[pkg-gnupg-maint] Bug#879014: gpgme1.0: FTBFS: Qt needs a compile with -fPIC (PIE is not enough), hardening downgrades to PIE

Thorsten Glaser tg at mirbsd.de
Wed Oct 18 13:12:57 UTC 2017


Source: gpgme1.0
Version: 1.9.0-6
Severity: important
Justification: fails to build from source (but built successfully in the past), on d-ports arch

https://buildd.debian.org/status/fetch.php?pkg=gpgme1.0&arch=x32&ver=1.9.0-6&stamp=1507702170&raw=0
points out the problem: Qt wants to be compiled with -fPIC and sets up
the CFLAGS appropriately, yet hardening comes into the way as it adds
the PIE *after* the PIC.

Cc’ing qtbase5-dev and dpkg maintainers.

Downgrading *dpkg* to 1.18.10 was not enough this time, I also¹ had to
edit debian/rules to get it to compile:
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie

① I didn’t test whether that was enough with up-to-date dpkg.
  We have a Python transition to get forward.

-- System Information:
Debian Release: buster/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)


More information about the pkg-gnupg-maint mailing list