As it says in the subject, dev-lang/spidermonkey-1.7.0 fails to compile with hardened sys-devel/gcc-4.4.3-r3 with PIE + SSP. The error is: i686-pc-linux-gnu-ld -shared -soname libjs.so -o Linux_All_OPT.OBJ/libjs.so Linux_All_OPT.OBJ/jsapi.lo Linux_All_OPT.OBJ/jsarena.lo Linux_All_OPT.OBJ/jsarray.lo Linux_All_OPT.OBJ/jsatom.lo Linux_All_OPT.OBJ/jsbool.lo Linux_All_OPT.OBJ/jscntxt.lo Linux_All_OPT.OBJ/jsdate.lo Linux_All_OPT.OBJ/jsdbgapi.lo Linux_All_OPT.OBJ/jsdhash.lo Linux_All_OPT.OBJ/jsdtoa.lo Linux_All_OPT.OBJ/jsemit.lo Linux_All_OPT.OBJ/jsexn.lo Linux_All_OPT.OBJ/jsfun.lo Linux_All_OPT.OBJ/jsgc.lo Linux_All_OPT.OBJ/jshash.lo Linux_All_OPT.OBJ/jsinterp.lo Linux_All_OPT.OBJ/jsiter.lo Linux_All_OPT.OBJ/jslock.lo Linux_All_OPT.OBJ/jslog2.lo Linux_All_OPT.OBJ/jslong.lo Linux_All_OPT.OBJ/jsmath.lo Linux_All_OPT.OBJ/jsnum.lo Linux_All_OPT.OBJ/jsobj.lo Linux_All_OPT.OBJ/jsopcode.lo Linux_All_OPT.OBJ/jsparse.lo Linux_All_OPT.OBJ/jsprf.lo Linux_All_OPT.OBJ/jsregexp.lo Linux_All_OPT.OBJ/jsscan.lo Linux_All_OPT.OBJ/jsscope.lo Linux_All_OPT.OBJ/jsscript.lo Linux_All_OPT.OBJ/jsstr.lo Linux_All_OPT.OBJ/jsutil.lo Linux_All_OPT.OBJ/jsxdrapi.lo Linux_All_OPT.OBJ/jsxml.lo Linux_All_OPT.OBJ/prmjtime.lo -lm Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetNaNValue': jsapi.c:(.text+0x2d): undefined reference to `__stack_chk_fail_local' Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetNegativeInfinityValue': jsapi.c:(.text+0x60): undefined reference to `__stack_chk_fail_local' Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetPositiveInfinityValue': jsapi.c:(.text+0x93): undefined reference to `__stack_chk_fail_local' Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetEmptyStringValue': jsapi.c:(.text+0xc6): undefined reference to `__stack_chk_fail_local' Linux_All_OPT.OBJ/jsapi.lo: In function `JS_TypeOfValue': jsapi.c:(.text+0x1a9): undefined reference to `__stack_chk_fail_local' Linux_All_OPT.OBJ/jsapi.lo:jsapi.c:(.text+0x1ee): more undefined references to `__stack_chk_fail_local' follow i686-pc-linux-gnu-ld: Linux_All_OPT.OBJ/libjs.so: hidden symbol `__stack_chk_fail_local' isn't defined i686-pc-linux-gnu-ld: final link failed: Nonrepresentable section on output make[1]: *** [Linux_All_OPT.OBJ/libjs.so] Błąd 1 make[1]: Opuszczenie katalogu `/var/tmp/portage/dev-lang/spidermonkey-1.7.0/work/js/src' make: *** [all] Błąd 2 * ERROR: dev-lang/spidermonkey-1.7.0 failed: * emake without threadsafe enabled failed * * Call stack: * ebuild.sh, line 54: Called src_compile * environment, line 2252: Called die * The specific snippet of code: * emake -j1 -f Makefile.ref LIBDIR="$(get_libdir)" || die "emake without threadsafe enabled failed"; * * If you need support, post the output of 'emerge --info =dev-lang/spidermonkey-1.7.0', * the complete build log and the output of 'emerge -pqv =dev-lang/spidermonkey-1.7.0'. * The complete build log is located at '/var/tmp/portage/dev-lang/spidermonkey-1.7.0/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/dev-lang/spidermonkey-1.7.0/temp/environment'. * S: '/var/tmp/portage/dev-lang/spidermonkey-1.7.0/work/js/src'
# emerge --info =dev-lang/spidermonkey-1.7.0 Portage 2.1.8.3 (selinux/v2refpolicy/x86/hardened, gcc-4.4.3, glibc-2.11.1-r0, 2.6.29-hardened i686) ================================================================= System Settings ================================================================= System uname: Linux-2.6.29-hardened-i686-VIA_Eden_Processor_1200MHz-with-gentoo-1.12.13 Timestamp of tree: Sat, 26 Jun 2010 18:00:01 +0000 app-shells/bash: 4.0_p37 dev-java/java-config: 1.3.7-r1, 2.1.8-r1 dev-lang/python: 2.6.5-r2 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.4_p6, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc: 3.4.6-r2, 4.3.4, 4.4.3-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA @FSF-APPROVED dlj-1.1" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=i686 -O2 -pipe -fforce-addr -mmmx -msse -msse2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=i686 -O2 -pipe -fforce-addr -mmmx -msse -msse2" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests distlocks fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org" LC_ALL="pl_PL.UTF-8" LDFLAGS="-Wl,-O1" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="lzma" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip apache2 bash-completion bashlogger berkdb bzip2 caps cli cracklib crypt cxx dri ftp gd hardened iconv imap ipv6 json kerberos lzma mhash mmx mmxext modules mudflap mysql ncurses nls openmp pam pcre perl php pic posix pppd python readline reflection samba selinux session sftp slang spl sse sse2 ssl sysvipc tcpd threads truetype unicode x86 xml xorg xsl zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers identimagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LINGUAS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY ================================================================= Package Settings ================================================================= dev-lang/spidermonkey-1.7.0 was built with the following: USE="(selinux) -threadsafe" LDFLAGS="" >>> Attempting to run pkg_info() for 'dev-lang/spidermonkey-1.7.0' * pkg_info() is not defined: 'spidermonkey-1.7.0.ebuild'
Do the dev-lang/spidermonkey-1.7.0-r1 fail the same way?
(In reply to comment #2) > Do the dev-lang/spidermonkey-1.7.0-r1 fail the same way? > Yes, dev-lang/spidermonkey-1.7.0-r1 fails with exactly the same error.
Created attachment 236867 [details, diff] Change $(LD) to $(CC) We use gcc instead of calling ld direct.
First, why do you use -Xlinker instead of the more standard -Wl,-soname ? Secondly, if I understand it correctly, having ssp by default on hardened completely removes the ability not to link to the libc, right ? Why not fixing the linker to link to libc_nonshared.a by default instead ? As I understand it, it is *always* needed with the hardened toolchain...
Created attachment 237101 [details, diff] Change ld to gcc New patch
I'm a little confused here. At this point I'm used to adding --keep-going to my emerge updates because of this, but there's been a patch available for over three months. Is there a reason why hasn't it made it into portage yet?
(In reply to comment #7) > I'm a little confused here. At this point I'm used to adding --keep-going to my > emerge updates because of this, but there's been a patch available for over > three months. Is there a reason why hasn't it made it into portage yet? > This will be fixed soon as the update is made which we have a current bug for now.
1.9.2.13 is no in the tree and works fine for hardened.
Created attachment 259514 [details] files/spidermonkey-1.7.0-no-ld.patch Fixes compilation issue described in this bug, fixes missing $(LDFLAGS), and fixes missing $(CLFAGS) (which causes a compilation error for portage-multilib folk).
Created attachment 259515 [details] multilib-portage.build.log The patch fixes build problems not just for hardened but also for portage-multilib users. May someone update the bug summary to reflect this?
(In reply to comment #9) > 1.9.2.13 is no in the tree and works fine for hardened. This version works fine for multilib-portage users too, but elinks's dependency metadata specifies <=dev-lang/spidermonkey-1.9 -- thus, this fix should be applied to the spidermonkey-1.7.0 series so that elinks can be installed.
*** Bug 407613 has been marked as a duplicate of this bug. ***
Is this bug relevant any longer? I know the patch hasn't been applied but I believe all other packages in the tree either embed their own spidermonkey or will work with 1.8.5