You are not logged in.
While searching for old packages I found in /var/cache/pacman/pkg several packages, older than 4 years, e.g.
-rw-r--r-- 1 root root 171520 May 16 2013 jfsutils-1.1.15-4-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root 20156 May 13 2013 pcmciautils-018-7-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root 10088 May 5 2013 xml2-0.5-1-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root 25352 Apr 28 2013 sdl_image-1.2.12-3-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root 29456 Apr 16 2013 liblqr-0.4.2-1-x86_64.pkg.tar.xz
My question is: Even if the source code is up-to-date and bug-free - does it make sense to recompile these packages from time to time?
I'm thinking about new compiler/linker side with updated, optimized, hardened binary creation.
Thanks!
Last edited by ua4000 (2017-08-29 16:24:03)
Offline
I would say no.
Offline
All of these are in the official repos, so you don't have to worry about rebuilding them.
Moving thread to Pacman Issues.
Offline
They are in the main repos, but they haven't been touched in 4 years. So it superficially seems a fair question as compilers have continued to mature over the past 4 years. It's certainly possibly that a rebuild could produce slightly better machine code.
However, the difference between gcc with default settings from 2013 and gcc with default settings today would likely be trivial compared to the benefits you might get from rebuilding any of those packages yourself with march=native and other optimization flags (with either an old or new gcc really). Of course these benefits would also be trivial.
Machine-specific optimizations are often not worth the effort. GCC 2013 to GCC 2017 is trivial in comparison to some thing that is often not worth the effort; so ...
Last edited by Trilby (2017-08-26 20:17:03)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Looking at the hardening aspect yes older packages would miss -fno-plt -z,now from the current makepkg.conf and gcc/clang being built with PIE enabled by default.
Looking at https://www.archlinux.org/todo/pie-rebuild/ being incomplete and -fstack-check is anticipated to be added when it has been fixed upstream so it might be more appropriate
to do such a rebuild then.
Looking at sdl_image it should be 1.2.12-4 from 2017-03-30 21:12 UTC
Looking at xml2
$ makepkg
==> Making package: xml2 0.5-1 (Sat 26 Aug 22:48:19 UTC 2017)
==> Retrieving sources...
-> Downloading xml2-0.5.tar.gz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found
==> ERROR: Failure while downloading http://download.ofb.net/gale/xml2-0.5.tar.gz
Aborting...
Last edited by loqs (2017-08-26 22:05:19)
Offline
Thanks for the infos!
Offline
If you feel inclined you could file a bug about xml2's missing sources as arch relies on upstream supplying the sources to meet GPL requirements as well as obviously preventing rebuilds.
Offline
Check it is not here first: https://sources.archlinux.org/
Offline