⚠ ⚠
Unfortunately, this is NOT enough!
If some package declares hardening=+all then dpkg will STILL
inject the -specs= stuff into various flags, breaking e.g.
gpgme1.0 (or anything else using Qt) in the process (because
it must be built with PIC, not PIE). Using hardening=+all,-pie
works around this but ⓐ needs maintainer interferences and ⓑ
is another architecture inconsistency.
Guillem, _please_, the only way out of this mess is to never
inject the -specs=* stuff at all, or (probably opening up a
new mess) to always inject it on all architectures (then you’d
see just how broken it is).
Sometimes, it’s better to use a more pragmatic solution instead
of a more “correct” one. (Also, why is this even affecting x32…
I thought Doko enabled PIE on all architectures now?)
Thanks,
//mirabilos
--
<diogenese> Beware of ritual lest you forget the meaning behind it.
<igli> yeah but it means if you really care about something, don't
ritualise it, or you will lose it. don't fetishise it, don't
obsess. or you'll forget why you love it in the first place.
