Bug 73875 - dev-lang/pike-7.6.24 build fails.
Bug#: 73875 Product:  Gentoo Linux Version: unspecified Platform: x86
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: lang-misc@gentoo.org Reported By: infowolfe@gmail.com
Component: Ebuilds
URL:  http://shell.xhcl.net/pike.log
Summary: dev-lang/pike-7.6.24 build fails.
Keywords:  
Status Whiteboard: 
Opened: 2004-12-09 00:42 0000
Description:   Opened: 2004-12-09 00:42 0000 
I've attempted to emerge pike 5 times now. Each and every time, even after
emerge sync, pike build fails. I've got hardened toolchain and kernel, not sure
if this affects things, but I attempted CFLAGS="-fno-stack-protector" and the
build still failed.

[ebuild  N    ] dev-lang/pike-7.6.24  +crypt -debug -doc -fftw +gdbm +gif -gtk
+jpeg -kerberos -opengl +pdflib -scanner -svg +tiff +truetype +zlib 0 kB


Making Shuffler
make[4]: Entering directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/post_modules/Shuffler'
Makefile:400: warning: overriding commands for target `depend'
Makefile:219: warning: ignoring old commands for target `depend'
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/pike
-DNOT_INSTALLED -DPRECOMPILED_SEARCH_MORE
-m/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/master.pike

/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Shuffler/make_sources.pike
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Shuffler
sources.h sources_to_compile
make[4]: *** [override] Killed
make[4]: Leaving directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/post_modules/Shuffler'
make[3]: *** [Shuffler] Error 1
make[3]: *** Waiting for unfinished jobs....
Compiling
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Nettle/hash.c
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/hash.cmod: In
function `f_HashState_update':
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/hash.cmod:137:
warning: passing arg 1 of pointer to function discards qualifiers from pointer
target type
Linking Bz2
make[4]: Leaving directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/post_modules/Bz2'
Compiling
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Nettle/cipher.c
Compiling
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Nettle/crypt_md5.c
Compiling
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Nettle/nt.c
Compiling
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Nettle/idea.c
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/cipher.cmod:
In function `init_DES3_Info_struct':
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/cipher.cmod:758:
warning: initialization from incompatible pointer type
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/cipher.cmod:758:
warning: initialization from incompatible pointer type
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/cipher.cmod:
In function `init_IDEA_Info_struct':
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/cipher.cmod:990:
warning: initialization from incompatible pointer type
/export/spare/pike/home/nilsson/Pike/7.6/src/post_modules/Nettle/cipher.cmod:990:
warning: initialization from incompatible pointer type
Linking Nettle
make[4]: Leaving directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/post_modules/Nettle'
make[3]: Leaving directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686/post_modules'
make[2]: *** [post_module_objects] Error 1
make[2]: Leaving directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686'
make[1]: *** [all] Error 2
make[1]: Leaving directory
`/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.7-hardened-r16-i686'
make: *** [compile] Error 2

!!! ERROR: dev-lang/pike-7.6.24 failed.
!!! Function src_compile, Line 53, Exitcode 2
!!! (no error message)
!!! If you need support, post the topmost build error, NOT this status message.

Reproducible: Always
Steps to Reproduce:
1. emerge pike
2.
3.

Actual Results:  
see details.

Expected Results:  
installed.

Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4,
glibc-2.3.4.20040808-r1, 
2.6.7-hardened-r16 i686)
=================================================================
System uname: 2.6.7-hardened-r16 i686 Intel(R) Celeron(R) CPU 1.70GHz
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.15.90.0.1.1-r3
Headers:  sys-kernel/linux26-headers-2.6.8.1
Libtools: sys-devel/libtool-1.5.2-r7,sys-devel/libtool-1.4.3-r4
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/
config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/mail/dspam /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://mirrors.tds.net/gentoo 
ftp://mirrors.tds.net/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
USE="acl adns aim aliaschain apache2 async authdaemond berkdb caps cdb chroot 
cnamefix crypt curl curlwrappers cyrus dba distcache dnsdb drac erandom exif 
fastcgi fla flatfile ftp gd gd-external gdbm gif glep gmail hardened icq imap 
innodb ipalias jabber javascript jp2 jpeg libg++ libwww lids maildir maildrop 
memlimit mime ming mmx mng mpi msn multipleip mysql ncurses nethack nls nptl 
oscar pam parse-clocks passfile pcre pdflib perl php pic pie png posix procmail 
python qmail readline roundrobin rrdtool sasl semanticfix session sftplogging 
skey snmp sockets spamassassin spell sse ssl tcpd tiff tokenizer transparent-
proxy truetype vhosts virus-scan vpopmail x86 xattr xml xml2 yahoo zlib"

------- Comment #1 From Allen Parker 2004-12-11 19:54:53 0000 ------- 
http://shell.xhcl.net/pike-7.6.24-r1.ebuild

this does a simple check to see if the particular kernel is a hardened kernel. the problem is that when compiled --with-machine-code, pike trips PAX and is SIGKILL'd

if pike is build --without-machine-code it seems to run just fine on a PAX enabled kernel. If you can find a more elegant way of doing the same thing, please do, my ebuild is just a dirty hack to make it work right.

------- Comment #2 From Allen Parker 2004-12-11 21:16:32 0000 ------- 
I found a more elegant way to do it:

--- /usr/local/portage/testing/pike/pike-7.6.24-r1.ebuild     2004-12-11 20:08:05.919789764 -0900
+++ /usr/portage/dev-lang/pike/pike-7.6.24.ebuild       2004-10-20 07:42:53.000000000 -0800
@@ -4,8 +4,6 @@

 IUSE="crypt debug doc fftw gdbm gif gtk jpeg kerberos opengl pdflib scanner svg tiff truetype zlib"

-inherit eutils linux-info
-
 S="${WORKDIR}/Pike-v${PV}"
 HOMEPAGE="http://pike.ida.liu.se/"
 DESCRIPTION="Pike programming language and runtime"
@@ -32,26 +30,9 @@
        zlib?   ( sys-libs/zlib )
        dev-libs/gmp"

-pax_check() {
-        ebegin "Checking if PaX is enabled"
-        linux_chkconfig_present PAX
-        eend $?
-
-        if [ "$?" = 0 ]
-        then
-                einfo "PaX's mprotect kills Pike's build process unless"
-                einfo "--without-machine-code is used in configure this"
-               einfo "message just tells you that we fixed it before it"
-               einfo "broke. You won't see this message probably."
-               export HARD="--without-machine-code"
-        fi
-}
-
-
 src_compile() {
-       pax_check;

-       emake CONFIGUREARGS="--prefix=/usr $HARD --disable-make_conf \
+       emake CONFIGUREARGS="--prefix=/usr --disable-make_conf \
                        `use_with debug` \
                        `use_with crypt nettle` \
                        `use_with fftw` \

------- Comment #3 From Rainer Größlinger 2005-01-05 16:12:26 0000 ------- 
btw. can you try without Nettle support (-crypt in USE)?
Just so we know it's only the Nettle part of Pike that is causing this problem...

I didn't have time to set up a hardened toolchain yet, I hope someone from our hardened team can look at this.

------- Comment #4 From Rainer Größlinger 2005-01-05 16:23:11 0000 ------- 
and the URL with the build log seems to be down, can you host it somewhere else
or attach to this bug?

------- Comment #5 From Stefan Knoblich (RETIRED) 2005-01-05 18:19:21 0000 ------- 
linux-2.6.10-grsec w/ PaX enabled

USE="-*" emerge =pike-7.6.24:

var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686/pike -DNOT_INSTALLED -DPRECOMPILED_SEARCH_MORE -m/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686/master.pike  /var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Shuffler/make_sources.pike /var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/src/post_modules/Shuffler sources.h sources_to_compile
make[4]: *** [override] Killed
make[4]: Leaving directory `/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686/post_modules/Shuffler'
make[3]: *** [Shuffler] Error 1
make[3]: Leaving directory `/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686/post_modules'
make[2]: *** [post_module_objects] Error 1
make[2]: Leaving directory `/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686'


dmesg output:

PAX: execution attempt in: <anonymous mapping>, 081e3000-08384000 081e3000
PAX: terminating task: /var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686/pike(pike):19305, uid/euid: 0/0, PC: 08321ed0, SP: 586e2294
PAX: bytes at PC: 8b 0d 30 70 24 08 b8 30 e1 cd f7 f7 d8 89 41 1c 8b 15 20 70
PAX: bytes at SP: 00000000 00000000 00000000 578f84f8 00000000 08319874 080f6431 082f2cf0 00000000 586e23d8 08076cfd 08321ed0 00000000 20837037 2075ffea 20764b84 0833dc00 00000048 00000e69 00000000


-> confirmed

------- Comment #6 From Stefan Knoblich (RETIRED) 2005-01-05 18:28:37 0000 ------- 
Created an attachment (id=47739) [details]
change PaX flags on pike binary right after building it

skeleton patch to change PaX flags on the newly build pike binary, we'll need
to figure out what flags to set (just edit the patch, no need for re-diffing
stuff)

------- Comment #7 From Stefan Knoblich (RETIRED) 2005-01-31 15:44:55 0000 ------- 
Created an attachment (id=50085) [details]
patch with working PaX flags (-pms)

compiles fine, but there's still a grsec message:

grsec: attempted resource overstep by requesting 8409088 for RLIMIT_STACK
against limit 8388608 by
/var/tmp/portage/pike-7.6.24/work/Pike-v7.6.24/build/linux-2.6.10-grsec-i686/conftest[conftest:17691]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:17690] uid/euid:0/0
gid/egid:0/0

doesn't seem to cause any problems though

------- Comment #8 From solar 2005-03-12 05:15:57 0000 ------- 
if this can be built as to not trigger PaX at all while still keeping PaX
enabled then the hardened team would like to go that route.
IUSE="... hardened"

src_compile() {
..
 use hardened && myconfig="--without-machine-code" \
  || myconfig="--with-machine-code"
}

Please only set PaX flags when we have no other option.

------- Comment #9 From Alexander Brüning 2005-11-10 16:37:33 0000 ------- 
This still happens with pike-7.6.24, compiling --without-machine-code helps.

------- Comment #10 From Kevin F. Quinn (RETIRED) 2005-11-26 07:23:12 0000 ------- 
Fixed in 7.6.24 CVS rev. 1.7; --without-machine-code added when USE=hardened.
No change when not USE=hardened; keywords unchanged.