On AMD64 I still get QA warnings because the ebuild only blocks ..lib/, not lib32/ * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include this file in your report: * /var/tmp/portage/app-office/openoffice-bin-2.3.0/temp/scanelf-textrel.log * TEXTREL usr/lib32/openoffice/program/python-core-2.3.4/lib/lib-dynload/_curses_panel.so * TEXTREL usr/lib32/openoffice/program/python-core-2.3.4/lib/lib-dynload/_curses.so * TEXTREL usr/lib32/openoffice/program/libvclplug_gen680li.so.1.1 * QA Notice: The following files contain executable stacks * Files with executable stacks will not work properly (or at all!) * on some architectures/operating systems. A bug should be filed * at http://bugs.gentoo.org/ to make sure the file is fixed. * For more information, see http://hardened.gentoo.org/gnu-stack.xml * Please include this file in your report: * /var/tmp/portage/app-office/openoffice-bin-2.3.0/temp/scanelf-execstack.log * RWX --- --- usr/lib32/openoffice/program/libgcc_s.so.1.1.1 * RWX --- --- usr/lib32/openoffice/program/libssl3.so * RWX --- --- usr/lib32/openoffice/program/libmozz.so * RWX --- --- usr/lib32/openoffice/program/libmozjs.so * RWX --- --- usr/lib32/openoffice/program/libldap50.so * RWX --- --- usr/lib32/openoffice/program/libnspr4.so * RWX --- --- usr/lib32/openoffice/program/libsoftokn3.so * RWX --- --- usr/lib32/openoffice/program/components/libxpconnect.so * RWX --- --- usr/lib32/openoffice/program/components/libnecko.so * RWX --- --- usr/lib32/openoffice/program/components/librdf.so * RWX --- --- usr/lib32/openoffice/program/components/libmork.so * RWX --- --- usr/lib32/openoffice/program/components/libmozldap.so * RWX --- --- usr/lib32/openoffice/program/components/libuconv.so * RWX --- --- usr/lib32/openoffice/program/components/libaddrbook.so * RWX --- --- usr/lib32/openoffice/program/components/libprofile.so * RWX --- --- usr/lib32/openoffice/program/components/libpref.so * RWX --- --- usr/lib32/openoffice/program/components/libvcard.so * RWX --- --- usr/lib32/openoffice/program/components/libi18n.so * RWX --- --- usr/lib32/openoffice/program/components/libxpcom_compat_c.so * RWX --- --- usr/lib32/openoffice/program/components/libpipnss.so * RWX --- --- usr/lib32/openoffice/program/libstlport_gcc.so.1 * RWX --- --- usr/lib32/openoffice/program/libnss3.so * RWX --- --- usr/lib32/openoffice/program/libtextcat.so.1.1 * RWX --- --- usr/lib32/openoffice/program/libmsgbaseutil.so * RWX --- --- usr/lib32/openoffice/program/libplds4.so * RWX --- --- usr/lib32/openoffice/program/filter/libfreetype.so.6 * RWX --- --- usr/lib32/openoffice/program/libplc4.so * RWX --- --- usr/lib32/openoffice/program/libstdc++.so.6.1 * RWX --- --- usr/lib32/openoffice/program/libxpcom_compat.so * RWX --- --- usr/lib32/openoffice/program/libprldap50.so * RWX --- --- usr/lib32/openoffice/program/libxpcom.so * RWX --- --- usr/lib32/openoffice/program/libsmime3.so
Will something like: QA_EXECSTACK="usr/$(get_libdir)/openoffice/program/*" work in global scope? If yes, I'll change it to that.
(In reply to comment #1) I'd rather do this: QA_EXECSTACK_x86="usr/lib/openoffice/program/*" QA_EXECSTACK_amd64="usr/lib32/openoffice/program/*"
(In reply to comment #2) > (In reply to comment #1) > > I'd rather do this: > > QA_EXECSTACK_x86="usr/lib/openoffice/program/*" > QA_EXECSTACK_amd64="usr/lib32/openoffice/program/*" > Why? QA_EXECSTACK="usr/$(get_libdir)/openoffice/program/*" seems to work fine, and this way we don't have to duplicate each and every line...
(In reply to comment #3) > (In reply to comment #2) > > (In reply to comment #1) > > > > I'd rather do this: > > > > QA_EXECSTACK_x86="usr/lib/openoffice/program/*" > > QA_EXECSTACK_amd64="usr/lib32/openoffice/program/*" > > > > Why? > > QA_EXECSTACK="usr/$(get_libdir)/openoffice/program/*" > > seems to work fine, and this way we don't have to duplicate each and every > line... > Actually that's the way I've done it now, after some feedback from rbu and armin76 on IRC (which stated that other packages are already doing it that way)
