Wednesday, 16 August 2017

Potential indirect fallout due to toolchain updates

all of this is just FYI in case you run into something similar.

Recently nut became an FTBFS package, triggered by a combo of:
1. nut's build system having an error
2. nut has default hardening=+all
3. net-snmp configure options disabled -pie
4. changes to our toolchain around PIE

- due to PIE now being default chaning hardening= now behaves differently (former "-fPIE" became "", and former "" became "-specs=/usr/share/dpkg/no-pie-compile.specs")
- if set on cflags in general LDflags need the matching no-pie-link.specs to work
- if you had cases where cflags and ldflags didn't match properly there are chances they break while before tolerating the issue

Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd