* [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
@ 2005-04-12 15:59 Maurice van der Pot
2005-04-12 16:10 ` Daniel Ostrow
2005-04-12 17:52 ` Mike Frysinger
0 siblings, 2 replies; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-12 15:59 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1619 bytes --]
I have the following situation:
- a package (valgrind) that can be compiled with PIE and uses PIE
for some purpose or other if it is supported
- tests (make check) that cannot be compiled with PIE
In the upstream release CFLAGS is reset to "-Wno-long-long", but I would
prefer to allow customised CFLAGS. I already asked the developers why
they reset the CFLAGS, but I haven't received an answer.
I made a small modification to configure to enable the use of make.conf's
CFLAGS, but now some problems occur. The first problem is a problem even
without this modification.
If compiled with the hardened gcc profile, -fno-pie has to be specified
when compiling the tests or it will fail. Specifying -fno-pie always
will force me to disable any PIE support through configure as well.
I tried to adapt the makefiles to disable pie themselves for the tests
only, but then I have another problem:
What if the user specifies -fpie in make.conf?
The compilation of the tests will fail because -fpie (from the environment)
will end up in CFLAGS after -fno-pie (from the makefile).
If I use flag-o-matic to filter out -fpie, it will add -fno-pie everywhere
and disable PIE altogether.
I'm looking for a solution that preferably:
- uses (some of) make.conf's CFLAGS
- compiles with all gcc profiles and all CFLAGS (filtering some is ok)
- does not disable PIE altogether
Is there such a solution?
Maurice.
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-12 15:59 [gentoo-dev] What to do with things like -fpie in CFLAGS in environment? Maurice van der Pot
@ 2005-04-12 16:10 ` Daniel Ostrow
2005-04-12 20:41 ` Maurice van der Pot
2005-04-15 19:27 ` Maurice van der Pot
2005-04-12 17:52 ` Mike Frysinger
1 sibling, 2 replies; 15+ messages in thread
From: Daniel Ostrow @ 2005-04-12 16:10 UTC (permalink / raw
To: gentoo-dev
On Tue, 2005-04-12 at 17:59 +0200, Maurice van der Pot wrote:
*snip*
> If compiled with the hardened gcc profile, -fno-pie has to be specified
> when compiling the tests or it will fail. Specifying -fno-pie always
> will force me to disable any PIE support through configure as well.
>
> I tried to adapt the makefiles to disable pie themselves for the tests
> only, but then I have another problem:
*snip*
Take a look at dev-libs/glib/files/glib-2.6.3-testglib-ssp.patch to see
how solar and I dealt with a similar issue with tests and ssp. See if
you can adapt it, we just forced -fno-stack-protector after the CFLAGS
pulled in from the system.
--Dan
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-12 15:59 [gentoo-dev] What to do with things like -fpie in CFLAGS in environment? Maurice van der Pot
2005-04-12 16:10 ` Daniel Ostrow
@ 2005-04-12 17:52 ` Mike Frysinger
2005-04-12 18:20 ` Maurice van der Pot
1 sibling, 1 reply; 15+ messages in thread
From: Mike Frysinger @ 2005-04-12 17:52 UTC (permalink / raw
To: gentoo-dev
On Tuesday 12 April 2005 11:59 am, Maurice van der Pot wrote:
> I have the following situation:
> - a package (valgrind) that can be compiled with PIE and uses PIE
> for some purpose or other if it is supported
> - tests (make check) that cannot be compiled with PIE
allowing user specified tests for `make check` doesnt really make much sense
and in fact it's probably a better idea to prevent user CFLAGS from being
used during `make check`
-mike
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-12 17:52 ` Mike Frysinger
@ 2005-04-12 18:20 ` Maurice van der Pot
2005-04-12 20:13 ` Mike Frysinger
0 siblings, 1 reply; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-12 18:20 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 995 bytes --]
On Tue, Apr 12, 2005 at 01:52:05PM -0400, Mike Frysinger wrote:
> On Tuesday 12 April 2005 11:59 am, Maurice van der Pot wrote:
> > I have the following situation:
> > - a package (valgrind) that can be compiled with PIE and uses PIE
> > for some purpose or other if it is supported
> > - tests (make check) that cannot be compiled with PIE
>
> allowing user specified tests for `make check` doesnt really make much sense
'user specified tests'?? The tests are part of valgrind, they just can't
be compiled with PIE.
> and in fact it's probably a better idea to prevent user CFLAGS from being
> used during `make check`
In theory, you're probably right. But would you really spend time on
disabling user CFLAGS for make check? How many ebuilds are doing this
right now anyway?
Maurice.
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-12 18:20 ` Maurice van der Pot
@ 2005-04-12 20:13 ` Mike Frysinger
0 siblings, 0 replies; 15+ messages in thread
From: Mike Frysinger @ 2005-04-12 20:13 UTC (permalink / raw
To: gentoo-dev
On Tuesday 12 April 2005 02:20 pm, Maurice van der Pot wrote:
> On Tue, Apr 12, 2005 at 01:52:05PM -0400, Mike Frysinger wrote:
> > On Tuesday 12 April 2005 11:59 am, Maurice van der Pot wrote:
> > > I have the following situation:
> > > - a package (valgrind) that can be compiled with PIE and uses PIE
> > > for some purpose or other if it is supported
> > > - tests (make check) that cannot be compiled with PIE
> >
> > allowing user specified tests for `make check` doesnt really make much
> > sense
>
> 'user specified tests'?? The tests are part of valgrind, they just can't
> be compiled with PIE.
err s/tests/CFLAGS/
> > and in fact it's probably a better idea to prevent user CFLAGS from being
> > used during `make check`
>
> In theory, you're probably right. But would you really spend time on
> disabling user CFLAGS for make check?
why not ? you've just shown they break things
src_test() { make check CFLAGS="" || die "make check failed" ; }
> How many ebuilds are doing this right now anyway?
how many ebuilds' src_test are sensitive user CFLAGS ? very few i'd say
-mike
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-12 16:10 ` Daniel Ostrow
@ 2005-04-12 20:41 ` Maurice van der Pot
2005-04-15 19:27 ` Maurice van der Pot
1 sibling, 0 replies; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-12 20:41 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 560 bytes --]
On Tue, Apr 12, 2005 at 12:10:25PM -0400, Daniel Ostrow wrote:
> Take a look at dev-libs/glib/files/glib-2.6.3-testglib-ssp.patch to see
> how solar and I dealt with a similar issue with tests and ssp. See if
> you can adapt it, we just forced -fno-stack-protector after the CFLAGS
> pulled in from the system.
Thanks for the tip. It was perfectly applicable.
Maurice.
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-12 16:10 ` Daniel Ostrow
2005-04-12 20:41 ` Maurice van der Pot
@ 2005-04-15 19:27 ` Maurice van der Pot
2005-04-15 19:38 ` Mike Frysinger
` (2 more replies)
1 sibling, 3 replies; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-15 19:27 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1387 bytes --]
On Tue, Apr 12, 2005 at 12:10:25PM -0400, Daniel Ostrow wrote:
>
> Take a look at dev-libs/glib/files/glib-2.6.3-testglib-ssp.patch to see
> how solar and I dealt with a similar issue with tests and ssp. See if
> you can adapt it, we just forced -fno-stack-protector after the CFLAGS
> pulled in from the system.
>
Ok, so I thought it was all well and good, but now a bug report made me
realise that gcc < 3.4 doesn't have -fpie/-fno-pie.
Here's the problem:
1) valgrind has some features that only work with -fpie
2) valgrind's tests fail to build with -fpie
3) because of the hardened gcc profile, valgrind's tests need -fno-pie
4) simply patching some makefiles to add -fno-pie for tests is not
possible because gcc < 3.4 doesn't support -fno-pie
5) having the valgrind developers modify their configure/makefiles to
add -fno-pie for tests in case gcc supports it is not enough, because
user CFLAGS are appended and CFLAGS in make.conf may contain -fpie
6) using filter-flags to get rid of -fpie in user's CFLAGS actually
adds -fno-pie and disables features referred to in 1)
What do I do now?
Why is -fno-pie being added by filter-flags anyway?
Maurice.
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 19:27 ` Maurice van der Pot
@ 2005-04-15 19:38 ` Mike Frysinger
2005-04-15 19:55 ` Maurice van der Pot
2005-04-15 19:40 ` Stephen Bennett
2005-04-15 20:13 ` Vibhav Garg
2 siblings, 1 reply; 15+ messages in thread
From: Mike Frysinger @ 2005-04-15 19:38 UTC (permalink / raw
To: gentoo-dev
On Friday 15 April 2005 03:27 pm, Maurice van der Pot wrote:
> Ok, so I thought it was all well and good, but now a bug report made me
> realise that gcc < 3.4 doesn't have -fpie/-fno-pie.
uhh, gcc-3.3.x should certainly support -fpie and -fno-pie
works on my 3.3.5.2005xxxx on amd64 ...
-mike
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 19:27 ` Maurice van der Pot
2005-04-15 19:38 ` Mike Frysinger
@ 2005-04-15 19:40 ` Stephen Bennett
2005-04-15 19:52 ` Maurice van der Pot
2005-04-15 20:13 ` Vibhav Garg
2 siblings, 1 reply; 15+ messages in thread
From: Stephen Bennett @ 2005-04-15 19:40 UTC (permalink / raw
To: gentoo-dev
On Fri, 2005-04-15 at 21:27 +0200, Maurice van der Pot wrote:
> What do I do now?
The obvious course of action would be to test whether the GCC being used
supports -fno-pie and add it if it does. If it doesn't, you'd just have
to assume that PIE isn't being used by default.
> Why is -fno-pie being added by filter-flags anyway?
Because with hardened gcc profiles PIE is the default behaviour. So, if
something doesn't work with pie (which is usually why one would filter
out -fpie), we need to add -fno-pie.
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 19:40 ` Stephen Bennett
@ 2005-04-15 19:52 ` Maurice van der Pot
0 siblings, 0 replies; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-15 19:52 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 912 bytes --]
On Fri, Apr 15, 2005 at 08:40:55PM +0100, Stephen Bennett wrote:
> > Why is -fno-pie being added by filter-flags anyway?
>
> Because with hardened gcc profiles PIE is the default behaviour. So, if
> something doesn't work with pie (which is usually why one would filter
> out -fpie), we need to add -fno-pie.
That's not filtering, that's inverting. In this case I need filtering.
I can try to get the developers to change their makefiles, but none of
that would help if I can't get -fpie and -fno-pie out of the user's
CFLAGS.
I could of course close any bugs that I would get because of these
CFLAGS as invalid and suggest they use the appropriate gcc profile
instead.
Would that be reasonable?
Maurice.
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 19:38 ` Mike Frysinger
@ 2005-04-15 19:55 ` Maurice van der Pot
2005-04-15 20:05 ` Mike Frysinger
0 siblings, 1 reply; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-15 19:55 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 386 bytes --]
On Fri, Apr 15, 2005 at 03:38:04PM -0400, Mike Frysinger wrote:
> uhh, gcc-3.3.x should certainly support -fpie and -fno-pie
In that case, take a look at
http://bugs.gentoo.org/show_bug.cgi?id=89179.
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 19:55 ` Maurice van der Pot
@ 2005-04-15 20:05 ` Mike Frysinger
2005-04-15 20:28 ` Maurice van der Pot
0 siblings, 1 reply; 15+ messages in thread
From: Mike Frysinger @ 2005-04-15 20:05 UTC (permalink / raw
To: gentoo-dev
On Friday 15 April 2005 03:55 pm, Maurice van der Pot wrote:
> On Fri, Apr 15, 2005 at 03:38:04PM -0400, Mike Frysinger wrote:
> > uhh, gcc-3.3.x should certainly support -fpie and -fno-pie
>
> In that case, take a look at
> http://bugs.gentoo.org/show_bug.cgi?id=89179.
it's because he has USE=boundschecking ... in that case, it's Not Your
Problem :)
mark it a dupe of Bug 86860 where i'm handling this issue and forgot your
users ever complained !
-mike
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 19:27 ` Maurice van der Pot
2005-04-15 19:38 ` Mike Frysinger
2005-04-15 19:40 ` Stephen Bennett
@ 2005-04-15 20:13 ` Vibhav Garg
2005-04-15 20:36 ` Mike Frysinger
2 siblings, 1 reply; 15+ messages in thread
From: Vibhav Garg @ 2005-04-15 20:13 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maurice van der Pot wrote:
> On Tue, Apr 12, 2005 at 12:10:25PM -0400, Daniel Ostrow wrote:
>
>>Take a look at dev-libs/glib/files/glib-2.6.3-testglib-ssp.patch to see
>>how solar and I dealt with a similar issue with tests and ssp. See if
>>you can adapt it, we just forced -fno-stack-protector after the CFLAGS
>>pulled in from the system.
>>
>
>
> Ok, so I thought it was all well and good, but now a bug report made me
> realise that gcc < 3.4 doesn't have -fpie/-fno-pie.
>
> Here's the problem:
> 1) valgrind has some features that only work with -fpie
> 2) valgrind's tests fail to build with -fpie
> 3) because of the hardened gcc profile, valgrind's tests need -fno-pie
> 4) simply patching some makefiles to add -fno-pie for tests is not
> possible because gcc < 3.4 doesn't support -fno-pie
> 5) having the valgrind developers modify their configure/makefiles to
> add -fno-pie for tests in case gcc supports it is not enough, because
> user CFLAGS are appended and CFLAGS in make.conf may contain -fpie
> 6) using filter-flags to get rid of -fpie in user's CFLAGS actually
> adds -fno-pie and disables features referred to in 1)
>
> What do I do now?
>
> Why is -fno-pie being added by filter-flags anyway?
>
> Maurice.
>
Sorry for the dumb question but was do -fpie and -fno-pie do?
Vibhav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCYCCDiriTCkdDSX4RAh0jAKCUE560f+O4wDPLsG4cKQvYAPIb/wCfZoaE
wom30rnS7jvQRshUsIDCyGc=
=Wnty
-----END PGP SIGNATURE-----
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 20:05 ` Mike Frysinger
@ 2005-04-15 20:28 ` Maurice van der Pot
0 siblings, 0 replies; 15+ messages in thread
From: Maurice van der Pot @ 2005-04-15 20:28 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 859 bytes --]
On Fri, Apr 15, 2005 at 04:05:16PM -0400, Mike Frysinger wrote:
> On Friday 15 April 2005 03:55 pm, Maurice van der Pot wrote:
> > On Fri, Apr 15, 2005 at 03:38:04PM -0400, Mike Frysinger wrote:
> > > uhh, gcc-3.3.x should certainly support -fpie and -fno-pie
> >
> > In that case, take a look at
> > http://bugs.gentoo.org/show_bug.cgi?id=89179.
>
> it's because he has USE=boundschecking ... in that case, it's Not Your
> Problem :)
>
> mark it a dupe of Bug 86860 where i'm handling this issue and forgot your
> users ever complained !
> -mike
Cool, all not masked gcc's support the flags I need. Guess I have Friday
night off after all.
Thanks Mike!
--
Maurice van der Pot
Gentoo Linux Developer griffon26@gentoo.org http://www.gentoo.org
Creator of BiteMe! griffon26@kfk4ever.com http://www.kfk4ever.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-dev] What to do with things like -fpie in CFLAGS in environment?
2005-04-15 20:13 ` Vibhav Garg
@ 2005-04-15 20:36 ` Mike Frysinger
0 siblings, 0 replies; 15+ messages in thread
From: Mike Frysinger @ 2005-04-15 20:36 UTC (permalink / raw
To: gentoo-dev
On Friday 15 April 2005 04:13 pm, Vibhav Garg wrote:
> Sorry for the dumb question but was do -fpie and -fno-pie do?
yeah you should be sorry !
seriously though, PIE stands for Position Independent Executables and -fpie /
-fno-pie controls whether the toolchain produces PIE (mmm PIE)
for something less vague, try this page:
http://hardened.gentoo.org/pie-ssp.xml
-mike
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2005-04-15 20:36 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-12 15:59 [gentoo-dev] What to do with things like -fpie in CFLAGS in environment? Maurice van der Pot
2005-04-12 16:10 ` Daniel Ostrow
2005-04-12 20:41 ` Maurice van der Pot
2005-04-15 19:27 ` Maurice van der Pot
2005-04-15 19:38 ` Mike Frysinger
2005-04-15 19:55 ` Maurice van der Pot
2005-04-15 20:05 ` Mike Frysinger
2005-04-15 20:28 ` Maurice van der Pot
2005-04-15 19:40 ` Stephen Bennett
2005-04-15 19:52 ` Maurice van der Pot
2005-04-15 20:13 ` Vibhav Garg
2005-04-15 20:36 ` Mike Frysinger
2005-04-12 17:52 ` Mike Frysinger
2005-04-12 18:20 ` Maurice van der Pot
2005-04-12 20:13 ` Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox