Your message dated Sun, 12 Jun 2016 20:30:11 +0200
with message-id <[email protected]>
and subject line Re: Bug#823869: please set build flags to expicit values,
don't assume defaults
has caused the Debian Bug report #823869,
regarding please set build flags to expicit values, don't assume defaults
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
823869: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823869
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg,hardening-wrapper
With GCC 6 (and backported to GCC 5), GCC can be configured with
--enable-default-pie. DEB_BUILD_*OPTIONS allows explicit disabling of some
features, however with changed defaults, all these settings are a no-op.
Therefore please don't assume any defaults settings, but set these flags explicitly.
For this example, when seeing -pie, add -fno-PIE to C*FLAGS, -no-pie to LDFLAGS.
But also consider explicitly adding -O0 to C*FLAGS when noopt is passed. This
should apply to any feature are settable by DEB_BUILD_*OPTIONS.
--- End Message ---
--- Begin Message ---
tags 823869 wontfix
thanks
Hi!
On Tue, 2016-05-10 at 10:47:15 +0200, Guillem Jover wrote:
> On Mon, 2016-05-09 at 21:47:09 +0200, Matthias Klose wrote:
> > Package: dpkg,hardening-wrapper
> >
> > With GCC 6 (and backported to GCC 5), GCC can be configured with
> > --enable-default-pie. DEB_BUILD_*OPTIONS allows explicit disabling of some
> > features, however with changed defaults, all these settings are a no-op.
> > Therefore please don't assume any defaults settings, but set these flags
> > explicitly.
>
> All current settings for the Debian vendor assume both the current
> default compiler (gcc) its version (5) and the supported flags per
> arch. Whoever decides to change the default, say to use clang, or a
> newer or older version of gcc, with different build flags, ABI, etc
> are on their own, and should either add a new vendor module, set those
> flags globally in the system config, or similar. Because dpkg cannot
> ever support any combination the user might decide to use, so it's up
> to them.
>
> > But also consider explicitly adding -O0 to C*FLAGS when noopt is passed.
>
> This is already the case, because it was mandated by policy.
>
> > For this example, when seeing -pie, add -fno-PIE to C*FLAGS, -no-pie to
> > LDFLAGS.
>
> > This should apply to any feature are settable by DEB_BUILD_*OPTIONS.
>
> Because this has the potential to break existing builds as it changes
> all existing default flags, even when not setting DEB_BUILD_OPTIONS, it
> diverges from the above mentioned dpkg policy and it would be a bit of
> a mess, I'm not planning on implementing it. So I'll be probably closing
> as wontfix in a bit.
Doing so now.
Thanks,
Guillem
--- End Message ---
