[Pkg-openssl-devel] Bug#845193: Bug#845193: dpkg: recent -specs PIE changes break openssl

Guillem Jover guillem at debian.org
Thu Dec 8 00:20:06 UTC 2016 

Hi!

On Wed, 2016-11-30 at 22:00:12 +0100, Kurt Roeckx wrote:
> On Wed, Nov 30, 2016 at 07:55:55PM +0000, Thorsten Glaser wrote:
> > Kurt Roeckx dixit:
> > >> Unfortunately, I have no idea; 1.1 builds, 1.0 doesn’t.
> > >
> > >But both are actually in installed state now?

> > Yes because I built it in a chroot in which I downgraded dpkg
> > to .10, which led to a completely fine build of openssl1.0
> > with testsuite enabled even.
> > 
> > >And if only 1.0 is affected, I'm not sure why it's assigned to the
> > >openssl source package.
> > 
> > I’m not sure why Guillem reassigned the bug either, considering
> > I cloned it in the first place to have one part in openssl1.0
> > and one in dpkg (or, more likely, gcc-6)…
> 
> So I'm rather confused. I at least see some mention of a log with
> -fPIC before the -specs, and then failing to link because it's not
> build using -fPIC but the specs override that to use -fPIE. So I
> would need to find a way to move the -fPIC after the flags set by
> dpkg.  But I don't actually find any log on buildd.debian.org that
> shows that problem.
> 
> In any case, 1.1 seems to place the -fPIC after the CFLAGS from
> dpkg, so I guess moving it around will fix things.

When using the specs files the order is irrelevant, at least relative
to options vs specs. So moving the flags after the specs should not
change anything, see this example session on amd64:

  ,---
  $ gcc -pie -fPIE -specs=/usr/share/dpkg/no-pie-compile.specs \
    -specs=/usr/share/dpkg/no-pie-link.specs -o test test.c
  $ readelf -h test|grep Type
  Type:                              DYN (Shared object file)
  $ gcc -specs=/usr/share/dpkg/no-pie-compile.specs \
    -specs=/usr/share/dpkg/no-pie-link.specs -pie -fPIE -o test test.c
  $ readelf -h test|grep Type
  Type:                              DYN (Shared object file)
  $ gcc -specs=/usr/share/dpkg/no-pie-compile.specs \
    -specs=/usr/share/dpkg/no-pie-link.specs  -o test test.c
  $ readelf -h test|grep Type
  Type:                              EXEC (Executable file)
  $ gcc -specs=/usr/share/dpkg/no-pie-compile.specs \
    -specs=/usr/share/dpkg/no-pie-link.specs \
    -specs=/usr/share/dpkg/pie-compile.specs \
    -specs=/usr/share/dpkg/pie-link.specs  -o test test.c
  $ readelf -h test|grep Type
  Type:                              DYN (Shared object file)
  `---

The actual problem here, is that for whatever reason on x32 and only
x32, the build system is (as I noted in #845193#10) calling link_a.gnu
instead of the link_o.gnu target, which tries to link a static library
composed of PIE objects into a shared library, which makes it fail.

Thanks,
Guillem

More information about the Pkg-openssl-devel mailing list