Control: tags -1 + patch Hi Sam and Andreas,
Evidently, Andreas meant to sent this reply to the bug, but it never reached the bug report. Hence, I am full quoting his mail. On Thu, Dec 07, 2023 at 05:25:41PM +0100, Andreas Henriksson wrote: > > > On 7 Dec 2023 14:13, Helmut Grohne <hel...@subdivi.de> wrote: > > > Source: pam > Version: 1.3.1-1 > Severity: important > Justification: bootstrap set > User: debian-cr...@lists.debian.org > Usertags: ftcbfs > X-Debbugs-Cc: Andreas Henriksson <andr...@fatal.se> > > Hi, > > since we now enabled PAC/BTI flags, distinguishing build flags and host > flags has become important. pam already does this, but about four years > ago Andreas added a fix-autoreconf.patch that breaks this distinction. > > In essence, I think Andreas meant to ensure that CFLAGS passed by a user > are not discarded but passed to actual build invocations and that's what > his patch does in effect. > > > I don't have any memory about this anymore and the commit message doesn't > really help much: > > https://salsa.debian.org/vorlon/pam/-/commit/ > 950330a6f8184506b17dc86ca52e17bc153326ff > > Since the patch is called fix autoreconf I guess there was a problem with > autoreconf at some point. > > > > > Cross compilation poses the opposite requirement: Flags passed via > CFLAGS must not propagate to some of the compiler invocations, because > the compiler may be unable to understand them as is the case with e.g. > -mbranch-protection=standard. > > I note that in a native build, configure.ac already sets > BUILD_CFLAGS=${CFLAGS}, so this assignment should be harmless for native > builds. If it really was, Andreas probably wouldn't have patched it, so > rather than simply reverting the patch, we should understand the problem > he was trying to solve and I quite obviously miss something important. > > > If we can't see any obvious reason for something that would break by just > dropping the patch, then I'm all for dropping it. We now have: * We don't know what fix-autoreconf fixes. * We know that fix-autoreconf breaks cross compilation. * We know that autoreconf works without the fix-autoreconf patch applied. * Andreas (patch author) and me agree that the patch should be dropped. > > > > Can I leave this up to you? To verify the cross build failure, please > use amd64 or arm64 as host architecture. These are the only ones with > architecture-specific compiler flags. > > Helmut > > > /Andreas > > > > > Sam can you drop the patch please? Otherwise, would you prefer me doing a porter NMU of pam? Helmut
