Bug 129491 - app-emulation/xen-tools-3.0.2 emerge failed with hardened profile
|
Bug#:
129491
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: CLOSED
|
Severity: normal
|
Priority: P2
|
|
Resolution: TEST-REQUEST
|
Assigned To: chrb@gentoo.org
|
Reported By: langthang@gentoo.org
|
|
Component: Applications
|
|
|
URL:
|
|
Summary: app-emulation/xen-tools-3.0.2 emerge failed with hardened profile
|
|
Keywords:
|
|
Status Whiteboard:
|
|
Opened: 2006-04-10 08:51 0000
|
gcc -DNDEBUG -m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement
-DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2
-msoft-float -D__ASSEMBLY__ -DDEBUG -DTEXTADDR=0x000D0000 -c trap.S
cpp -P -DDEBUG -DTEXTADDR=0x000D0000 vmxassist.ld > vmxassist.tmp
ld -o vmxassist -m elf_i386 -nostdlib --fatal-warnings -N -T vmxassist.tmp
head.o trap.o vm86.o setup.o util.o
vm86.o: In function `address':
vm86.c:(.text+0x19): undefined reference to `__guard'
vm86.c:(.text+0x51): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x8e): undefined reference to `__guard'
vm86.o: In function `trace':
vm86.c:(.text+0x189): undefined reference to `__guard'
vm86.c:(.text+0x1d4): undefined reference to `__guard'
vm86.c:(.text+0x1f0): undefined reference to `__stack_smash_handler'
vm86.o: In function `getreg32':
vm86.c:(.text+0x2fa): undefined reference to `__guard'
vm86.o: In function `.L32':
vm86.c:(.text+0x338): undefined reference to `__stack_smash_handler'
vm86.o: In function `setreg32':
vm86.c:(.text+0x39e): undefined reference to `__guard'
vm86.o: In function `.L44':
vm86.c:(.text+0x3d8): undefined reference to `__stack_smash_handler'
vm86.o: In function `sib':
vm86.c:(.text+0x42b): undefined reference to `__guard'
vm86.c:(.text+0x484): undefined reference to `__guard'
vm86.c:(.text+0x4a3): undefined reference to `__stack_smash_handler'
vm86.o: In function `operand':
vm86.c:(.text+0x56a): undefined reference to `__guard'
vm86.c:(.text+0x6ad): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x700): undefined reference to `__guard'
vm86.c:(.text+0x70b): undefined reference to `__guard'
vm86.o: In function `.L139':
vm86.c:(.text+0x764): undefined reference to `__guard'
vm86.o: In function `.L138':
vm86.c:(.text+0x78e): undefined reference to `__guard'
vm86.o: In function `movr':
vm86.c:(.text+0x93b): undefined reference to `__guard'
vm86.o:vm86.c:(.text+0x9c0): more undefined references to `__guard' follow
vm86.o: In function `movr':
vm86.c:(.text+0x9e0): undefined reference to `__stack_smash_handler'
vm86.o: In function `load_seg':
vm86.c:(.text+0xd4b): undefined reference to `__guard'
vm86.c:(.text+0xda1): undefined reference to `__stack_smash_handler'
vm86.o: In function `set_mode':
vm86.c:(.text+0xf19): undefined reference to `__guard'
vm86.c:(.text+0xf74): undefined reference to `__guard'
vm86.c:(.text+0xf94): undefined reference to `__stack_smash_handler'
vm86.o: In function `interrupt':
vm86.c:(.text+0x139d): undefined reference to `__guard'
vm86.c:(.text+0x1478): undefined reference to `__stack_smash_handler'
vm86.o: In function `outbyte':
vm86.c:(.text+0x14a9): undefined reference to `__guard'
vm86.c:(.text+0x14e8): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x1537): undefined reference to `__guard'
vm86.o: In function `inbyte':
vm86.c:(.text+0x1619): undefined reference to `__guard'
vm86.c:(.text+0x1654): undefined reference to `__stack_smash_handler'
vm86.o: In function `emulate':
vm86.c:(.text+0x16b9): undefined reference to `__guard'
vm86.o: In function `.L321':
vm86.c:(.text+0x1795): undefined reference to `__guard'
vm86.c:(.text+0x17b5): undefined reference to `__stack_smash_handler'
vm86.o: In function `trap':
vm86.c:(.text+0x2619): undefined reference to `__guard'
vm86.c:(.text+0x264a): undefined reference to `__guard'
vm86.c:(.text+0x2666): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x26bc): undefined reference to `__guard'
setup.o: In function `banner':
setup.c:(.text+0x16): undefined reference to `__guard'
setup.c:(.text+0x113): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_gdt':
setup.c:(.text+0x14b): undefined reference to `__guard'
setup.c:(.text+0x226): undefined reference to `__stack_smash_handler'
setup.o: In function `set_intr_gate':
setup.c:(.text+0x259): undefined reference to `__guard'
setup.c:(.text+0x2b6): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_idt':
setup.c:(.text+0x2e8): undefined reference to `__guard'
setup.c:(.text+0x31e): undefined reference to `__guard'
setup.c:(.text+0x33a): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_pic':
setup.c:(.text+0x369): undefined reference to `__guard'
setup.c:(.text+0x3d3): undefined reference to `__stack_smash_handler'
setup.o: In function `setiomap':
setup.c:(.text+0x409): undefined reference to `__guard'
setup.c:(.text+0x449): undefined reference to `__stack_smash_handler'
setup.o: In function `enter_real_mode':
setup.c:(.text+0x478): undefined reference to `__guard'
setup.c:(.text+0x573): undefined reference to `__guard'
setup.c:(.text+0x58f): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_ctx':
setup.c:(.text+0x5fb): undefined reference to `__guard'
setup.c:(.text+0x795): undefined reference to `__stack_smash_handler'
setup.o: In function `start_bios':
setup.c:(.text+0x7c4): undefined reference to `__guard'
setup.c:(.text+0x80f): undefined reference to `__guard'
setup.c:(.text+0x82b): undefined reference to `__stack_smash_handler'
setup.o: In function `main':
setup.c:(.text+0x879): undefined reference to `__guard'
setup.c:(.text+0x8d4): undefined reference to `__stack_smash_handler'
util.o: In function `putchar':
util.c:(.text+0x19): undefined reference to `__guard'
util.c:(.text+0x3f): undefined reference to `__stack_smash_handler'
util.o: In function `strlen':
util.c:(.text+0x68): undefined reference to `__guard'
util.c:(.text+0xa5): undefined reference to `__stack_smash_handler'
util.o: In function `printnum':
util.c:(.text+0xcb): undefined reference to `__guard'
util.c:(.text+0x118): undefined reference to `__stack_smash_handler'
util.o: In function `_doprint':
util.c:(.text+0x15b): undefined reference to `__guard'
util.c:(.text+0x2b4): undefined reference to `__guard'
util.c:(.text+0x2d4): undefined reference to `__stack_smash_handler'
util.o: In function `panic':
util.c:(.text+0x409): undefined reference to `__guard'
util.c:(.text+0x44f): undefined reference to `__stack_smash_handler'
util.o: In function `vprintf':
util.c:(.text+0x479): undefined reference to `__guard'
util.c:(.text+0x4b0): undefined reference to `__stack_smash_handler'
util.o: In function `printf':
util.c:(.text+0x4d9): undefined reference to `__guard'
util.c:(.text+0x510): undefined reference to `__stack_smash_handler'
util.o: In function `dump_dtr':
util.c:(.text+0x536): undefined reference to `__guard'
util.c:(.text+0x5f9): undefined reference to `__guard'
util.c:(.text+0x615): undefined reference to `__stack_smash_handler'
util.o: In function `dump_vmx_context':
util.c:(.text+0x649): undefined reference to `__guard'
util.c:(.text+0xbc9): undefined reference to `__stack_smash_handler'
util.o: In function `print_e820_map':
util.c:(.text+0xbf9): undefined reference to `__guard'
util.c:(.text+0xce2): undefined reference to `__guard'
util.c:(.text+0xcfe): undefined reference to `__stack_smash_handler'
util.o: In function `hexdump':
util.c:(.text+0xd46): undefined reference to `__guard'
util.c:(.text+0xe8e): undefined reference to `__guard'
util.c:(.text+0xeaa): undefined reference to `__stack_smash_handler'
util.o: In function `dump_regs':
util.c:(.text+0xed8): undefined reference to `__guard'
util.c:(.text+0x1005): undefined reference to `__guard'
util.c:(.text+0x1021): undefined reference to `__stack_smash_handler'
util.o: In function `memset':
util.c:(.text+0x1059): undefined reference to `__guard'
util.c:(.text+0x1091): undefined reference to `__stack_smash_handler'
util.o: In function `memcpy':
util.c:(.text+0x10c9): undefined reference to `__guard'
util.c:(.text+0x1113): undefined reference to `__stack_smash_handler'
make[2]: *** [vmxassist.bin] Error 1
make[2]: Leaving directory
`/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/vmxassist'
make[1]: *** [all] Error 2
make[1]: Leaving directory
`/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware'
make: *** [all] Error 2
make: Leaving directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools'
!!! ERROR: app-emulation/xen-tools-3.0.2 failed.
Call stack:
ebuild.sh, line 1532: Called dyn_compile
ebuild.sh, line 929: Called src_compile
xen-tools-3.0.2.ebuild, line 69: Called die
!!! compile failed
!!! If you need support, post the topmost build error, and the call stack if
relevant.
mail xen-tools # emerge info
Portage 2.1_pre7-r5 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r3,
2.6.16-rc5-xen i686)
=================================================================
System uname: 2.6.16-rc5-xen i686 Intel(R) Pentium(R) 4 CPU 1.80GHz
Gentoo Base System version 1.12.0_pre16
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
dev-lang/python: 2.4.2-r1
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r2
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse
-msse2 -mfpmath=sse"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/mail/dspam /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control
/var/run/dspam"
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/revdep-rebuild
/etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse
-msse2 -mfpmath=sse"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer noinfo parallel-fetch sandbox
sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.utf8"
LINGUAS="en_US vi"
MAKEOPTS="-j2"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/portage/overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="apache2 berkdb bzip2 crypt dlloader hardened ithreads mysql nls pam pic
readline sasl ssl tcpd unicode userlocales utf8 vhosts x86 zlib elibc_glibc
kernel_linux linguas_en_US linguas_vi userland_GNU"
Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS
If I set gcc to i686-pc-linux-gnu-3.4.6-vanilla, xen-tools-3.0.2 emerge fine.
The xen Makefiles try to filter CFLAGS building different parts of the source
with the function:
test-gcc-flag = $(shell $(1) -v --help 2>&1 | grep -q " $(2) " && echo $(2))
calls are like:
./xen/arch/x86/Rules.mk:CFLAGS += $(call test-gcc-flag,$(CC),-nopie)
./xen/arch/x86/Rules.mk:CFLAGS += $(call
test-gcc-flag,$(CC),-fno-stack-protector)
./xen/arch/x86/Rules.mk:CFLAGS += $(call
test-gcc-flag,$(CC),-fno-stack-protector-all)
./tools/ioemu/target-i386-dm/Makefile:SSE2 := $(call
test-gcc-flag,$(CC),-msse2)
$ gcc --help -v 2>&1|grep sse2
-mno-sse2 Do not support MMX, SSE and SSE2 built-in functions
and code generation
-msse2 Support MMX, SSE and SSE2 built-in functions and
code generation
$ gcc --help -v 2>&1|grep pie
gcc version 3.4.6 (Gentoo 3.4.6, ssp-3.4.5-1.0, pie-8.7.9)
-fpie Generate position-independent code for
-pie, --pic-executable Create a position independent executable
So the question is - why does gcc on Gentoo not show these -no* options in it's
help for the hardened flags, when apparently other distros do?
You could obviously filter the flags for all the built software, like the old
ebuilds did, but that kind of negates the point of running hardened - only
vmxassist and hvmloader need non-hardened flags.
I've tried to fix the problem by just adding the -nopie -no-stack* flags to the
hvmloader and vmxassist Makefiles. Let me know if it works.
(In reply to comment #1)
> The xen Makefiles try to filter CFLAGS building different parts of the source
> with the function:
>
> test-gcc-flag = $(shell $(1) -v --help 2>&1 | grep -q " $(2) " && echo $(2))
>
> calls are like:
>
> ./xen/arch/x86/Rules.mk:CFLAGS += $(call test-gcc-flag,$(CC),-nopie)
> ./xen/arch/x86/Rules.mk:CFLAGS += $(call
> test-gcc-flag,$(CC),-fno-stack-protector)
> ./xen/arch/x86/Rules.mk:CFLAGS += $(call
> test-gcc-flag,$(CC),-fno-stack-protector-all)
> ./tools/ioemu/target-i386-dm/Makefile:SSE2 := $(call
> test-gcc-flag,$(CC),-msse2)
>
> $ gcc --help -v 2>&1|grep sse2
> -mno-sse2 Do not support MMX, SSE and SSE2 built-in functions
> and code generation
> -msse2 Support MMX, SSE and SSE2 built-in functions and
> code generation
>
> $ gcc --help -v 2>&1|grep pie
> gcc version 3.4.6 (Gentoo 3.4.6, ssp-3.4.5-1.0, pie-8.7.9)
> -fpie Generate position-independent code for
> -pie, --pic-executable Create a position independent executable
>
> So the question is - why does gcc on Gentoo not show these -no* options in it's
> help for the hardened flags, when apparently other distros do?
>
> You could obviously filter the flags for all the built software, like the old
> ebuilds did, but that kind of negates the point of running hardened - only
> vmxassist and hvmloader need non-hardened flags.
>
there are couple problem with the way they test for PIE/SSP.
1. if CFLAGS is unset, the test failed to detect gcc. I have to have
USE=custom-cflags to buils xen-tools
2. with xen-tools-3.0.2, they unset CFLAGS in the
tools/firmware/{hvmloader,vmxassist}Makefile which causes test-gcc-flag failed
to detect hardened gcc .
my workaround similar to your, but I just commented the "CFLAGS :=" line
sed -i -e 's/CFLAGS :=/# CFLAGS :=/g' "${S}/tools/firmware/hvmloader/Makefile"
"${S}/tools/firmware/vmxassist/Makefile"
It isn't the unset of CFLAGS that causes the failed gcc detect, it's the fact
that under Gentoo 'gcc -v --help' doesn't show the nopie and no-stack-protector
flags. Their code apparently works fine on other distributions.
If you just comment out the CFLAG := in the Makefiles, where do your -nopie
no-stack-protector flags come from? They must be set somewhere for vmxassist to
build?
I wasn't clear in my last comment, I meant it failed to detect gentoo gcc.
Why unset CFLAGS cause it failed I don't know (yet), but commented that line
put "-nopie -fno-stack-protector" back in there as you can see below. I
differed the Makefile from the older version and notice the new "CFLAGS :="
line
make[2]: Entering directory
`/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/vmxassist'
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr
-mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32
-Wall -Wstrict-prototypes -Wdeclaration-after-statement
-D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG
-m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -DDEBUG
-DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float
-D__ASSEMBLY__ -DDEBUG -DTEXTADDR=0x000D0000 -c head.S
gcc -Wall -Werror -Wstrict-prototypes -Wdeclaration-after-statement -I.
-I../../../tools/libxc -o gen gen.c
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr
-mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32
-Wall -Wstrict-prototypes -Wdeclaration-after-statement
-D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG
-m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -DDEBUG
-DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float
-c vm86.c
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr
-mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32
-Wall -Wstrict-prototypes -Wdeclaration-after-statement
-D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG
-m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -DDEBUG
-DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float
-c setup.c
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr
-mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32
-Wall -Wstrict-prototypes -Wdeclaration-after-statement
-D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG
-m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -DDEBUG
-DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float
-c util.c
./gen > offsets.h
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr
-mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32
-Wall -Wstrict-prototypes -Wdeclaration-after-statement
-D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG
-m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -DDEBUG
-DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float
-D__ASSEMBLY__ -DDEBUG -DTEXTADDR=0x000D0000 -c trap.S
cpp -P -DDEBUG -DTEXTADDR=0x000D0000 vmxassist.ld > vmxassist.tmp
ld -o vmxassist -m elf_i386 -nostdlib --fatal-warnings -N -T vmxassist.tmp
head.o trap.o vm86.o setup.o util.o
nm -n vmxassist > vmxassist.sym
objcopy -p -O binary -R .note -R .comment -R .bss -S --gap-fill=0 vmxassist
vmxassist.tmp
dd if=vmxassist.tmp of=vmxassist.bin ibs=512 conv=sync
36+0 records in
36+0 records out
18432 bytes (18 kB) copied, 0.000756 seconds, 24.4 MB/s
rm -f vmxassist.tmp
make[2]: Leaving directory
`/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/vmxassist'
make[2]: Entering directory
`/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/hvmloader'
./mkhex rombios ../rombios/BIOS-bochs-latest > roms.h
./mkhex vgabios_stdvga ../vgabios/VGABIOS-lgpl-latest.bin >> roms.h
./mkhex vgabios_cirrusvga ../vgabios/VGABIOS-lgpl-latest.cirrus.bin >> roms.h
./mkhex vmxassist ../vmxassist/vmxassist.bin >> roms.h
./mkhex acpi ../acpi/acpi.bin >> roms.h
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr
-mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32
-Wall -Wstrict-prototypes -Wdeclaration-after-statement
-D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32 -Wall -Wstrict-prototypes
-Wdeclaration-after-statement -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG
-m32 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -DDEBUG -I.
-I../../../tools/libxc -fno-builtin -O2 -msoft-float -c hvmloader.c acpi_madt.c
i686-pc-linux-gnu-gcc -m32 -nostdlib -Wl,-N -Wl,-Ttext -Wl,0x100000 -o
hvmloader.tmp hvmloader.o acpi_madt.o
objcopy hvmloader.tmp hvmloader
rm -f hvmloader.tmp
make[2]: Leaving directory
`/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/hvmloader'
As for why `test-gcc-flag = $(shell $(1) -v --help 2>&1 | grep -q " $(2) " &&
echo $(2))` doesn't turn up any of "-nopie", "-fno-stack-protector", and
"-fno-stack-protector-all" , may be the hardened team can tell.
my bad. thosee "-nopie -fno-stack-protector" came from
...
if use custom-cflags; then
filter-flags -fPIE -fstack-protector
else
...
and I have USE=custom-cflags
the new ebuild pass this stage but failed at vga.c and you are already known
about it.
Using this patch
http://lists.xensource.com/archives/html/xen-changelog/2006-04/msg00108.html I
was be able to emerge xen-tools-3.0.2 on hardened profile.
sorry to spam. I forgot to mention that hardened USE flag is missing in IUSE.
It's not spam if it's a bug :)
I've added the patch and fixed IUSE.
I was able to compile xen-tools while using a hardened profile
