Dear People of Debian-Devel, Current Policy (3.9.8.0) mandates discussion on debian-devel@d.o before changing packages to ship static libraries compiled with -fPIC:
--- 10.2 Libraries ... (paragraph about shared libs) As to the static libraries, the common case is not to have relocatable code, since there is no benefit, unless in specific cases; therefore the static version must not be compiled with the -fPIC flag. Any exception to this rule should be discussed on the mailing list debian-devel@lists.debian.org, and the reasons for compiling with the -fPIC flag must be recorded in the file README.Debian. [86] In other words, if both a shared and a static library is being built, each source unit (*.c, for example, for C files) will need to be compiled twice, for the normal case. --- I am hereby asking for exceptions for the following packages: Bug Package Title #586572 libdpkg-dev libdpkg-dev: Please provide a libdpkg shared library #712228 src:ghc Hardening flag -pie breaks compilation with GHC #804254 publib-dev publib-dev: please build libpub.a with -fPIC #837350 src:binutils binutils: Please build libbfd.a with -fPIC #837359 src:ocaml ocaml: Please build libasmrun.a and libcamlrun.a with -fPIC #837363 src:cpputest cpputest: Please build libCppUTest.a with -fPIC #837417 src:ctn ctn: Please build libctn.a with -fPIC #837423 src:jack-audio-connection-kit jack-audio-connection-kit: Please build libjack.a with -fPIC #837424 src:portaudio19 portaudio19: Please build libportaudio.a with -fPIC #837434 src:binpac binpac: Please build libbinpac.a with -fPIC #837445 src:check check: Please build libcheck.a with -fPIC #837452 src:simgear simgear: Please build libSimGearCore.a and libSimGearScene.a with -fPIC #837489 src:antlr antlr: Please build libantlr.a with -fPIC #837490 src:libpapyrus3-dev libpapyrus3-dev: Please build libPapyrus3.a with -fPIC #837491 src:libgadap-dev libgadap-dev: Please build libgadap.a with -fPIC Converting the mentioned shared libraries to PIC allows rebuilding reverse build-dependencies with PIE and also enables switching several architectures to use PIE by default [1]. I have filed a bug [2] to relax/change policy, but to conform to the current one asking for the exceptions above is needed. There is an active thread [3] about using PIC/PIE generally for static libraries on debian-devel. Please keep this one focusing on the exception. Thanks, Balint [1] https://wiki.debian.org/Hardening/PIEByDefaultTransition [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837478 [3] https://lists.debian.org/debian-devel/2016/05/msg00306.html [4] https://lists.debian.org/debian-devel/2016/09/msg00217.html
