On Mon, Oct 28, 2024 at 10:55:57PM +0100, Sebastian Ramacher wrote: > since dpkg 1.22.0 the additional hardening flags to enable Pointer > Authentication (PAC) and Branch Target Identification (BTI) > on arm64 are enabled by default. See [1] for the discussion to enable > these flags.
/me likes
> To have the desired effect for the next release and have some time
> to catch regressions, I have started with scheduling rebuilds of
> packages that have not been built since the change in the default flags.
> While the change of flags only affects arm64, packages building
> Multi-Arch: same binaries require consistent versions on all
> architectures. For those packages, the rebuilds have been scheduled on
> all architectures.
/me likes very much! background: even though snapshot.d.o has been
fixed now, so that it's become generally usable again, several many
snapshots from 2023 and 2024 are missing, thus making it impossible
to recreate the build environments used needed for reproducible builds
of trixie.
these mass rebuilds will help reduce that gap.
> Thanks to Emanuele Rocca for identifying the list of packages that have
> to be rebuilt to gain PAC/BTI support.
thank you both! :)
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Gendern ist wie Wurst ohne Fleisch: Fortschritt.
signature.asc
Description: PGP signature
