Control: affects -1 - debsig-verify Hi!
On Sun, 2016-09-11 at 14:44:58 +0200, Balint Reczey wrote: > Control: affects -1 debsig-verify > Recent discussion on debian devel suggests that it is a better > practice to use -fPIC even for static libraries: > https://lists.debian.org/debian-devel/2016/05/msg00309.html I don't think that's the conclusion to take from that thread, as it depends on the intended usage. And right now to preserve the current behavior compiling static libraries with PIE is the right choice. We might really not want some static libraries to be linkable into shared libraries. Like in this case. > I faced this issue while testing enabling PIE (and bindnow) for > whole ports. I'm actually surprised, and suspect some methodology error here. > Please see debsig-verify's build log here: > https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/debsig-verify_0.15_amd64.build.gz dpkg has been built with PIE for some time, which means that libdpkg should also have been built with PIE; which also means debsig-veirfy should have worked there as it works when building right now in unstable. > At the moment there is now way to enable PIE for debsig-verify > due to this bug. I don't think this is correct. > I understand that you don't want to ship a shared library thus > please build libdpkg.a with -fPIC. libdpkg.a should be built with PIE already, and I don't see anything else to do here currently. Thanks, Guillem
