[pkg-gnupg-maint] Bug#870383: Bug#879014: gpgme1.0: FTBFS on some arches: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE

Guillem Jover guillem at debian.org
Tue Jul 7 06:06:34 BST 2020


Control: unmerge 870383
Control: reassign 870383 libdpkg-perl
Control: retitle 870383 libdpkg-perl: PIE specs files override previous entries
Control: reassign 879014 src:qtbase-opensource-src
Control: severity 879014 minor
Control: affects 870383 src:gpgme1.0
Control: affects 879014 src:gpgme1.0

Hi!

I've split (to reuse both instead of cloning a new one) and reassigned
the bugs where it seems they belong. See below for context.

On Wed, 2020-07-01 at 17:20:40 -0400, Daniel Kahn Gillmor wrote:
> Control: affects 879014 + dpkg src:qtbase-opensource-src
> Control: tags 879014 + patch
> 
> Hi folks--
> 
> Further conversation about problems compiling and linking against Qt and
> GPGME in debian suggest that the problem might be related to dpkg's
> default spec files, and confused by Qt's compiler warnings.
> 
> I'm attaching a patch to dpkg which (i think) reflects the fix proposed
> by Guillem Jover (in cc):

Yes this is what I had locally, thanks for testing! I'm including a
fix in the next upload.

> From 8d01f1419c62e24b662abc2e1ec708a7c63fbbfe Mon Sep 17 00:00:00 2001
> From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> Date: Wed, 1 Jul 2020 17:00:02 -0400
> Subject: [PATCH] Use +self_spec: instead of *self_spec:
> 
> After discussion with NIIBE Yutaka on https://dev.gnupg.org/T4982 and
> Guillem Jover on IRC, I think this is the correct fix for problems
> when compiling Qt/GPGME code in debian systems.
> 
> I don't fully understand the implications of this change, but i
> believe it is related to #870383 and #879014 (in the debian BTS) as
> well.
> ---
>  data/no-pie-compile.specs | 2 +-
>  data/no-pie-link.specs    | 2 +-
>  data/pie-compile.specs    | 2 +-
>  data/pie-link.specs       | 2 +-
>  4 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/data/no-pie-compile.specs b/data/no-pie-compile.specs
> index 2277b97ef..70cb36095 100644
> --- a/data/no-pie-compile.specs
> +++ b/data/no-pie-compile.specs
> @@ -1,2 +1,2 @@
> -*self_spec:
> ++self_spec:
>  + %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fno-PIE}}}}}}
> diff --git a/data/no-pie-link.specs b/data/no-pie-link.specs
> index 54db649b1..fa4162793 100644
> --- a/data/no-pie-link.specs
> +++ b/data/no-pie-link.specs
> @@ -1,2 +1,2 @@
> -*self_spec:
> ++self_spec:
>  + %{!shared:%{!r:%{!fPIE:%{!pie:-fno-PIE -no-pie}}}}
> diff --git a/data/pie-compile.specs b/data/pie-compile.specs
> index 74d82155c..c1ee08c71 100644
> --- a/data/pie-compile.specs
> +++ b/data/pie-compile.specs
> @@ -1,2 +1,2 @@
> -*self_spec:
> ++self_spec:
>  + %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:%{!fno-PIE:%{!no-pie:-fPIE}}}}}}}}
> diff --git a/data/pie-link.specs b/data/pie-link.specs
> index 94c122fd3..9b401e34a 100644
> --- a/data/pie-link.specs
> +++ b/data/pie-link.specs
> @@ -1,2 +1,2 @@
> -*self_spec:
> ++self_spec:
>  + %{!static:%{!shared:%{!r:%{!fno-PIE:%{!no-pie:-fPIE -pie}}}}}
> -- 
> 2.27.0
> 

I'm leaving this for the src:qtbase-opensource-src maintainers to
decide whether to pick up or not.

> gniibe also identified a problem in how Qt reports compilation warnings
> related to the PIE/PIC mismatch.  I've tried to address that in the
> following patch to qtbase-opensource-src:

> From 107f387ea625a67ef03b916ef965761f36de2bf4 Mon Sep 17 00:00:00 2001
> From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> Date: Wed, 1 Jul 2020 17:15:12 -0400
> Subject: [PATCH] Clarify warning message about PIC/PIE
> 
> As noted in discussion at https://dev.gnupg.org/T4982#135524, the
> warning message produced when there is a mismatch between
> position-independence of the Qt library and other compilations, the
> warning produced by Qt is confusing.
> 
> This is an attempt to express a warning that is more closely aligned
> with the actual test used.
> ---
>  src/corelib/global/qglobal.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/corelib/global/qglobal.h b/src/corelib/global/qglobal.h
> index fe8e8e8..971ee56 100644
> --- a/src/corelib/global/qglobal.h
> +++ b/src/corelib/global/qglobal.h
> @@ -1280,7 +1280,7 @@ Q_CORE_EXPORT int qrand();
>  #if !defined(QT_BOOTSTRAPPED) && defined(QT_REDUCE_RELOCATIONS) && defined(__ELF__) && \
>      (!defined(__PIC__) || (defined(__PIE__) && defined(Q_CC_GNU) && Q_CC_GNU >= 500))
>  #  error "You must build your code with position independent code if Qt was built with -reduce-relocations. "\
> -         "Compile your code with -fPIC (-fPIE is not enough)."
> +         "Compile your code with -fPIC (and not with -fPIE unless you have a very old version of GCC)."
>  #endif
>  
>  namespace QtPrivate {
> -- 
> 2.27.0
> 

> 
> If either of these two fixes are not appropriate to help resolve the
> problem, i'd appreciate help in figuring out what the right fixes are.
> 
> I am not an expert in either Qt or dpkg, so pointers and explanations
> are welcome.

Thanks,
Guillem



More information about the pkg-gnupg-maint mailing list