Hi! On Wed, 2016-12-14 at 12:54:41 +0100, Matthias Klose wrote: > Package: dpkg-dev > Version: 1.18.15 > Severity: important > Tags: sid stretch > > This is seen on all architectures where pie is not enabled by default. These > specs should not be passed when pie is not in effect.
I assume you mean enabled by default by gcc. > Seen only when looking at the python2.7 ftbfs on x32. And verified that > the python2.7 build succeeds again when the specs are not passed. If python2.7 does not build with the PIE spec files on x32 that means that either there's a portability issue on x32 in python2.7, or that there's a more fundamental problem with x32 and PIE (f.ex. openssl1.0 also only fails on x32 with PIE specs, see #845193, although openssl builds fine there). If the latter, I'd be fine with blacklisting PIE on x32 as "not yet working", so that it cannot be enabled at all from the dpkg side. (It also might well be that these packages would fail anyway in case gcc enabled PIE by default on x32.) Otherwise I guess I'll merge this and the other report and probably either reassign to gcc or close. The rationale for ending up enabling this globally in dpkg, was that enabling this partially in gcc means handling this in packaging is an inconsistent mess. We'd have some packages building with PIE in some architectures and not on others (default hardening build flags option), packages building with PIE enabled everywhere using gcc default or dpkg PIE enabling specs (with hardening=+pie), or PIE disabled everywhere using PIE disabling specs or nothing where gcc does not enable it. So we'd need specs files in some places no matter what. And the option of just never using specs files, and not making it possible to disable PIE for example or enable it on other arches explicily would be inconsistent and a pain for maintainers. We've also never enabled hardening flags partially, all hardening flags are always enabled as long as they work, otherwise they are just globally blacklisted on certain arches, even if the packages requests them. I find the current situation pretty suboptimal TBH. :/ Thanks, Guillem
