[dpkg] 182/200: Dpkg::Vendor::Debian: Switch PIE handling to have no default (!)

Ximin Luo infinity0 at debian.org
Wed Apr 5 15:17:38 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository dpkg.

commit ce97c5865788e0d311645d12d1c84f6fdf1412ea
Author: Guillem Jover <guillem at debian.org>
Date:   Tue Feb 7 15:47:23 2017 +0100

    Dpkg::Vendor::Debian: Switch PIE handling to have no default (!)
    
    Delegate the setting to gcc builtin or an explicit request by a user.
    This is needed to cope with the general PIE brokenness situation in
    Debian, and the current specific brokenness of a Debian gcc patch
    mangling the dpkg build flags.
    
    This is wrong in so many levels, as we'll have discrepancies between
    architectures, the interface towards maintainers is inconsistent, and
    updating the PIE support needs touching and coordinating two places. But
    it's certainly the current lesser evil.
    
    Closes: #848129, #845550
---
 debian/changelog              |  5 +++++
 man/dpkg-buildflags.man       |  2 +-
 scripts/Dpkg/Vendor/Debian.pm | 15 ++++++++++++---
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ec8551d..3c98ade 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,11 @@ dpkg (1.18.23) UNRELEASED; urgency=medium
       Thanks to Nicolas Boulenguez <nicolas at debian.org>.
     - Mark kfreebsd-amd64, kfreebsd-i386, sparc and sparc64 architectures as
       having gcc builtin PIE in Dpkg::Vendor::Debian.
+    - Switch PIE handling in Dpkg::Vendor::Debian to have no default (!) and
+      delegate the setting to gcc or an explicit request by a user. This is
+      needed to cope with the general PIE brokenness situation in Debian, and
+      the current specific brokenness of a Debian gcc patch mangling the dpkg
+      build flags. Closes: #848129, #845550
   * Documentation:
     - Clarify the requirements for deb-conffile(5) pathnames. Closes: #854417
       Proposed by Dieter Adriaenssens <dieter.adriaenssens at gmail.com>.
diff --git a/man/dpkg-buildflags.man b/man/dpkg-buildflags.man
index e5ec7f7..60f67a5 100644
--- a/man/dpkg-buildflags.man
+++ b/man/dpkg-buildflags.man
@@ -347,7 +347,7 @@ above). The option cannot become enabled if \fBrelro\fP is not enabled.
 .
 .TP
 .B pie
-This setting (enabled by default since dpkg 1.18.11, and injected by default
+This setting (with no default since dpkg 1.18.23, and injected by default
 by gcc on the amd64, arm64, armel, armhf, i386, kfreebsd-amd64, kfreebsd-i386,
 mips, mipsel, mips64el, ppc64el, s390x, sparc and sparc64 Debian architectures)
 adds the required options via gcc specs files if
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 1ddd6f7..091ec42 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -258,7 +258,9 @@ sub _add_hardening_flags {
 
     # Default feature states.
     my %use_feature = (
-	pie => 1,
+	# XXX: This is set to undef so that we can cope with the brokenness
+	# of gcc managing this feature builtin.
+	pie => undef,
 	stackprotector => 1,
 	stackprotectorstrong => 1,
 	fortify => 1,
@@ -321,7 +323,8 @@ sub _add_hardening_flags {
     }
 
     # PIE
-    if ($use_feature{pie} and not $builtin_feature{pie}) {
+    if (defined $use_feature{pie} and $use_feature{pie} and
+        not $builtin_feature{pie}) {
 	my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs";
 	$flags->append('CFLAGS', $flag);
 	$flags->append('OBJCFLAGS',  $flag);
@@ -331,7 +334,8 @@ sub _add_hardening_flags {
 	$flags->append('CXXFLAGS', $flag);
 	$flags->append('GCJFLAGS', $flag);
 	$flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs");
-    } elsif (not $use_feature{pie} and $builtin_feature{pie}) {
+    } elsif (defined $use_feature{pie} and not $use_feature{pie} and
+             $builtin_feature{pie}) {
 	my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs";
 	$flags->append('CFLAGS', $flag);
 	$flags->append('OBJCFLAGS',  $flag);
@@ -388,6 +392,11 @@ sub _add_hardening_flags {
 	$flags->append('LDFLAGS', '-Wl,-z,now');
     }
 
+    # Set used features to their builtin setting if unset.
+    foreach my $feature (keys %builtin_feature) {
+	$use_feature{$feature} //= $builtin_feature{$feature};
+    }
+
     # Store the feature usage.
     while (my ($feature, $enabled) = each %use_feature) {
 	$flags->set_feature('hardening', $feature, $enabled);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list