[Bug 1828171] [NEW] New toolchain updates need to be rebuilt against -security only

Ɓukasz Zemczak 1828171 at bugs.launchpad.net
Wed May 8 07:13:15 UTC 2019 

Public bug reported:

[Impact]
With LP: #1814369, the toolchain packages have been updated in both cosmic and bionic, but due to an error those packages were built in -proposed as any regular SRU. For toolchain updates there exists a policy that those should be always built against -security *only*, and then released to both -security and -updates.

Since this is not the case with the current toolchain update, we need to
no-change rebuild all of the previously released toolchain packages in a
-security enabled devirt PPA, sync them to -proposed with binaries and
then release into the archives.

[Regression Potential]
As these are toolchain packages, there is always some regression potential. These will be no-change rebuilds so in theory the risk should be low, but the current versions of the packages have not been built against -security only before. It is hard to say how any regressions could manifest themselves.

[Test Case]
Making sure there are no reported regressions in the GCC and binutils test suites. Hopefully this will be sufficient.

** Affects: binutils (Ubuntu)
     Importance: High
         Status: New

** Affects: gcc-7 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: gcc-8 (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: gcc-8 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: gcc-7 (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1828171

Title:
  New toolchain updates need to be rebuilt against -security only

Status in binutils package in Ubuntu:
  New
Status in gcc-7 package in Ubuntu:
  New
Status in gcc-8 package in Ubuntu:
  New

Bug description:
  [Impact]
  With LP: #1814369, the toolchain packages have been updated in both cosmic and bionic, but due to an error those packages were built in -proposed as any regular SRU. For toolchain updates there exists a policy that those should be always built against -security *only*, and then released to both -security and -updates.

  Since this is not the case with the current toolchain update, we need
  to no-change rebuild all of the previously released toolchain packages
  in a -security enabled devirt PPA, sync them to -proposed with
  binaries and then release into the archives.

  [Regression Potential]
  As these are toolchain packages, there is always some regression potential. These will be no-change rebuilds so in theory the risk should be low, but the current versions of the packages have not been built against -security only before. It is hard to say how any regressions could manifest themselves.

  [Test Case]
  Making sure there are no reported regressions in the GCC and binutils test suites. Hopefully this will be sufficient.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1828171/+subscriptions

More information about the foundations-bugs mailing list