[Reproducible-commits] [dpkg] 10/74: man: Document interaction between PIE and libraries

[Mattia Rizzolo]

This is an automated email from the git hooks/post-receive script.

mattia pushed a commit to annotated tag 1.18.8
in repository dpkg.

commit d1735cc1a0a87d4abeb91733f3f8a2957a4c1163
Author: Guillem Jover <guillem at debian.org>
Date:   Sun May 22 19:20:04 2016 +0200

    man: Document interaction between PIE and libraries
    
    Based-on-text-by: Christian Seiler <christian at iwakd.de> on debian-devel
---
 debian/changelog      |  2 ++
 man/dpkg-buildflags.1 | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5ff6a53..61108cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ dpkg (1.18.8) UNRELEASED; urgency=medium
     - Clarify the format of the db:Status-Abbrev virtual field in
       dpkg-query(1). Closes: #824515
     - Document the tar entry size limitation for deb(5) format.
+    - Document interaction between PIE and libraries in dpkg-buildflags(1).
+      Based on text by Christian Seiler <christian at iwakd.de>.
 
   [ Updated programs translations ]
   * German (Sven Joachim).
diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1
index ac2489e..f490a48 100644
--- a/man/dpkg-buildflags.1
+++ b/man/dpkg-buildflags.1
@@ -362,6 +362,34 @@ locations to bounce off of during a memory corruption attack.
 This is not compatible with \fB\-fPIC\fP so care must be taken when
 building shared objects.
 
+Static libraries can be used by programs or other shared libraries.
+Depending on the flags used to compile all the objects within a static
+library, these libraries will be usable by different sets of objects:
+
+.RS
+.TP
+none
+Cannot be linked into a PIE program, nor a shared library.
+.TP
+.B \-fPIE
+Can be linked into any program, but not a shared library.
+.TP
+.B \-fPIC
+Can be linked into any program and shared library.
+.RE
+
+.IP
+Unconditionally passing \fB\-fPIE\fP, \fB\-fpie\fP or \fB\-pie\fP to a
+build-system using libtool is safe as these flags will get stripped when
+building shared libraries.
+Otherwise on projects that build both programs and shared libraries you
+might need to make sure that when building the shared libraries \fB\-fPIC\fP
+is always passed last (so that it overrides any previous \fB\-PIE\fP) to
+compilation flags such as \fBCFLAGS\fP, and \fB\-shared\fP is passed last
+(so that it overrides any previous \fB\-pie\fP) to linking flags such as
+\fBLDFLAGS\fP.
+
+.IP
 Additionally, since PIE is implemented via a general register, some
 register starved architectures (but not including i386 anymore since
 optimizations implemented in gcc >= 5) can see performance losses of up to

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git