Steps taken to verify the python2.7 optimization flags patch on Jammy

1. Create test container
$ lxc launch ubuntu:jammy jammy-2002043
$ lxc shell ubuntu:jammy jammy-2002043

2. Install required packages
For Jammy
# apt update -y && apt install -y python2 python-pip
For Focal
# apt update -y && apt install -y python2 python-setuptools

3. Create test files
# mkdir testprog
# cd testprog
# cat >setup.py <<EOL
from setuptools import setup, Extension

setup(
    name="test",
    ext_modules=[Extension("test", sources=["testmodule.c"])],
    zip_safe=False
)
EOL
# cat >testmodule.c <<EOL
#include <stdio.h>

int main(void)
{
        printf("This is test program");
        return 0;
}
EOL

4. Check CFLAGS and OPT
# python2 -c "import sysconfig; print(sysconfig.get_config_var('CFLAGS'))"
-fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-W40Ff2/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security
# python2 -c "import sysconfig; print(sysconfig.get_config_var('OPT'))"
-DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes

Notice the OPT flags, and look out for them


5. Compile a test program
# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC build/temp.linux-x86_64-2.7/testmodule.o -o build/lib.linux-x86_64-2.7/test.so
copying build/lib.linux-x86_64-2.7/test.so -> 
# strings build/lib.linux-x86_64-2.7/test.so | grep -- -O
GNU GIMPLE 11.4.0 -mtune=generic -march=x86-64 -g -g -g -g -O2 -fno-openmp -fno-openacc -fcf-protection=full -fno-strict-aliasing -fwrapv -fstack-protector-strong -ffat-lto-objects -fstack-protector-strong -fPIC -fltrans


6. Enable proposed and upgrade
# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
# apt update -y
# apt install -y python2.7=2.7.18-13ubuntu1.2
# dpkg -s python2.7 | grep Version:
Version: 2.7.18-13ubuntu1.2


7. Test the fix with the workaround applied
# export APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND=""
# rm -rf build/ test.so
# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND detected, using workaround.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC build/temp.linux-x86_64-2.7/testmodule.o -o build/lib.linux-x86_64-2.7/test.so
copying build/lib.linux-x86_64-2.7/test.so -> 
# strings build/lib.linux-x86_64-2.7/test.so | grep -- -O
GNU GIMPLE 11.4.0 -mtune=generic -march=x86-64 -g -g -g -g -O2 -O2 -fno-openmp -fno-openacc -fcf-protection=full -fno-strict-aliasing -fwrapv -fstack-protector-strong -ffat-lto-objects -fstack-protector-strong -fPIC -fltrans
GNU C17 11.4.0 -mtune=generic -march=x86-64 -g -g -O2 -fno-strict-aliasing -fwrapv -flto -flto -ffat-lto-objects -fstack-protector-strong -fPIC -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protection


8. Little extra testing for fun by adding custom OPT flags to ensure they are being pulled with the workaround
# rm -rf build/ test.so
# unset APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND

Let's add a flag to the OPT flags which will make compilation fail and very explicitly show that the workaround is working properly.
# sed -i s/"'OPT': '-DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes'"/"'OPT': '-DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -MitchellIsCool'"/g /usr/lib/python2.7/plat-x86_64-linux-gnu/_sysconfigdata_nd.py

Now let's compile it WITHOUT the workaround which will NOT pick up this OPT flag, this makes it very clear that it is not picking up the OPT flags since it will finish compiling.

# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC build/temp.linux-x86_64-2.7/testmodule.o -o build/lib.linux-x86_64-2.7/test.so
copying build/lib.linux-x86_64-2.7/test.so -> 


Now let's try the workaround
# rm -rf build/ test.so
# export APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND=""
# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND detected, using workaround.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -MitchellIsCool -Wdate-time -D_FORTIFY_SOURCE=2 -g -ffile-prefix-map=/build/python2.7-RH0SVf/python2.7-2.7.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
x86_64-linux-gnu-gcc: error: unrecognized command-line option ‘-MitchellIsCool’
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1


We can see my flag being added to the compile time flags, and a failure to compile is seen, which is what we want for this test.