I did a quick comparison between the build flags, using the first
compiler command line from the build log, when it's building now.o:
--- noble-devel 2024-11-28 15:36:33.478894133 -0300
+++ noble-unapproved 2024-11-28 15:36:28.490813597 -0300
@@ -24,13 +24,18 @@
-D_REENTRANT=1
-DXP_UNIX=1
-fcf-protection
+-fdebug-prefix-map=/home/ubuntu/git/packages/nspr/nspr=/usr/src/nspr-2:4.35-1.1ubuntu1~24.04
+-ffat-lto-objects
+-ffile-prefix-map=/home/ubuntu/git/packages/nspr/nspr=.
+-flto=auto
-fno-inline
+-fno-omit-frame-pointer
-fPIC
-fstack-clash-protection
-fstack-protector-strong
-g
+-mno-omit-leaf-frame-pointer
-O2
--pipe
-pthread
-UDEBUG
-UHAVE_CVAR_BUILT_ON_SEM
We do see the expected frame pointer flags, but also:
- LTO is now enabled
- debug and file prefix maps. I think this affects debugging, perhaps debug
symbols, but I'm not sure about the impact.
Enabling LTO in an LTS release like this could be concerning. There are
plenty of cases where LTO had to be disabled in the archive (just look
at the lto-disabled-list package).
Do we really need to enable LTO in this SRU? If yes, what is the test
plan for that kind of change? I think an upload just enabling frame
pointers would be more acceptable.
** Changed in: nspr (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nspr in Ubuntu.
https://bugs.launchpad.net/bugs/2084460
Title:
[SRU] Please enable frame-pointer on Noble
Status in nspr package in Ubuntu:
Incomplete
Bug description:
[ Impact ]
In order to help developers with profiling, Ubuntu enabled frame-
pointers for packages in the main archive.
https://ubuntu.com/blog/ubuntu-performance-engineering-with-frame-
pointers-by-default
The `Affects` packages were missed due to the packaging issues. These
have been fixed on Oracular and can now be ported to Noble.
[ Test Plan ]
Look at the DW_AT_producer in the associated debug ELF file for flags.
-fno-omit-frame-pointer should be present after the fix.
The following scripts can be used as a reference
https://gist.github.com/julian-klode/85e55553f85c410a1b856a93dce77208
https://gist.github.com/julian-klode/95818246eaef0ac6a54588f7f368e25c
The nspr package comes with a build time test-suite that should ensure
some level of functionality from the re-built library.
override_dh_auto_test:
ifeq ($(filter nocheck,$(DEB_BUILD_OPTIONS)),)
$(MAKE) -C nspr/pr/tests
$(MAKE) -C nspr/lib/tests
# Skip gethost because it needs DNS, and thus networking.
# Skip fdcach, peek and vercheck because they fail.
# Skip socket because it freezes.
# Skip getproto because it fails on some buildds.
# Skip nblayer because it freezes on armel.
cd nspr/pr/tests && grep -v
'^\(fdcach\|gethost\|getproto\|nblayer\|peek\|socket\|vercheck\)$$'
./runtests.sh | sh - $(CURDIR)/nspr/dist
cd nspr/lib/tests &&
LD_LIBRARY_PATH=$(CURDIR)/nspr/dist/bin$(addprefix
:,$(LD_LIBRARY_PATH)) ./base64t
cd nspr/lib/tests &&
LD_LIBRARY_PATH=$(CURDIR)/nspr/dist/bin$(addprefix
:,$(LD_LIBRARY_PATH)) ./string
endif
[ Where problems could occur ]
No source changes are made. The packaging fixes have enabled other
security hardening flags. This could have unintended effects.
[ Other Info ]
changes in dpkg have been made to make sure frame-pointers are not
enabled on s390x and ppc64el.
Bug reference with similar SRU -
https://bugs.launchpad.net/ubuntu/+source/authbind/+bug/2081707
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nspr/+bug/2084460/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
