uclibc needs proper recognition by configure signs of failure are (if configure/econf is running): checking how to recognize dependant libraries ... unknown (should be pass_all) checking if libtool supports shared libraries ... no (should be yes) checking whether to build shared libraries ... no (should be yes) the last one depends on the libtool check, if that is no, shared libraries won't be built (building shared libraries could be disabled explicitely by the ebuild, so that failure is not a sure sign of failure, but could be) the most common solution to solve this is to add: inherit libtool and run uclibctoolize in src_unpack if that does not solve the problem consider looking into the uclibc patches in the libtool/gdb/binutils packages, they will give a hint which files should also be patched do not use append-flags -fPIC only as last resort please, this will also apply to the executables themselves and will add overhead to them on a hardened system the above problem has following side effect: due to missing -fPIC, all the objects are built w/ -fPIE if an object built w/ -fPIE goes into a shared library, this library will have text relocation (readelf -d lib*.so | grep TEXTREL) and is considered faulty (on hardened uclibc support for this type of library is disabled, so they won't be usable) if an object built w/ -fPIE goes into a static library (archive, lib*.a) there is no problem if ET_EXEC binaries are built against that static library but hardened builds ET_DYN/PIE executables, and this will also end up w/ text relocation if a shared library will be built against that static library, it is almost sure that it will end up w/ text relocation Reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: I am sure that many of the packages that got append-flags -fPIC because of uclibc are such cases. these should be all revised. this can also apply to improperly discovered non-x86 archs, where configure lacks the proper arch support and fails the dependant libraries/libtool check. syntaxes like use <arch> && append-flags -fPIC should be revised too. marking of a package carrying a shared lib and doing a check for that would be good this bug should be never closed being a reference for all hardened and non-x86 devs
FYI: I've tested grub & mysql in an hardened uclibc env and after the changes suggested they compile/work as expected.
Chances are we will change the way the hardened toolchain works slightly. +hardened +pic will behave the old way, and +hardened +pic +pie will behave the way it does in recent gcc. This change will avoid problems that are described here with fPIE behavior as well as allow us to port hardened solutions to arches such as sparc easier without incurring the overhead of fPIE where it simply does not make sense. Pappy will be in charge of making those changes to the gcc hardened patches. He will file another bug or something for that.
I had some problems to get symbols linked in. I think this would work: (gdb) run Starting program: /root/lshw-B.02.09/src/lshw-static warning: Lowest section in system-supplied DSO at 0xffffe000 is .hash at ffffe0b4 CPUID Program received signal SIGSEGV, Segmentation fault. 0x0807d2ca in cpuid (cpunumber=5, idx=0, eax=@0xff91fb8c, ebx=@0xff91fb90, ecx=@0xff91fb94, edx=@0xff91fb98) at cpuid.cc:114 114 ); (gdb) bt #0 0x0807d2ca in cpuid (cpunumber=5, idx=0, eax=@0xff91fb8c, ebx=@0xff91fb90, ecx=@0xff91fb94, edx=@0xff91fb98) at cpuid.cc:114 #1 0x0807fc3c in scan_cpuid (n=@0xff920148) at cpuid.cc:632 #2 0x08057eb5 in scan_system (system=@0xff920278) at main.cc:75 #3 0x0804896b in main (argc=1, argv=0xff9201e8) at lshw.cc:134 (gdb) Portage 2.1.1-r2 (uclibc/x86/hardened, gcc-3.4.6, uclibc-0.9.28.1-r0, 2.6.20-gentoo i686) ================================================================= System uname: 2.6.20-gentoo i686 Intel(R) Pentium(R) D CPU 3.00GHz Gentoo Base System version 1.12.6 Last Sync: Tue, 13 Feb 2007 09:30:01 +0000 distcc 2.18.3 i386-gentoo-linux-uclibc (protocols 1 and 2) (default port 3632) [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.20 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i386-gentoo-linux-uclibc" CFLAGS="-march=i386 -Os -pipe -fomit-frame-pointer" CHOST="i386-gentoo-linux-uclibc" CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/bind /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-Os -pipe" DISTDIR="/var/cache/distfiles" FEATURES="autoconfig buildpkg distlocks metadata-transfer nodoc noinfo noman sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/var/cache/packages/default" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/alpine-portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X509 alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol bitmap-fonts bri bzip2 cli cracklib dlloader dri elibc_uclibc encode expat extensions hardened input_devices_evdev input_devices_keyboard input_devices_mouse iproute2 ipv6 jpeg kernel_linux lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text lua mad midi minimal misdn_cards_avmfritz misdn_cards_hfcmulti misdn_cards_hfcpci misdn_cards_hfcsmini misdn_cards_hfcsusb misdn_cards_netjetpci misdn_cards_sedlfax misdn_cards_w6692pci misdn_cards_xhfc ncurses netboot ntfs ogg oss pci pcmcia pic png pppd pri readline reflection rrdtool sensord session snmp speex spl ssl tdb truetype truetype-fonts type1-fonts uclibc uclibc++ udev usb userland_GNU userlocales video_cards_apm video_cards_ark video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_epson video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mach64 video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_r128 video_cards_radeon video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_voodoo wordexp xorg zaptel zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #3) > I had some problems to get symbols linked in. I think this would work: I'm sorry, I was in completely wrong bug. Please ignore.
Dead bug.
