I disabled lto, but it comes back in via <foo>-config --libs
Julian Andres Klode
julian.klode at canonical.com
Fri Apr 29 21:20:41 UTC 2022
Sergio Durigan Junior <sergiodj at ubuntu.com> schrieb am Fr., 29. Apr. 2022,
20:14:
> On Friday, April 29 2022, Andreas Hasenack wrote:
>
> > Hi,
> >
> > I disabled lto in a build according to the instructions from [1]:
> >
> > export DEB_BUILD_MAINT_OPTIONS=optimize=-lto
> >
> > But I saw that it was still present in some steps of the build.
> > Notably when krb5/gssapi was used:
> > ...
> > -- Found GSSAPI: -L/usr/lib/x86_64-linux-gnu/mit-krb5
> > -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto
> > -Wl,-z,relro -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
> > ...
> > /usr/bin/cc -fPIC -g -O2
> > -ffile-prefix-map=/home/ubuntu/git/packages/mariadb/mariadb-10.6=.
> > -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
> > -D_FORTIFY_SOURCE=2 -Wdate-time -D_FORTIFY_SOURCE=2 -pie -fPIC
> > -fstack-protector --param=ssp-buffer-size=4 -Wunused -Wlogical-op
> > -Wno-uninitialized -Wall -Wextra -Wformat-security -Wno-init-self
> > -Wwrite-strings -Wshift-count-overflow -Wdeclaration-after-statement
> > -Wno-undef -Wno-unknown-pragmas -O2 -g -static-libgcc
> > -fno-omit-frame-pointer -fno-strict-aliasing -Wno-uninitialized
> > -fno-omit-frame-pointer -D_FORTIFY_SOURCE=2 -DDBUG_OFF -Wall
> > -Wdeclaration-after-statement -Wextra -Wformat-security
> > -Wno-format-truncation -Wno-init-self -Wno-nonnull-compare
> > -Wno-unused-parameter -Wvla -Wwrite-strings -DDBUG_OFF
> > -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro,-z,now -shared -o
> > auth_gssapi_client.so
> > CMakeFiles/auth_gssapi_client.dir/plugins/auth/auth_gssapi_client.c.o
> > CMakeFiles/auth_gssapi_client.dir/plugins/auth/gssapi_client.c.o
> > CMakeFiles/auth_gssapi_client.dir/plugins/auth/gssapi_errmsg.c.o
> > -L/usr/lib/x86_64-linux-gnu/mit-krb5 -Wl,-Bsymbolic-functions
> > -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -lgssapi_krb5
> > -lkrb5 -lk5crypto -lcom_err
> >
> > Indeed in this case it comes from kerberos/gssapi:
> >
> > $ krb5-config --libs gssapi
> > -L/usr/lib/x86_64-linux-gnu/mit-krb5 -Wl,-Bsymbolic-functions
> > -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -lgssapi_krb5
> > -lkrb5 -lk5crypto -lcom_err
> >
> > That sounds bad. It means only portions of the build will have lto
> > disabled, while others will flip it back on. How to sort this out?
> > Looks like the krb5 package needs some fixing, but I'm unsure how.
>
> Just reiterating what I told you during standup, this leakage is wrong
> and should be fixed in krb5's pkg-config definitions.
Wondering if it would make sense to have pkg-config (and pkgconf) strip
stuff when reading the files, or do some fixup in debhelper that works
everywhere rather than fixing this per package.
But I also don't know how it got there.
(sorry if phone messed up formatting)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20220429/53a4b925/attachment.html>
More information about the ubuntu-devel
mailing list