Backport build CFLAGS/LIB_CFLAGS issue

News and discussion about development of the Debian OS itself

Backport build CFLAGS/LIB_CFLAGS issue

Postby VA1DER » 2018-12-28 19:12

I recently made a backport of OpenSSL 1.1.1a to Debian Jessie (using the Buster source package). One issue I had to deal with was where both -fPIC and -fPIE were appearing on the library and DSO CFLAGS lines.

I don't have a more up-to-date straight Debian system to play with, all I have are Debian Jessie servers and Linux Mint desktops based on Ubuntu 18.04. In Jessie, the build process is putting -fPIE on all the CFLAGS and LDFLAGS lines. On the LIB_CFLAGS and DSO_CFLAGS this was causing a problem in that the -fPIE came later than -fPIC and was overriding it. I was able to correct the problem by a minor patch to the makefile template that reversed the order so that -fPIC came at the end, but this is inelegant.

What I am trying to understand is where in the build process the -fPIE cflag came from. On Ubuntu 18.04 systems it doesn't appear at all. On my Debian Jessie systems it's not coming from dpkg-buildflags - the output for that will be below. I want to fix my Jessie backport so that it's the Debian build system that is patched, and not the upstream makefile template, but I don't understand the build process well enough to even know where that flag is coming from. I do know it appears nowhere in upstream in any template or script, only in one comment about Android.

Suggestions on where it might be coming from?

Thanks

Code: Select all
~$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
FCFLAGS=-g -O2 -fstack-protector-strong
FFLAGS=-g -O2 -fstack-protector-strong
GCJFLAGS=-g -O2 -fstack-protector-strong
LDFLAGS=-Wl,-z,relro
OBJCFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
OBJCXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
User avatar
VA1DER
 
Posts: 6
Joined: 2018-12-20 04:34

Re: Backport build CFLAGS/LIB_CFLAGS issue

Postby stevepusser » 2018-12-28 22:23

The default flags might be influenced by what version of debhelper you're using. I'm pretty sure the newest you can get for Jessie is 10.2 in jessie-backports.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Foliate 1.5.3, Minitube 3.1, wine-staging 4.12, Virtual Box 5.2.32 & 6.0.10, Pale Moon 28.6.1, Waterfox 56.2.12
User avatar
stevepusser
 
Posts: 11007
Joined: 2009-10-06 05:53

Re: Backport build CFLAGS/LIB_CFLAGS issue

Postby stevepusser » 2018-12-28 22:29

The default flags might be influenced by what version of debhelper you're using, and/or by specifying hardening flags in the debian/rules file. I'm pretty sure the newest you can get for Jessie is 10.2 in jessie-backports.

However, a patch to the Makefile isn't that inelegant a workaround, as long as you stick in debian/patches with
Code: Select all
dpkg-source --commit


You can also create various Ubuntu and Debian build platforms on one install with pbuilder or sbuild--build Buster i386 packages on a Jessie amd64 host platform, for example, or Jessie packages on your Mint install, through the magic of chroots.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Foliate 1.5.3, Minitube 3.1, wine-staging 4.12, Virtual Box 5.2.32 & 6.0.10, Pale Moon 28.6.1, Waterfox 56.2.12
User avatar
stevepusser
 
Posts: 11007
Joined: 2009-10-06 05:53


Return to Debian Development

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable