[Solved] re-build old arch packages regularly ?

ua4000 · 2017-08-26 08:27:09

While searching for old packages I found in /var/cache/pacman/pkg several packages, older than 4 years, e.g.

-rw-r--r-- 1 root root    171520 May 16  2013 jfsutils-1.1.15-4-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root     20156 May 13  2013 pcmciautils-018-7-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root     10088 May  5  2013 xml2-0.5-1-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root     25352 Apr 28  2013 sdl_image-1.2.12-3-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root     29456 Apr 16  2013 liblqr-0.4.2-1-x86_64.pkg.tar.xz

My question is: Even if the source code is up-to-date and bug-free - does it make sense to recompile these packages from time to time?
I'm thinking about new compiler/linker side with updated, optimized, hardened binary creation.

Thanks!

Last edited by ua4000 (2017-08-29 16:24:03)

Stefan Husmann · 2017-08-26 16:04:16

I would say no.

x33a · 2017-08-26 18:40:10

All of these are in the official repos, so you don't have to worry about rebuilding them.

Moving thread to Pacman Issues.

Trilby · 2017-08-26 20:16:36

They are in the main repos, but they haven't been touched in 4 years. So it superficially seems a fair question as compilers have continued to mature over the past 4 years. It's certainly possibly that a rebuild could produce slightly better machine code.

However, the difference between gcc with default settings from 2013 and gcc with default settings today would likely be trivial compared to the benefits you might get from rebuilding any of those packages yourself with march=native and other optimization flags (with either an old or new gcc really). Of course these benefits would also be trivial.

Machine-specific optimizations are often not worth the effort. GCC 2013 to GCC 2017 is trivial in comparison to some thing that is often not worth the effort; so ...

Last edited by Trilby (2017-08-26 20:17:03)

loqs · 2017-08-26 22:04:51

Looking at the hardening aspect yes older packages would miss -fno-plt -z,now from the current makepkg.conf and gcc/clang being built with PIE enabled by default.
Looking at https://www.archlinux.org/todo/pie-rebuild/ being incomplete and -fstack-check is anticipated to be added when it has been fixed upstream so it might be more appropriate
to do such a rebuild then.
Looking at sdl_image it should be 1.2.12-4 from 2017-03-30 21:12 UTC
Looking at xml2

$ makepkg
==> Making package: xml2 0.5-1 (Sat 26 Aug 22:48:19 UTC 2017)
==> Retrieving sources...
  -> Downloading xml2-0.5.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (22) The requested URL returned error: 404 Not Found
==> ERROR: Failure while downloading http://download.ofb.net/gale/xml2-0.5.tar.gz
    Aborting...

Last edited by loqs (2017-08-26 22:05:19)

ua4000 · 2017-08-29 16:23:37

Thanks for the infos!

loqs · 2017-08-29 16:33:24

If you feel inclined you could file a bug about xml2's missing sources as arch relies on upstream supplying the sources to meet GPL requirements as well as obviously preventing rebuilds.

Allan · 2017-08-30 01:34:26

Check it is not here first: https://sources.archlinux.org/

Arch Linux

#1 2017-08-26 08:27:09

[Solved] re-build old arch packages regularly ?

#2 2017-08-26 16:04:16

Re: [Solved] re-build old arch packages regularly ?

#3 2017-08-26 18:40:10

Re: [Solved] re-build old arch packages regularly ?

#4 2017-08-26 20:16:36

Re: [Solved] re-build old arch packages regularly ?

#5 2017-08-26 22:04:51

Re: [Solved] re-build old arch packages regularly ?

#6 2017-08-29 16:23:37

Re: [Solved] re-build old arch packages regularly ?

#7 2017-08-29 16:33:24

Re: [Solved] re-build old arch packages regularly ?

#8 2017-08-30 01:34:26

Re: [Solved] re-build old arch packages regularly ?

Board footer