This is because the amd64 profile sets the cet USE flag by default so should affect any profile with this set as on but only amd64 tested for now. To reproduce: 1. emerge -va sys-devel/crossdev 2. crossdev -s4 i586-pc-linux-gnu cc1: error: ‘-fcf-protection’ is not compatible with this target As a workaround, a user can run: USE="cet" crossdev -s4 i586-pc-linux-gnu # emerge --info Portage 3.0.66.1 (python 3.13.0-final-0, default/linux/amd64/23.0/desktop, gcc-14, glibc-9999, 6.11.5-gentoo-dist x86_64) ================================================================= System uname: Linux-6.11.5-gentoo-dist-x86_64-AMD_Ryzen_9_5950X_16-Core_Processor-with-glibc2.39.9000 KiB Mem: 65744176 total, 8835920 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Fri, 08 Nov 2024 11:48:28 +0000 Head commit of repository gentoo: bfe1cfef7f18bc6f074516fe3d68f63fa615621e Head commit of repository cosmic-overlay: 7c3866da5d36d96945ec0d1ecc161f090f96e425 Timestamp of repository edgets: Wed, 06 Nov 2024 10:33:22 +0000 Head commit of repository edgets: c26ef2275e5aa2b6ab30cb5971bf47780f8584c5 Timestamp of repository guru: Fri, 08 Nov 2024 10:33:25 +0000 Head commit of repository guru: 7d6da054090edaa9016006a4fb5fb2ae59ee325c Timestamp of repository parona-overlay: Thu, 07 Nov 2024 18:33:21 +0000 Head commit of repository parona-overlay: 4d26195fdd9ce4626328d9f2723731204416c5de Timestamp of repository sft: Wed, 30 Oct 2024 16:33:15 +0000 Head commit of repository sft: e63a662234d31918647bbbbf4ee4278137ba65dc Timestamp of repository steam-overlay: Tue, 08 Oct 2024 15:50:59 +0000 Head commit of repository steam-overlay: c802c22bb423cb84d975b3fc9cfe6bc9410d22cd Timestamp of repository wayland-desktop: Mon, 14 Oct 2024 12:50:43 +0000 Head commit of repository wayland-desktop: 72e2e53f3b71aac34a65fd64b8cb527b0ac1e613 sh bash 5.2_p37 ld GNU ld (Gentoo 2.43 p2) 2.43.1 app-misc/pax-utils: 1.3.8::gentoo app-shells/bash: 5.2_p37::gentoo dev-build/autoconf: 2.13-r8::gentoo, 2.71-r7::gentoo, 2.72-r1::gentoo dev-build/automake: 1.16.5-r2::gentoo, 1.17-r1::gentoo dev-build/cmake: 3.30.5::gentoo dev-build/libtool: 2.5.3::gentoo dev-build/make: 4.4.1-r100::gentoo dev-build/meson: 9999::gentoo dev-java/java-config: 2.3.4::gentoo dev-lang/perl: 5.40.0::gentoo dev-lang/python: 3.11.10_p1::gentoo, 3.12.7_p1::gentoo, 3.13.0::gentoo dev-lang/rust: 1.80.1::cosmic-overlay dev-lang/rust-bin: 1.82.0::gentoo sys-apps/baselayout: 2.15::gentoo sys-apps/openrc: 0.54.2::gentoo sys-apps/sandbox: 2.39::gentoo sys-devel/binutils: 2.42-r1::gentoo, 2.43-r1::gentoo sys-devel/binutils-config: 5.5.2::gentoo sys-devel/clang: 17.0.6::gentoo, 18.1.6::gentoo sys-devel/gcc: 12.3.1_p20240502::gentoo, 13.2.1_p20240210::gentoo, 14.1.1_p20240518::gentoo, 15.0.0_pre20241020-r2::gentoo sys-devel/gcc-config: 2.11::gentoo sys-devel/lld: 17.0.6::gentoo, 18.1.5::gentoo sys-devel/llvm: 17.0.6::gentoo, 18.1.8-r4::gentoo, 19.1.2::gentoo sys-kernel/linux-headers: 6.11::gentoo (virtual/os-headers) sys-libs/glibc: 9999::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo.git priority: -1000 volatile: False cosmic-overlay location: /var/db/repos/cosmic-overlay sync-type: git sync-uri: https://github.com/fsvm88/cosmic-overlay.git masters: gentoo volatile: False edgets location: /var/db/repos/edgets sync-type: git sync-uri: https://github.com/gentoo-mirror/edgets.git masters: gentoo volatile: False guru location: /var/db/repos/guru sync-type: git sync-uri: https://github.com/gentoo-mirror/guru.git masters: gentoo volatile: False local location: /var/db/repos/local masters: gentoo volatile: False parona-overlay location: /var/db/repos/parona-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/parona-overlay.git masters: gentoo volatile: False py3_13 location: /var/db/repos/py3_13 masters: gentoo volatile: False sft location: /var/db/repos/sft sync-type: git sync-uri: https://github.com/gentoo-mirror/sft.git masters: gentoo volatile: False steam-overlay location: /var/db/repos/steam-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/steam-overlay.git masters: gentoo volatile: False wayland-desktop location: /var/db/repos/wayland-desktop sync-type: git sync-uri: https://github.com/gentoo-mirror/wayland-desktop.git masters: gentoo volatile: False Binary Repositories: gentoobinhost priority: 1 sync-uri: https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=native -pipe -flto" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d" CXXFLAGS="-O2 -march=native -pipe -flto" DISTDIR="/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -march=native -pipe -flto" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -march=native -pipe -flto" GENTOO_MIRRORS="https://mirror.bytemark.co.uk/gentoo/ https://mirrors.gethosted.online/gentoo/" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs" LEX="flex" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" RUSTFLAGS=" -Clinker-plugin-lto -Ctarget-cpu=native" SHELL="/bin/bash" USE="X a52 aac acl acpi alsa amd64 bluetooth branding bzip2 cairo cdda cdr cet crypt dbus dri dts dvd dvdr elogind encode exif flac gdbm gif gpm gtk gui iconv icu ipv6 jpeg kf6compat lcms libnotify libtirpc lto mad mng mp3 mp4 mpeg multilib ncurses networkmanager nls ogg opengl openmp opus pam pango pcre pdf pgo pipewire png policykit ppds pulseaudio qml readline sdl seccomp sound spell ssl startup-notification svg test-rust tiff truetype udev udisks unicode upower usb vorbis vulkan wayland webp wxwidgets x264 xattr xcb xft xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gcc_12" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sha sse3 sse4_1 sse4_2 sse4a ssse3 vpclmulqdq" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-GB" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres16" PYTHON_SINGLE_TARGET="python3_13" PYTHON_TARGETS="python3_12 python3_13" QEMU_SOFTMMU_TARGETS="aarch64 i386 x86_64 ppc m68k sh4 sh4eb hppa alpha" QEMU_USER_TARGETS="m68k sh4 sh4eb aarch64 hppa riscv64 riscv32 alpha ppc64le" RUBY_TARGETS="ruby32" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, MAKEOPTS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS
crossdev should disable it at least for that tuple, not sure if the eclass should do something as well.
In the eclass, we currently do: enable_cet_for 'i[34567]86' 'gnu' 'cet' Maybe we should just delete that line. Kernel support (i.e. enforcement) will never exist for 32-bit x86.
Created attachment 908616 [details] build.log
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6cb7a61dad7e9672a8448597835dbbf9b9e0ccf commit d6cb7a61dad7e9672a8448597835dbbf9b9e0ccf Author: Ian Jordan <immoloism@gmail.com> AuthorDate: 2024-11-12 18:32:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-11-12 19:18:51 +0000 toolchain.eclass: Disable CET on x86 Remove enable_cet_for 'i[34567]86' 'gnu' 'cet' from to prevent -fcf-protection on x86 systens where CET support will never be fully enabled anyway. This should help with bug #933772 also but I was unable to reproduce to confirm. Closes: https://bugs.gentoo.org/943332 Bug: https://bugs.gentoo.org/933772 Thanks-to: Sam James <sam@gentoo.org> Signed-off-by: Ian Jordan <immoloism@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> eclass/toolchain.eclass | 1 - 1 file changed, 1 deletion(-)
I do wonder why https://gitweb.gentoo.org/proj/crossdev.git/commit/?id=daec387a1c91d5a0b9f94ee00ef95f63a9a6d9d2 wasn't enough.
Doesn't this reintroduce the cet automagic on x86? It fixes the bug because the configure script checks that it can pass `-fcf-protection` and disables cet otherwise but I think the right thing to do is either: enable_cet_for 'i[34567]86' 'ALWAYS_DISABLED' 'cet' or, if we don't want to abuse the function like that [[ ${CTARGET} == i[34567]86-* ]] && confgcc+=( --disable-cet ) Though I haven't tested it.
(In reply to Sam James from comment #5) > I do wonder why > https://gitweb.gentoo.org/proj/crossdev.git/commit/ > ?id=daec387a1c91d5a0b9f94ee00ef95f63a9a6d9d2 wasn't enough. Indeed, I just tried it without this new fix and it worked. I can only guess that immolo's target was created before the other fix went out. > [ebuild R ] cross-i586-pc-linux-gnu/gcc-14.2.1_p20241026:14::crossdev USE="cxx openmp pie ssp -ada (-cet) -custom-cflags -d -debug -default-stack-clash-protection -default-znow -doc -fixed-point -fortran -go -graphite -hardened -ieee-long-double -jit -libssp -lto -modula2 (-multilib) -nls -objc -objc++ -objc-gc (-pch) -pgo -rust -sanitize -systemtap -test (-time64) -valgrind -vanilla -vtv -zstd" 0 KiB
(In reply to Andrei Horodniceanu from comment #6) > Doesn't this reintroduce the cet automagic on x86? It fixes the bug because > the configure script checks that it can pass `-fcf-protection` and disables > cet otherwise but I think the right thing to do is either: > > enable_cet_for 'i[34567]86' 'ALWAYS_DISABLED' 'cet' > > or, if we don't want to abuse the function like that > > [[ ${CTARGET} == i[34567]86-* ]] && confgcc+=( --disable-cet ) > > Though I haven't tested it. Oh, you're right. Let's do the latter. Mind submitting it?
(In reply to James Le Cuirot from comment #7) > (In reply to Sam James from comment #5) > > I do wonder why > > https://gitweb.gentoo.org/proj/crossdev.git/commit/ > > ?id=daec387a1c91d5a0b9f94ee00ef95f63a9a6d9d2 wasn't enough. > > Indeed, I just tried it without this new fix and it worked. I can only guess > that immolo's target was created before the other fix went out. > > > [ebuild R ] cross-i586-pc-linux-gnu/gcc-14.2.1_p20241026:14::crossdev USE="cxx openmp pie ssp -ada (-cet) -custom-cflags -d -debug -default-stack-clash-protection -default-znow -doc -fixed-point -fortran -go -graphite -hardened -ieee-long-double -jit -libssp -lto -modula2 (-multilib) -nls -objc -objc++ -objc-gc (-pch) -pgo -rust -sanitize -systemtap -test (-time64) -valgrind -vanilla -vtv -zstd" 0 KiB As a FWIW, Chewi was correct about my system. I did a fresh build of the toolchain but was running an older build of the live ebuild. Not sure if this would have changed the outcome but highlighting in case we need to revisit this in the future.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2aa4020e09554055db2d6a6f65c55370565a440e commit 2aa4020e09554055db2d6a6f65c55370565a440e Author: Andrei Horodniceanu <a.horodniceanu@proton.me> AuthorDate: 2024-11-13 09:31:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-11-13 19:22:10 +0000 toolchain.eclass: unconditionally pass --disable-cet on x86 d6cb7a61dad7e9672a8448597835dbbf9b9e0ccf removed the check that passed --enable-cet or --disable-cet to configure making the script fallback to automagic. The goal was to prevent passing --enable-cet on x86 gnu triples as that would lead to gcc failing to build under crossdev. Note that this specific crossdev cet issue has been solved in crossdev by package.use.mask'ing the cet USE flag for gcc on x86 but targets configured before that can still have the cet USE flag enabled. Bug: https://bugs.gentoo.org/943332 Signed-off-by: Andrei Horodniceanu <a.horodniceanu@proton.me> Closes: https://github.com/gentoo/gentoo/pull/39300 Signed-off-by: Sam James <sam@gentoo.org> eclass/toolchain.eclass | 1 + 1 file changed, 1 insertion(+)
