diff options
| author | Guillem Jover <guillem@debian.org> | 2017-02-07 15:47:23 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2017-02-26 23:40:16 +0100 |
| commit | ce97c5865788e0d311645d12d1c84f6fdf1412ea (patch) | |
| tree | 9d97ec51270a0b61281ee839f21ebe5a4530a4ff /scripts | |
| parent | 8e6660991e63cce477c8cb2e2ba62237b351efc0 (diff) | |
| download | dpkg-ce97c5865788e0d311645d12d1c84f6fdf1412ea.tar.gz | |
Dpkg::Vendor::Debian: Switch PIE handling to have no default (!)
Delegate the setting to gcc builtin or an explicit request by a user.
This is needed to cope with the general PIE brokenness situation in
Debian, and the current specific brokenness of a Debian gcc patch
mangling the dpkg build flags.
This is wrong in so many levels, as we'll have discrepancies between
architectures, the interface towards maintainers is inconsistent, and
updating the PIE support needs touching and coordinating two places. But
it's certainly the current lesser evil.
Closes: #848129, #845550
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Dpkg/Vendor/Debian.pm | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 1ddd6f7fb..091ec42ad 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -258,7 +258,9 @@ sub _add_hardening_flags { # Default feature states. my %use_feature = ( - pie => 1, + # XXX: This is set to undef so that we can cope with the brokenness + # of gcc managing this feature builtin. + pie => undef, stackprotector => 1, stackprotectorstrong => 1, fortify => 1, @@ -321,7 +323,8 @@ sub _add_hardening_flags { } # PIE - if ($use_feature{pie} and not $builtin_feature{pie}) { + if (defined $use_feature{pie} and $use_feature{pie} and + not $builtin_feature{pie}) { my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs"; $flags->append('CFLAGS', $flag); $flags->append('OBJCFLAGS', $flag); @@ -331,7 +334,8 @@ sub _add_hardening_flags { $flags->append('CXXFLAGS', $flag); $flags->append('GCJFLAGS', $flag); $flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs"); - } elsif (not $use_feature{pie} and $builtin_feature{pie}) { + } elsif (defined $use_feature{pie} and not $use_feature{pie} and + $builtin_feature{pie}) { my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs"; $flags->append('CFLAGS', $flag); $flags->append('OBJCFLAGS', $flag); @@ -388,6 +392,11 @@ sub _add_hardening_flags { $flags->append('LDFLAGS', '-Wl,-z,now'); } + # Set used features to their builtin setting if unset. + foreach my $feature (keys %builtin_feature) { + $use_feature{$feature} //= $builtin_feature{$feature}; + } + # Store the feature usage. while (my ($feature, $enabled) = each %use_feature) { $flags->set_feature('hardening', $feature, $enabled); |