Created attachment 857853 [details] glibc-hardened.log.xz Hello, The newly stabilized glibc-2.36-r7 is failing to build on the releng stage1 hardened autobuilds. We're starting with seed stage stage3-amd64-hardened-openrc-20230307T201702Z.tar.xz which has 2.36-r5, that seed gets unpacked, chrooted, and successfully updates to 2.36-r7. Then this environment is used to build stage1 in a new ROOT, it fails to build 2.36-r7 there. Originally seen in the Monday March 13 builds here: https://archives.gentoo.org/gentoo-releng-autobuilds/threads/2023-03/ But I have now reproduced locally and can attach a full build log.
I'll dig into this tomorrow, I think we nearly fixed this before but got distracted (someone reported a problem which looked like this, we identified the fix, but it turned out their problem was something else and we never circled back).
For tomorrow, could you give me the set of steps to repro? It'll be useful in verifying the fix.
FWIW. I too am seeing this error in my personal fork. It might help provide an alternative process to reproduce the issue; https://github.com/nabbi/oubliette-releng I tried masking =sys-libs/glibc-2.36-r7 yet glibc-2.36-r5 also generates the error. Thank you
If your active compiler is gcc-11.3.1_p20230120-r1[cet], glibc[-cet] build succeeds. Switch to gcc-12.2.1_p20230121-r1[cet], and glibc[-cet] will fail to compile with the error attached here.
I have sys-devel/gcc-12.2.1_p20230304 (-cet) and sys-libs/glibc-2.36-r5 (-cet). But still have this issue.
I mean sys-libs/glibc-2.36-r7
@krnowak: I suspect this is the issue you hit in Flatcar that you addressed with https://github.com/flatcar/coreos-overlay/commit/f4b92a6de9fcf506b30f1c6156b27c0e3d25438e. I'm going to pull that in as it looks sensible.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b7eace724b0035856311008c95cc7fe18b8231b commit 0b7eace724b0035856311008c95cc7fe18b8231b Author: Krzesimir Nowak <knowak@microsoft.com> AuthorDate: 2023-03-17 02:34:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-17 02:35:53 +0000 sys-libs/glibc: disable CET explicitly if USE=-cet When bootstrapping, we may have a situation where CET-enabled gcc from seed is used to build CET-disabled glibc. As such, gcc implicitly enables CET if no -fcf-protection flag is passed. For a typical package it should not be a problem, but for glibc it matters as it is dealing with CET in ld.so. So if CET is supposed to be disabled for glibc, be explicit about it. [sam: cherry-picked from Flatcar at https://github.com/flatcar/coreos-overlay/commit/f4b92a6de9fcf506b30f1c6156b27c0e3d25438e] Bug: https://bugs.gentoo.org/830454 Closes: https://bugs.gentoo.org/901363 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/glibc/glibc-2.36-r7.ebuild | 13 ++++++++++++- sys-libs/glibc/glibc-2.37-r1.ebuild | 13 ++++++++++++- sys-libs/glibc/glibc-9999.ebuild | 13 ++++++++++++- 3 files changed, 36 insertions(+), 3 deletions(-)
Hi Sam, Just found time today to try to upstream it but you were quicker than me. :) Good to hear that the change made sense to you and thank you for pulling it in.
