the recent go update to dev-lang/go-1.22.5 triggered a rebuild of all my installed golang packages, including app-containers/runc-1.1.12 which failed to link /usr/lib/go/pkg/tool/linux_amd64/link: running x86_64-pc-linux-gnu-gcc failed: exit status 1 /usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/app-containers/runc-1.1.12/temp/cc3SpSIY.ltrans0.ltrans.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a PIE object; recompile with -fPIE /usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: failed to set dynamic section sizes: bad value collect2: error: ld returned 1 exit status this only happened on the one machine where I have USE=hardened. when I remove USE=hardened or set safe CFLAGS (-Wno-error=odr -Wno-error=lto-type-mismatch -Wno-error=strict-aliasing -fno-lto) it builds successfully Reproducible: Always Steps to Reproduce: 1. USE=hardened and CFLAGS WARNING_FLAGS="-Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing" COMMON_FLAGS="-march=native -O2 -pipe -flto ${WARNING_FLAGS}" Maybe this is because CGO_CFLAGS now work, see bug https://bugs.gentoo.org/show_bug.cgi?id=900933
Created attachment 896964 [details] emerge info
Created attachment 896965 [details] build log
The same happens to me (hardened profile + lto).
Why is this still UNCONFIRMED? A series of people have the exact same issue, including me.
Same issue I am afraid. Can someone have a look at this please? >>> packagefile debug/dwarf=/var/tmp/portage/app-containers/runc-1.1.12/temp/go-build299624149/b180/_pkg_.a packagefile internal/saferio=/var/tmp/portage/app-containers/runc-1.1.12/temp/go-build299624149/b181/_pkg_.a packagefile internal/zstd=/var/tmp/portage/app-containers/runc-1.1.12/temp/go-build299624149/b182/_pkg_.a packagefile hash/adler32=/var/tmp/portage/app-containers/runc-1.1.12/temp/go-build299624149/b179/_pkg_.a modinfo "0w\xaf\f\x92t\b\x02A\xe1\xc1\a\xe6\xd6\x18\xe6path\tgithub.com/opencontainers/runc\nmod\tgithub.com/opencontainers/runc\t(devel)\t\ndep\tgithub.com/checkpoint-restore/go-criu/v5\tv5.3.0\t\ndep\tgithub.com/cilium/ebpf\tv0.7.0\t\ndep\tgithub.com/containerd/console\tv1.0.3\t\ndep\tgithub.com/coreos/go-systemd/v22\tv22.3.2\t\ndep\tgithub.com/cpuguy83/go-md2man/v2\tv2.0.0-20190314233015-f79a8a8ca69d\t\ndep\tgithub.com/cyphar/filepath-securejoin\tv0.2.4\t\ndep\tgithub.com/docker/go-units\tv0.4.0\t\ndep\tgithub.com/godbus/dbus/v5\tv5.0.6\t\ndep\tgithub.com/moby/sys/mountinfo\tv0.5.0\t\ndep\tgithub.com/mrunalp/fileutils\tv0.5.1\t\ndep\tgithub.com/opencontainers/runtime-spec\tv1.0.3-0.20210326190908-1c3f411f0417\t\ndep\tgithub.com/opencontainers/selinux\tv1.10.0\t\ndep\tgithub.com/russross/blackfriday/v2\tv2.0.1\t\ndep\tgithub.com/seccomp/libseccomp-golang\tv0.9.2-0.20220502022130-f33da4d89646\t\ndep\tgithub.com/shurcooL/sanitized_anchor_name\tv1.0.0\t\ndep\tgithub.com/sirupsen/logrus\tv1.8.1\t\ndep\tgithub.com/syndtr/gocapability\tv0.0.0-20200815063812-42c35b437635\t\ndep\tgithub.com/urfave/cli\tv1.22.1\t\ndep\tgithub.com/vishvananda/netlink\tv1.1.0\t\ndep\tgithub.com/vishvananda/netns\tv0.0.0-20191106174202-0a2b9b5464df\t\ndep\tgolang.org/x/net\tv0.8.0\t\ndep\tgolang.org/x/sys\tv0.6.0\t\ndep\tgoogle.golang.org/protobuf\tv1.27.1\t\nbuild\t-buildmode=pie\nbuild\t-compiler=gc\nbuild\t-tags=seccomp\nbuild\t-trimpath=true\nbuild\tDefaultGODEBUG=httplaxcontentlength=1,httpmuxgo121=1,netedns0=0,panicnil=1,tls10server=1,tlsrsakex=1,tlsunsafeekm=1\nbuild\tCGO_ENABLED=1\nbuild\tGOARCH=amd64\nbuild\tGOOS=linux\nbuild\tGOAMD64=v1\n\xf92C1\x86\x18 r\x00\x82B\x10A\x16\xd8\xf2" EOF mkdir -p $WORK/b001/exe/ cd . GOROOT_FINAL='$GOROOT' /usr/lib/go/pkg/tool/linux_amd64/link -o $WORK/b001/exe/a.out -importcfg $WORK/b001/importcfg.link -installsuffix shared -X=runtime.godebugDefault=httplaxcontentlength=1,httpmuxgo121=1,netedns0=0,panicnil=1,tls10server=1,tlsrsakex=1,tlsunsafeekm=1 -buildmode=pie -buildid=GebMuEGQIZ5Tw64LdpPY/q59-TS3Bi3LOidgpiM7q/DMB6wuEDjSMkX5lClrKY/GebMuEGQIZ5Tw64LdpPY -X main.gitCommit=51d5e94601ceffbbd85688df1c928ecccbfa4685 -X main.version=1.1.12 -extld=x86_64-pc-linux-gnu-gcc $WORK/b001/_pkg_.a # github.com/opencontainers/runc /usr/lib/go/pkg/tool/linux_amd64/link: running x86_64-pc-linux-gnu-gcc failed: exit status 1 /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/app-containers/runc-1.1.12/temp/cchnIu87.ltrans0.ltrans.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a PIE object; recompile with -fPIE /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: failed to set dynamic section sizes: bad value collect2: error: ld returned 1 exit status make: *** [Makefile:61: runc] Error 1 * ERROR: app-containers/runc-1.1.12::gentoo failed (compile phase): * emake failed <<<
# Taken from app-containers/docker-1.7.0-r1 CGO_CFLAGS+=" -I${ESYSROOT}/usr/include" CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '') -L${ESYSROOT}/usr/$(get_libdir)" https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d4571e78f348eac41d64ba306ec2a8226ad17c Seeing what the use flag does and the context with it also getting removed from docker. The use flag should be removed.
It builds fine without LTO with or without the hardened flag.
To clarify things a bit. Builds fine with "-hardened" and LTO, as well as with or without "hardened" and without LTO.
Created attachment 906121 [details] build log runc-1.1.14 to keep this report updated: it still happens with app-containers/runc-1.1.14 when using LTO and USE=hardened, see updated build log.
dup of bug 935459 ?
