Summary: | www-client/chromium: build fails on hardened: mksnapshot killed by PaX | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Damien <damienkallison> |
Component: | Current packages | Assignee: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | denilsonsa, hardened, voyageur |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
URL: | http://code.google.com/p/v8/issues/detail?id=607 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Damien
2010-01-23 00:00:31 UTC
Damien, could you check if you can build the upstream v8 project http://code.google.com/p/v8/ from source on the hardened machine? If not, could you report the bug upstream to v8 and post the link here? I did to build scons which was an unmet requirement then: svn checkout http://v8.googlecode.com/svn/trunk/ v8-read-only Checked out revision 3825 cd v8-read-only scons Build completed. I had to install scons (defined as requirement in the docs). Then I tried building: www-client/chromium-5.0.307.5 I get: export LD_LIBRARY_PATH=/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/lib.host:/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/lib.target:$LD_LIBRARY_PATH; cd v8/tools/gyp; mkdir -p /var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/obj.target/geni; "/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/mksnapshot" "/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/obj.target/geni/snapshot.cc" /bin/sh: line 1: 19428 Killed "/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/mksnapshot" "/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Release/obj.target/geni/snapshot.cc" make: *** [out/Release/obj.target/geni/snapshot.cc] Error 137 * ERROR: www-client/chromium-5.0.307.5 failed: * compilation failed * * Call stack: * ebuild.sh, line 54: Called src_compile * environment, line 2626: Called die * The specific snippet of code: * emake -r V=1 chrome chrome_sandbox BUILDTYPE=Release rootdir="${S}" CC=$(tc-getCC) CXX=$(tc-getCXX) AR=$(tc-getAR) RANLIB=$(tc-getRANLIB) || die "compilation failed" It seems to be mksnapshot. If I paxctl -pemrxs then cd ../...../.. to the working directory and make the build continues but I get this: ... ... CXX(host) out/Debug/obj.host/v8_base/v8/src/ia32/register-allocator-ia32.o CXX(host) out/Debug/obj.host/v8_base/v8/src/ia32/stub-cache-ia32.o CXX(host) out/Debug/obj.host/v8_base/v8/src/ia32/virtual-frame-ia32.o CXX(host) out/Debug/obj.host/v8_base/v8/src/platform-linux.o CXX(host) out/Debug/obj.host/v8_base/v8/src/platform-posix.o AR+RANLIB(host) out/Debug/obj.host/v8/tools/gyp/libv8_base.a CXX(host) out/Debug/obj.host/mksnapshot/v8/src/mksnapshot.o LINK(host) out/Debug/mksnapshot ACTION v8_snapshot_run_mksnapshot out/Debug/obj.target/geni/snapshot.cc /bin/sh: line 1: 28432 Killed "/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Debug/mksnapshot" "/var/tmp/portage/www-client/chromium-5.0.307.5/work/chromium-5.0.307.5/out/Debug/obj.target/geni/snapshot.cc" make: *** [out/Debug/obj.target/geni/snapshot.cc] Error 137 Sorry for the delay. Would it help if I tar+gz /var/tmp/ files? No, please just report the problem upstream and post a link here. Thanks, I am now monitoring the upstream report. However, could you make sure all the relevant info is copied to the upstream report, not just linked? Please leave bug open for hardened team to track. chromium-4.* is not in portage anymore, but (judging from the comments) it seems this bug happens to newer versions as well. Thus, I suggest to remove the version number from the bug summary. Otherwise, people might think this bug should be closed because the version is too old. Thanks for the report. I adjusted the ebuilds for chromium-9999 and chromium-5.0.371.0 and tested the fix on my (headless) hardened x86 system. If there are some problems that manifest after launching the browser on a hardened system, please open a new bug. In that case, please also post the paxctl or equivalent calls that fix the problem for you (if possible). |