On Friday, March 17, 2017 14:36:25 Stephen Gallagher wrote:
> There was an issue[1] with GCC7 during the mass-rebuild. Despite the
> Fedora-wide setting of -Werror=format-security, GCC did not process its
> command-line properly and an unknown number of packages were built without
> this flag appropriately set. As a result, all of those packages built
> successfully during the mass-rebuild, where many should in fact have
> reported compilation errors and been rejected.
IMO the only correct fix is to remove -Werror=format-security from default
compiler flags in Fedora build environment. It obviously introduces more
problems than it solves. I believe that using -Werror in production builds
is a really bad idea in general. There are other, more efficient, ways to
detect such warnings off production build environment.
Why do not you use 'csmock --gcc-add-flag=...' instead?
- You can scan for any (default, non-default, experimental) compiler warnings
and obtain machine-readable data for further processing, instead of bunch of
FTBFS bugs that need to be analyzed by developers.
- You do not need to change anything in the build root.
- You do not need to change anything in the packages being scanned.
- Usual specfile hacks to suppress rpmbuild-provided compiler flags are
completely ineffective when you use csmock to enforce compiler flags.
- You can do it fully independently of production builds, yet obtain the
expected (and even more precise) results.
> As part of the modular builds that the Base Runtime is performing, we need
> to rebuild all packages that are going into the base runtime (as well as
> the set of packages required to self-host the base runtime). Because GCC
> has been updated to properly handle the CLI arguments, somewhere between
> two and three dozen packages now throw errors on building.
>
> Because we are under time-constraints, Petr Šabata and myself will be using
> our provenpackager privileges to apply patches to these packages without
> waiting for maintainer correspondence. The patches will be very simple, as
> the fix for this issue will be in most cases the equivalent of replacing
> printf(variable) with printf("%s", variable)
Please be careful. This is a good way to introduce new bugs into otherwise
reliably working software. Have a look at the following patch to see how
easily things can go wrong:
https://bugzilla.redhat.com/show_bug.cgi?id=1025257#c5
Kamil
> In very rare cases where the fix is non-obvious, we may take the short-term
> solution of setting -Wno-format-security for that package and open a
> Bugzilla for the maintainer to fix it properly (or engage upstream to do
> the same).
>
>
> [1]
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/
> thread/GSA63D76T3K7EHSWNKNN2Y2UMYIIXZZE/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
