Here is kernel log while emerging: 2011-03-27_09:34:46.26934 kern.info: cmTryCompileExe[23327]: segfault at bbadbeef ip 9ad38b8b sp b0d2a630 error 6 in libQtScript.so.4.6.3[9ac5f000+237000] 2011-03-27_09:34:46.26940 kern.alert: grsec: Segmentation fault occurred at bbadbeef in /var/tmp/portage/media-sound/amarok-2.3.2-r1/work/amarok-2.3.2_build/CMakeFiles/CMakeTmp/cmTryCompileExec[cmTryCompileExe:23327] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/cmake[cmake:22955] uid/euid:250/250 gid/egid:250/250 Because of this segfault cmake fail to detect qtscript (which is installed!) and bail out with: ----------------------------------------------------------------------------- -- The following REQUIRED packages could NOT be located on your system. -- You must install these packages before continuing. ----------------------------------------------------------------------------- * qtscript-qt <http://code.google.com/p/qtscriptgenerator/> QtScript Qt Bindings I've found same issue on gentoo forums, and set bug url to that thread. Proposed solution with `paxctl -m` in loop is too cpu-intensive and have race condition issue, so I decide to just disable check for qtscript (this is anyway checked by ebuild's dependencies). Probably better solution will be somehow configure cmake to run `paxctl -m`, but I don't know cmake good enough for this. Of course, after installing it require `paxctl -m /usr/bin/amarok` to run. Reproducible: Always Portage 2.1.9.42 (hardened/linux/x86, gcc-4.4.5, glibc-2.11.3-r0, 2.6.36-hardened-r9 i686) ================================================================= System uname: Linux-2.6.36-hardened-r9-i686-Intel-R-_Core-TM-2_CPU_6600_@_2.40GHz-with-gentoo-1.12.14 Timestamp of tree: Sun, 27 Mar 2011 03:30:01 +0000 app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.6.6-r2, 3.1.3-r1 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.5 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.36.1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/icedtea6-bin-1.9.7/jre/lib/i386/jvm.cfg /service /usr/inferno/keydb /usr/inferno/lib /usr/inferno/services /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/log /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=prescott -O2 -pipe" DISTDIR="/usr/portage-distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox" FFLAGS="" GENTOO_MIRRORS="ftp://ftp.df.lth.se/pub/gentoo/ http://ftp.df.lth.se/pub/gentoo/ http://gentoo.telcom.net.ua/" LANG="ru_RU.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en ru" MAKEOPTS="-j3" PKGDIR="/usr/portage-packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--exclude ChangeLog --delete-excluded" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/powerman /var/lib/layman/sunrise /var/lib/layman/kde-sunset /var/lib/layman/vmware /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X Xaw3d a52 aac acl acpi aim alsa apache2 asf avi bash-completion berkdb bitmap-fonts bzip2 cddb cdr chm cli cracklib crypt cscope cue curl cxx dbus dga divx4linux djvu dlloader dri dts dvd dvdr dvdread encode fastcgi ffmpeg flac flash gd gdbm gif gnutls gpg gtk gtk2 hardened hddtemp iconv icq idn imagemagick imap imlib irc jabber javascript jpeg kde lm_sensors lzo mad mailbox mbox mmx mng modules motif mp3 mpeg msn mudflap musepack mysql ncurses network-cron nls nptl nptlonly ogg opengl openmp oss pam pcre perl pic png pppd pwdb python qt qt3support qt4 quicktime readline rss rtc samba sdl session spell sse sse2 ssl ssse3 svg sysfs tcltk tcpd theora tiff truetype truetype-fonts type1-fonts unicode urandom vdpau vim-pager vim-syntax vim-with-x vorbis wavpack win32codecs x264 x86 xinetd xorg xv xvid yahoo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" LIRC_DEVICES="serial" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa fbdev nv nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Created attachment 267371 [details, diff] disable checking for qtscript while configuring
Created attachment 267373 [details, diff] ebuild patch
@hardened: any ideas?
(In reply to comment #3) > @hardened: > > any ideas? My bet is there is being some run time code generation and execution (AKA JIT), not sure where or how :(
What versions on qt-* and use flags? On newer 4.7.2 we have the jit flag disable and it works well for me to emerge amarok-2.4 with it on amd64 hardened profile.
(In reply to comment #5) > What versions on qt-* and use flags? > On newer 4.7.2 we have the jit flag disable > and it works well for me to emerge amarok-2.4 with it on amd64 hardened > profile. Since amarok-2.4 is stable that probably means we can close this bug.
