Bug#802579: binutils changed ld.bfd / ld.gold files and symlinks

Mon, 07 Dec 2015 12:52:05 -0800 

On 2015-12-07 11:39 +0800, YunQiang Su wrote:

> On Sat, 14 Nov 2015 02:20:40 +0100 Matthias Klose <d...@debian.org> wrote:
>> Control: severity -1 serious
>>
>> binutils built from the 2.26 branch is now in unstable.
>>
>>
>
> I uploaded this packages with the attached patch to 3-days delay.

Thanks for taking care of hardening-wrapper, but I am afraid your
changes are not quite correct.

> diff -Nru hardening-wrapper-2.7/debian/hardening-wrapper.links 
> hardening-wrapper-2.8+nmu1/debian/hardening-wrapper.links
> --- hardening-wrapper-2.7/debian/hardening-wrapper.links      2013-09-14 
> 03:55:36.000000000 +0800
> +++ hardening-wrapper-2.8+nmu1/debian/hardening-wrapper.links 2015-12-07 
> 11:33:14.000000000 +0800
> @@ -1,12 +1,13 @@
>  #!/bin/sh
>  # programatically build links (change debian/h-w.{preinst,postrm} too)
> -for ver in 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9
> +eval $(dpkg-architecture -a)
> +for ver in 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 5
>  do
>      echo usr/bin/hardened-cc usr/bin/gcc-$ver
>      echo usr/bin/hardened-c++ usr/bin/g++-$ver
>  done
>  cat <<EOM
> -usr/bin/hardened-ld usr/bin/ld.bfd
> -usr/bin/hardened-ld usr/bin/ld.gold
> +usr/bin/hardened-ld usr/bin/${DEB_BUILD_MULTIARCH}-ld.bfd
> +usr/bin/hardened-ld usr/bin/${DEB_BUILD_MULTIARCH}-ld.gold

DEB_BUILD_MULTIARCH is not the right variable, you want
DEB_HOST_GNU_TYPE instead - except on {,kfreebsd-,hurd-}i386, where
binutils is configured for i686{-linux,-kfreebsd,}-gnu rather than
i586{-linux,-kfreebsd,}-gnu currently reported by dpkg-architecture.

> diff -Nru hardening-wrapper-2.7/debian/hardening-wrapper.postrm 
> hardening-wrapper-2.8+nmu1/debian/hardening-wrapper.postrm
> --- hardening-wrapper-2.7/debian/hardening-wrapper.postrm     2013-09-14 
> 03:55:52.000000000 +0800
> +++ hardening-wrapper-2.8+nmu1/debian/hardening-wrapper.postrm        
> 2015-12-07 10:48:44.000000000 +0800
> @@ -6,17 +6,19 @@
>               --rename --remove /usr/bin/"$1" || true
>  }
>  
> +eval $(dpkg-architecture -a)

You can't really use dpkg-architecture in maintainer scripts, since
hardening-wrapper does not depend on dpkg-dev.  Even if it were to do
that, the result is not necessarily correct, e.g. hardening-wrapper
could have a different architecture than dpkg.

Cheers,
       Sven

Reply via email to