[opensuse-factory] Minutes distribution meeting 2007-01-25
Here're the minutes from last week's meeting. Topics: * Use fast linking style: The linker & glibc in 10.2 support the --hash-style=both (or just gnu) flag, which halves linking time [ still a major cost on all startup]. Unfortunately - it seems we only re-compiled glibc with this flag, and not all the other applications in the system :-) Risk wise this is a no-brainer, Red Hat are already shipping with --hash-style=gnu [ this is unfortunate since the binaries are then not back-compatible ]. We should most likely use --hash-style=both (at some small size penalty) - but after some time switch over to --hash-style=gnu to save size. The size difference is < 0.1 %. We will enable it by default. * libata per default (see minutes from last time - the partitioning question is still open) Moved to next meeting since one (critical) participant was missing. * Enable -fstack-protector for the new distros for every package by default Red Hat according to their press statements builds all of their distribution using -fstack-protector, the heuristic stack overflow detection. While we use -D_FORTIFY_SOURCE=2, this one only covers known arrays. I think we should also enable -fstack-protector for all packages. If we enable it by default in the compiler, all software will automatically get the benefit too. To analyze what effect this will have on performance we will run SPEC2000 and build one distribution with and one without the flag. -fstack-protector only adds protection to those functions that might overflow but not to all (-fstack-protector=all would instrument all). We will add it to RPM_OPT_FLAGS at the end of next week. AI: Run SPEC2000 AI: Build Alpha0plus without -fstack-protector and then rebuild with it. AI: Analyze performance and size differences. * Handling of compat packages These packages are inherited from old releases. The question is which libraries are really needed. AI: to ask on opensuse mailing list what is needed and start working on tracking list. Proposal: We consider having a library naming proposal that includes the version number so that people can easily grab an library RPM package from an older distro if needed. AI: write up proposal and discuss it on opensuse-packaging. * Avahi/mDNSResponder compatibility: Please assign all bugs to gnome-maintainers, they will look at it from March on. * Blacklisting /opt/gnome We can blacklist this path in autobuild and then packages still using /opt/gnome for FACTORY will not build. We will first prepare a list of packages still using it and later blacklist. Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
Andreas Jaeger schrieb:
* Enable -fstack-protector for the new distros for every package by default
Gentoo is supporting -fstack-protector for quite some time now and you might want to have a look at their ebuild database for some packages that have little propblems with that compiler flag. If you're interested, i'll aggregate some bugzilla entries from bugs.g.o for this... A quick grep over portage brought these packages all have some special handling for -fstack-protector (or simply disable it): mozilla-firefox mozilla-thunderbird wesnoth xterm tetex texlive iptables sane-backends (seems only amd64) hesiod amule lsof lm_sensors memtest86 grub (seems to be build issue) syslinux qemu xen-tools opal openh323 xulrunner hylafax lyx openoffice windowmaker perl ocaml erlang dietlibc pwlib libffi monotone valgrind emacs (ICE) fcpci wireshark --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Heiko Helmle wrote:
Andreas Jaeger schrieb:
* Enable -fstack-protector for the new distros for every package by default
Gentoo is supporting -fstack-protector for quite some time now and you might want to have a look at their ebuild database for some packages that have little propblems with that compiler flag.
If you're interested, i'll aggregate some bugzilla entries from bugs.g.o for this...
A quick grep over portage brought these packages all have some special handling for -fstack-protector (or simply disable it):
mozilla-firefox mozilla-thunderbird xulrunner
At least these have stack-protector enabled since 10.1 I think and I never got an issue because of that. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wolfgang Rosenauer wrote:
Heiko Helmle wrote:
mozilla-firefox mozilla-thunderbird xulrunner
At least these have stack-protector enabled since 10.1 I think and I never got an issue because of that.
wireshark
Same here for wireshark. - -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o Package Maintainer Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFwGEYASE5C6aRcUQRAj0+AKCdg+VrO47+n1jss+lV0VydV+rT5ACdFPKI qx2Pm5+AwmhXF6XF57c+6yM= =CxL4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Let's continue this discussion on the packaging mailing list. Heiko Helmle <heiko.helmle@head.de> writes:
Andreas Jaeger schrieb:
* Enable -fstack-protector for the new distros for every package by default
Gentoo is supporting -fstack-protector for quite some time now and you might want to have a look at their ebuild database for some packages that have little propblems with that compiler flag.
Fedora should have patches as well. If people using the buildservice like to test this, it would be fine.
If you're interested, i'll aggregate some bugzilla entries from bugs.g.o for this...
A quick grep over portage brought these packages all have some special handling for -fstack-protector (or simply disable it):
mozilla-firefox mozilla-thunderbird wesnoth xterm tetex texlive iptables sane-backends (seems only amd64) hesiod amule lsof lm_sensors memtest86 grub (seems to be build issue) syslinux qemu xen-tools opal openh323 xulrunner hylafax lyx openoffice windowmaker perl ocaml erlang dietlibc pwlib libffi monotone valgrind emacs (ICE) fcpci wireshark
Thanks for that list, let's see what we figure out in our build, Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Wed, Jan 31, 2007 at 08:36:26AM +0100, Heiko Helmle wrote:
Andreas Jaeger schrieb:
* Enable -fstack-protector for the new distros for every package by default
Gentoo is supporting -fstack-protector for quite some time now and you might want to have a look at their ebuild database for some packages that have little propblems with that compiler flag.
If you're interested, i'll aggregate some bugzilla entries from bugs.g.o for this...
A quick grep over portage brought these packages all have some special handling for -fstack-protector (or simply disable it):
We will be evaluating this on a case by case basis as they come. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (5)
-
Andreas Jaeger -
Heiko Helmle -
Marcus Meissner -
Pavol Rusnak -
Wolfgang Rosenauer