The complete build log is attached and here is the output of emerge --info '=dev-qt/qtwebengine-5.9.2::gentoo: Portage 2.3.11 (python 2.7.14-final-0, hardened/linux/amd64, gcc-6.4.0, glibc-2.25-r7, 4.9.24-hardened x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.9.24-hardened-x86_64-Intel-R-_Core-TM-_i7-5500U_CPU_@_2.40GHz-with-gentoo-2.4.1 KiB Mem: 7824356 total, 1565960 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Fri, 13 Oct 2017 00:45:01 +0000 sh bash 4.4_p12 ld GNU ld (Gentoo 2.29.1 p1.0) 2.29.1 app-shells/bash: 4.4_p12::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.26.1::gentoo dev-lang/python: 2.7.14::gentoo, 3.4.6::gentoo dev-util/cmake: 3.9.4::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/openrc: 0.32.1::gentoo sys-apps/sandbox: 2.12::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.15.1-r1::gentoo sys-devel/binutils: 2.29.1::gentoo sys-devel/gcc: 6.4.0::gentoo sys-devel/gcc-config: 1.9.0::gentoo sys-devel/libtool: 2.4.6-r4::gentoo sys-devel/make: 4.2.1-r1::gentoo sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers) sys-libs/glibc: 2.25-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: webrsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/chromium/policies/managed/chrome-gnome-shell.json /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/opt/chrome/policies/managed/chrome-gnome-shell.json /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X aac acl acpi alsa amd64 analog apng audit berkdb bluetooth bzip2 cairo cdda cli cracklib crypt cryptsetup cups cvs cxx dbus device-mapper dga digital dri dvi dvi2tty eds egl exif extra filter flac fontconfig fortran gcj gcrypt gdbm glamor gmp gnome gnome-keyring gnome-shell grc grub gstreamer gtk gtk3 gudev hardened i18n iconv icu inotify introspection ipv6 java jpeg justify lame latex mikmod minizip modules mpeg multilib ncurses networkmanager nls nptl nsplugin ogg ogg123 opengl openmp openstreetmap pam pax_kernel pcre pdf pgf pie playlist png postscript pulseaudio python qt3support radio readline seccomp session smp sna sqlite ssh ssl ssp svg system-icu systemd t1lib tcpd theora timidity tordns truetype udev udisks unicode urandom vala wxwidgets x264 xattr xetex xkb xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3 sse4_1 sse4_2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc efi-64" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" L10N="de en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby22" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 498634 [details] build log of failed package
> # Fatal javascript OOM in CALL_AND_RETRY_LAST You probably ran out of memory - you might be able to confirm this in dmesg. Try again with lower -j option in MAKEOPTS.
I face the same issue on my machine. I tried it with a lower number in MAKEOPTS, but the problem remains. Monitoring the RAM consumption I can say, that physically there was plenty of RAM left. dmesg shows: traps: mksnapshot[27799] trap invalid opcode ip:349d5c3159 sp:380cca6b7a8 error:0 in mksnapshot[349cc82000+b8b000]
you're on hardened... maybe the paxmark patch stopped working in 5.9.2?
As already said, MAKEOPTS="-j1" does not help for me. I see the same "trap invalid opcode" in dmesg.
I guess the problem is in paxmark patch, since mksnapshot is not marked: /var/tmp/portage/dev-qt/qtwebengine-5.9.2/work/qtwebengine-opensource-src-5.9.2/src/core/Release # paxctl -v mksnapshot PaX control v0.9 Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu> file mksnapshot does not have a PT_PAX_FLAGS program header, try conversion
(In reply to ad PC from comment #6) > I guess the problem is in paxmark patch, since mksnapshot is not marked: > > /var/tmp/portage/dev-qt/qtwebengine-5.9.2/work/qtwebengine-opensource-src-5. > 9.2/src/core/Release # paxctl -v mksnapshot > PaX control v0.9 > Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team > <pageexec@freemail.hu> > > file mksnapshot does not have a PT_PAX_FLAGS program header, try conversion # paxctl-ng -v mksnapshot mksnapshot: PT_PAX : not found XATTR_PAX : not found
I can confirm that the paxmark patch still seems to be applied correctly. However, the mksnapshot file is not properly paxmarked as ad PC already reported.
I have the same issue. So I tried to compile qtwebengine while running gentoo sources. Package is compiled fine, but there is issue when I try to start any program that use qtwebengine. There is following error: error while loading shared libraries: libQt5WebEngineCore.so.5: cannot enable executable stack as shared object requires: Permission denied So it is definitely something wrong.
I have this problem, yes, I am using hardened sources. I went into the source tree after the emerge failed, used paxctl-ng to manually set -m on mksnapshot and mkpeephole in src/core/Release/obj/v8. running ebuild merge after that worked fine. The paxmark patch is successfully applied - but it's not having any effect. I'm not sure why.
*** Bug 639386 has been marked as a duplicate of this bug. ***
The paxmark-mksnapshot patch probably needs to modify src/3rdparty/chromium/v8/BUILD.gn instead of src/3rdparty/chromium/v8/src/v8.gyp. chromium switched from GYP to GN several releases ago, and it looks like qtwebengine-5.9 has followed suit.
(In reply to Mike Gilbert from comment #12) > The paxmark-mksnapshot patch probably needs to modify > src/3rdparty/chromium/v8/BUILD.gn instead of > src/3rdparty/chromium/v8/src/v8.gyp. > > chromium switched from GYP to GN several releases ago, and it looks like > qtwebengine-5.9 has followed suit. I noticed that. I don't know the syntax of GN to port the changes from GYP. However we could do something like it gets done for chrome. If you take a look it's obvious it does all sort of checks and configure steps before jumping into the build. Some of that stuff is dedicated to avoid unnecessary recompile of some stuff in case of an interrupted build. Some other stuff takes care of external dependencies. The ebuild reflects a history of experience, like these: --- # Make sure that -Werror doesn't get added to CFLAGS by the build system. # Depending on GCC version the warnings are different and we don't want # the build to fail because of that. myconf_gn+=" treat_warnings_as_errors=false" # Disable fatal linker warnings, bug 506268. myconf_gn+=" fatal_linker_warnings=false" --- --- # https://bugs.gentoo.org/588596 append-cxxflags $(test-flags-CXX -fno-delete-null-pointer-checks) --- It has a separate bootstrap_gn function its calling: --- bootstrap_gn --- And at the end of configure phase it calls gn. --- einfo "Configuring Chromium..." set -- out/Release/gn gen --args="${myconf_gn}" out/Release echo "$@" "$@" || die --- And than it starts the compile with calling ninja to produce mksnapshot and marking it right after that: --- # Build mksnapshot and pax-mark it. if tc-is-cross-compiler; then eninja -C out/Release host/mksnapshot || die pax-mark m out/Release/host/mksnapshot else eninja -C out/Release mksnapshot || die pax-mark m out/Release/mksnapshot fi --- And finishes the build (and paxmarks chrome): --- eninja -C out/Release ${ninja_targets} || die --- I'm contemplating on whether we can do the same without all the gn-magic they are casting there and go straight to instruct ninja to produce mksnapshot and mark it without all the hassles?
Created attachment 509102 [details, diff] pax mark mksnapshot with pypaxctl It use gn to build so i have move the pax making to that. We use the python version of paxctl that is a part of elfix
(In reply to Magnus Granberg from comment #14) > Created attachment 509102 [details, diff] [details, diff] > pax mark mksnapshot with pypaxctl > > It use gn to build so i have move the pax making to that. > We use the python version of paxctl that is a part of elfix GN requires a python script, I haven't considered pypaxctl! Your patch works perfectly! Thanks! Chrome folks may also use this example. Although the build still produces RWX library: https://bugs.gentoo.org/639388 * QA Notice: The following files contain writable and executable sections * Files with such sections will not work properly (or at all!) on some * architectures/operating systems. A bug should be filed at * https://bugs.gentoo.org/ to make sure the issue is fixed. * For more information, see: * * https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart * * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@g.o. * RWX --- --- usr/lib64/libQt5WebEngineCore.so.5.9.3
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7af3188a2035e98923dd1da81f2c74dbdc1f4739 commit 7af3188a2035e98923dd1da81f2c74dbdc1f4739 Author: Magnus Granberg <zorry@gentoo.org> AuthorDate: 2017-12-10 00:29:32 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2017-12-10 01:42:54 +0000 dev-qt/qtwebengine: fix build on pax kernel Closes: https://bugs.gentoo.org/634220 Package-Manager: Portage-2.3.14, Repoman-2.3.6 .../qtwebengine-5.9.3-paxmark-mksnapshot.patch | 41 ++++++++++++++++++++++ dev-qt/qtwebengine/qtwebengine-5.9.3.ebuild | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=299d80e3980c7cf916264f4c269a163192c52c3a commit 299d80e3980c7cf916264f4c269a163192c52c3a Author: Magnus Granberg <zorry@gentoo.org> AuthorDate: 2017-12-10 01:47:53 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2017-12-10 01:48:18 +0000 dev-qt/qtwebengine: fix build on pax kernel Bug: https://bugs.gentoo.org/634220 Package-Manager: Portage-2.3.14, Repoman-2.3.6 .../qtwebengine-5.9.3-paxmark-mksnapshot.patch | 41 ++++++++++++++++++++++ dev-qt/qtwebengine/qtwebengine-5.10.0.ebuild | 2 +- dev-qt/qtwebengine/qtwebengine-5.10.9999.ebuild | 2 +- dev-qt/qtwebengine/qtwebengine-5.9.9999.ebuild | 2 +- dev-qt/qtwebengine/qtwebengine-5.9999.ebuild | 2 +- 5 files changed, 45 insertions(+), 4 deletions(-)}
Created attachment 539072 [details, diff] Updated patch for qtwebengine-5.11.1 Changes in the whitespaces require some trivial changes for the upcoming version of qtwebengine.
Created attachment 553564 [details, diff] Updated patch for qtwebengine-5.11.2
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=1063d701da0b8e04a5bb01dee749ce18bbb48c7a commit 1063d701da0b8e04a5bb01dee749ce18bbb48c7a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-02-08 20:23:27 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-02-08 20:23:27 +0000 dev-qt/qtwebengine: pax_kernel is dead Closes: https://bugs.gentoo.org/634220 Package-Manager: Portage-2.3.87, Repoman-2.3.20 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../qtwebengine-5.11.2-paxmark-mksnapshot.patch | 41 ---------------------- dev-qt/qtwebengine/metadata.xml | 1 - dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild | 13 +++---- dev-qt/qtwebengine/qtwebengine-5.14.9999.ebuild | 11 ++---- dev-qt/qtwebengine/qtwebengine-5.15.9999.ebuild | 11 ++---- dev-qt/qtwebengine/qtwebengine-5.9999.ebuild | 13 +++---- 6 files changed, 14 insertions(+), 76 deletions(-)