* QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include this file in your report: * /var/tmp/portage/dev-lang/erlang-11.2.5/temp/scanelf-textrel.log * TEXTREL usr/lib/erlang/lib/crypto-1.5.1.1/priv/lib/crypto_drv.so !!! ERROR: dev-lang/erlang-11.2.5 failed. Call stack: misc-functions.sh, line 561: Called install_qa_check misc-functions.sh, line 163: Called die !!! Aborting due to QA concerns: textrels, !!! If you need support, post the topmost build error, and the call stack if relevant. !!! A complete build log is located at '/var/tmp/portage/dev-lang/erlang-11.2.5/temp/build.log'. !!! install_qa_check failed; exiting. pstros ~ # emerge --info Portage 2.1.2.7 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.20-hardened-r2 i686) ================================================================= System uname: 2.6.20-hardened-r2 i686 Pentium III (Katmai) Gentoo Base System release 1.12.9 Timestamp of tree: Tue, 27 Nov 2007 01:46:01 +0000 app-shells/bash: 3.2_p15-r1 dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/baselayout: 1.12.9 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms splitdebug strict stricter userfetch userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.suchdol.czf/ http://ftp.sh.cvut.cz/MIRRORS/gentoo ftp://ftp.linux.cz/pub/linux/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="apache apache2 bash-completion berkdb cracklib crypt fastcgi hardened iproute2 ipv6 logrotate midi mod_python ncurses nls nptl nptlonly pam pic postfix python readline ssl unicode urandom vhosts x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 137144 [details] /var/tmp/portage/dev-lang/erlang-11.2.5/temp/scanelf-textrel.log
Could you please try 12.2.0 and report back, thanks
*** Bug 202207 has been marked as a duplicate of this bug. ***
Well, this completely breaks SSL support on hardened, causing b0rkage w/ stuff like net-im/ejabberd. Setting severity accordingly.
dev-lang/erlang-11.2.5-r3 compliles cleanly. Now I get the output: Eshell V5.5.5 (abort with ^G) 1> crypto:start(). ok For details on this see Bug 202207
(In reply to comment #5) > dev-lang/erlang-11.2.5-r3 compliles cleanly. Now I get the output: jkt, could you please ack? > For details on this see Bug 202207 Thanks. Could you please check 12.2.0? I have no hardened here.
(In reply to comment #4) > Well, this completely breaks SSL support on hardened, causing b0rkage w/ stuff > like net-im/ejabberd. On my Hardened box, I run the following and have no SSL issues right now. I'll rebuild erlang to see if I used some manual hack to ignore that warning and report back later. dev-lang/erlang-11.2.5 USE="ssl -doc -emacs -hipe -java -kpoll -odbc -smp -tk" net-im/ejabberd-1.1.4 USE="ssl web zlib -debug -ldap -mod_irc -mod_muc -mod_pubsub -odbc"
OK, ejabberd-1.1.4 needs a patch for erlang-12.2.0 (see the blocking bug), bug with that patch, it compiles and runs fine on a hardened box.
(In reply to comment #8) > OK, ejabberd-1.1.4 needs a patch for erlang-12.2.0 (see the blocking bug), bug > with that patch, it compiles and runs fine on a hardened box. Not much I can do about ejabberd (please poke Tony) and it is not related to text relocations as far as I can see, so removing the blocker. But this bug is actually a duplicate of bug 184419, I just forgot about. SpanKY fixed the text relocations by dynamically building with SSL instead of static, that's why -r3 works. We will go for stabilisation of that version, I did not know that hardened was broken here...
(In reply to comment #7) > (In reply to comment #4) > > Well, this completely breaks SSL support on hardened, causing b0rkage w/ stuff > > like net-im/ejabberd. > > On my Hardened box, I run the following and have no SSL issues right now. I'll > rebuild erlang to see if I used some manual hack to ignore that warning and > report back later. > > dev-lang/erlang-11.2.5 USE="ssl -doc -emacs -hipe -java -kpoll -odbc -smp -tk" > net-im/ejabberd-1.1.4 USE="ssl web zlib -debug -ldap -mod_irc -mod_muc > -mod_pubsub -odbc" > I finally got a stable setup with the same packages on my hardened setup as well.
Stabilisation done