Bug 129491

Summary:	app-emulation/xen-tools-3.0.2 emerge failed with hardened profile
Product:	Gentoo Linux	Reporter:	Tuan Van (RETIRED) <langthang>
Component:	Current packages	Assignee:	Chris Bainbridge (RETIRED) <chrb>
Status:	VERIFIED TEST-REQUEST
Severity:	normal	CC:	hardened
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Tuan Van (RETIRED) gentoo-dev

2006-04-10 08:51:22 UTC

gcc  -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -D__ASSEMBLY__ -DDEBUG -DTEXTADDR=0x000D0000 -c trap.S
cpp -P -DDEBUG -DTEXTADDR=0x000D0000 vmxassist.ld > vmxassist.tmp
ld -o vmxassist -m elf_i386 -nostdlib --fatal-warnings -N -T vmxassist.tmp head.o trap.o vm86.o setup.o util.o
vm86.o: In function `address':
vm86.c:(.text+0x19): undefined reference to `__guard'
vm86.c:(.text+0x51): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x8e): undefined reference to `__guard'
vm86.o: In function `trace':
vm86.c:(.text+0x189): undefined reference to `__guard'
vm86.c:(.text+0x1d4): undefined reference to `__guard'
vm86.c:(.text+0x1f0): undefined reference to `__stack_smash_handler'
vm86.o: In function `getreg32':
vm86.c:(.text+0x2fa): undefined reference to `__guard'
vm86.o: In function `.L32':
vm86.c:(.text+0x338): undefined reference to `__stack_smash_handler'
vm86.o: In function `setreg32':
vm86.c:(.text+0x39e): undefined reference to `__guard'
vm86.o: In function `.L44':
vm86.c:(.text+0x3d8): undefined reference to `__stack_smash_handler'
vm86.o: In function `sib':
vm86.c:(.text+0x42b): undefined reference to `__guard'
vm86.c:(.text+0x484): undefined reference to `__guard'
vm86.c:(.text+0x4a3): undefined reference to `__stack_smash_handler'
vm86.o: In function `operand':
vm86.c:(.text+0x56a): undefined reference to `__guard'
vm86.c:(.text+0x6ad): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x700): undefined reference to `__guard'
vm86.c:(.text+0x70b): undefined reference to `__guard'
vm86.o: In function `.L139':
vm86.c:(.text+0x764): undefined reference to `__guard'
vm86.o: In function `.L138':
vm86.c:(.text+0x78e): undefined reference to `__guard'
vm86.o: In function `movr':
vm86.c:(.text+0x93b): undefined reference to `__guard'
vm86.o:vm86.c:(.text+0x9c0): more undefined references to `__guard' follow
vm86.o: In function `movr':
vm86.c:(.text+0x9e0): undefined reference to `__stack_smash_handler'
vm86.o: In function `load_seg':
vm86.c:(.text+0xd4b): undefined reference to `__guard'
vm86.c:(.text+0xda1): undefined reference to `__stack_smash_handler'
vm86.o: In function `set_mode':
vm86.c:(.text+0xf19): undefined reference to `__guard'
vm86.c:(.text+0xf74): undefined reference to `__guard'
vm86.c:(.text+0xf94): undefined reference to `__stack_smash_handler'
vm86.o: In function `interrupt':
vm86.c:(.text+0x139d): undefined reference to `__guard'
vm86.c:(.text+0x1478): undefined reference to `__stack_smash_handler'
vm86.o: In function `outbyte':
vm86.c:(.text+0x14a9): undefined reference to `__guard'
vm86.c:(.text+0x14e8): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x1537): undefined reference to `__guard'
vm86.o: In function `inbyte':
vm86.c:(.text+0x1619): undefined reference to `__guard'
vm86.c:(.text+0x1654): undefined reference to `__stack_smash_handler'
vm86.o: In function `emulate':
vm86.c:(.text+0x16b9): undefined reference to `__guard'
vm86.o: In function `.L321':
vm86.c:(.text+0x1795): undefined reference to `__guard'
vm86.c:(.text+0x17b5): undefined reference to `__stack_smash_handler'
vm86.o: In function `trap':
vm86.c:(.text+0x2619): undefined reference to `__guard'
vm86.c:(.text+0x264a): undefined reference to `__guard'
vm86.c:(.text+0x2666): undefined reference to `__stack_smash_handler'
vm86.c:(.text+0x26bc): undefined reference to `__guard'
setup.o: In function `banner':
setup.c:(.text+0x16): undefined reference to `__guard'
setup.c:(.text+0x113): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_gdt':
setup.c:(.text+0x14b): undefined reference to `__guard'
setup.c:(.text+0x226): undefined reference to `__stack_smash_handler'
setup.o: In function `set_intr_gate':
setup.c:(.text+0x259): undefined reference to `__guard'
setup.c:(.text+0x2b6): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_idt':
setup.c:(.text+0x2e8): undefined reference to `__guard'
setup.c:(.text+0x31e): undefined reference to `__guard'
setup.c:(.text+0x33a): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_pic':
setup.c:(.text+0x369): undefined reference to `__guard'
setup.c:(.text+0x3d3): undefined reference to `__stack_smash_handler'
setup.o: In function `setiomap':
setup.c:(.text+0x409): undefined reference to `__guard'
setup.c:(.text+0x449): undefined reference to `__stack_smash_handler'
setup.o: In function `enter_real_mode':
setup.c:(.text+0x478): undefined reference to `__guard'
setup.c:(.text+0x573): undefined reference to `__guard'
setup.c:(.text+0x58f): undefined reference to `__stack_smash_handler'
setup.o: In function `setup_ctx':
setup.c:(.text+0x5fb): undefined reference to `__guard'
setup.c:(.text+0x795): undefined reference to `__stack_smash_handler'
setup.o: In function `start_bios':
setup.c:(.text+0x7c4): undefined reference to `__guard'
setup.c:(.text+0x80f): undefined reference to `__guard'
setup.c:(.text+0x82b): undefined reference to `__stack_smash_handler'
setup.o: In function `main':
setup.c:(.text+0x879): undefined reference to `__guard'
setup.c:(.text+0x8d4): undefined reference to `__stack_smash_handler'
util.o: In function `putchar':
util.c:(.text+0x19): undefined reference to `__guard'
util.c:(.text+0x3f): undefined reference to `__stack_smash_handler'
util.o: In function `strlen':
util.c:(.text+0x68): undefined reference to `__guard'
util.c:(.text+0xa5): undefined reference to `__stack_smash_handler'
util.o: In function `printnum':
util.c:(.text+0xcb): undefined reference to `__guard'
util.c:(.text+0x118): undefined reference to `__stack_smash_handler'
util.o: In function `_doprint':
util.c:(.text+0x15b): undefined reference to `__guard'
util.c:(.text+0x2b4): undefined reference to `__guard'
util.c:(.text+0x2d4): undefined reference to `__stack_smash_handler'
util.o: In function `panic':
util.c:(.text+0x409): undefined reference to `__guard'
util.c:(.text+0x44f): undefined reference to `__stack_smash_handler'
util.o: In function `vprintf':
util.c:(.text+0x479): undefined reference to `__guard'
util.c:(.text+0x4b0): undefined reference to `__stack_smash_handler'
util.o: In function `printf':
util.c:(.text+0x4d9): undefined reference to `__guard'
util.c:(.text+0x510): undefined reference to `__stack_smash_handler'
util.o: In function `dump_dtr':
util.c:(.text+0x536): undefined reference to `__guard'
util.c:(.text+0x5f9): undefined reference to `__guard'
util.c:(.text+0x615): undefined reference to `__stack_smash_handler'
util.o: In function `dump_vmx_context':
util.c:(.text+0x649): undefined reference to `__guard'
util.c:(.text+0xbc9): undefined reference to `__stack_smash_handler'
util.o: In function `print_e820_map':
util.c:(.text+0xbf9): undefined reference to `__guard'
util.c:(.text+0xce2): undefined reference to `__guard'
util.c:(.text+0xcfe): undefined reference to `__stack_smash_handler'
util.o: In function `hexdump':
util.c:(.text+0xd46): undefined reference to `__guard'
util.c:(.text+0xe8e): undefined reference to `__guard'
util.c:(.text+0xeaa): undefined reference to `__stack_smash_handler'
util.o: In function `dump_regs':
util.c:(.text+0xed8): undefined reference to `__guard'
util.c:(.text+0x1005): undefined reference to `__guard'
util.c:(.text+0x1021): undefined reference to `__stack_smash_handler'
util.o: In function `memset':
util.c:(.text+0x1059): undefined reference to `__guard'
util.c:(.text+0x1091): undefined reference to `__stack_smash_handler'
util.o: In function `memcpy':
util.c:(.text+0x10c9): undefined reference to `__guard'
util.c:(.text+0x1113): undefined reference to `__stack_smash_handler'
make[2]: *** [vmxassist.bin] Error 1
make[2]: Leaving directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/vmxassist'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware'
make: *** [all] Error 2
make: Leaving directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools'

!!! ERROR: app-emulation/xen-tools-3.0.2 failed.
Call stack:
  ebuild.sh, line 1532:   Called dyn_compile
  ebuild.sh, line 929:   Called src_compile
  xen-tools-3.0.2.ebuild, line 69:   Called die

!!! compile failed
!!! If you need support, post the topmost build error, and the call stack if relevant.

mail xen-tools # emerge info
Portage 2.1_pre7-r5 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r3, 2.6.16-rc5-xen i686)
=================================================================
System uname: 2.6.16-rc5-xen i686 Intel(R) Pentium(R) 4 CPU 1.80GHz
Gentoo Base System version 1.12.0_pre16
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.4.2-r1
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/mail/dspam /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control /var/run/dspam"
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer noinfo parallel-fetch sandbox sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.utf8"
LINGUAS="en_US vi"
MAKEOPTS="-j2"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/portage/overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="apache2 berkdb bzip2 crypt dlloader hardened ithreads mysql nls pam pic readline sasl ssl tcpd unicode userlocales utf8 vhosts x86 zlib elibc_glibc kernel_linux linguas_en_US linguas_vi userland_GNU"
Unset:  ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS


If I set gcc to i686-pc-linux-gnu-3.4.6-vanilla, xen-tools-3.0.2 emerge fine.

Comment 1 Chris Bainbridge (RETIRED) gentoo-dev

2006-04-10 11:12:51 UTC

The xen Makefiles try to filter CFLAGS building different parts of the source  with the function:

test-gcc-flag = $(shell $(1) -v --help 2>&1 | grep -q " $(2) " && echo $(2))

calls are like:

./xen/arch/x86/Rules.mk:CFLAGS  += $(call test-gcc-flag,$(CC),-nopie)
./xen/arch/x86/Rules.mk:CFLAGS  += $(call test-gcc-flag,$(CC),-fno-stack-protector)
./xen/arch/x86/Rules.mk:CFLAGS  += $(call test-gcc-flag,$(CC),-fno-stack-protector-all)
./tools/ioemu/target-i386-dm/Makefile:SSE2 := $(call test-gcc-flag,$(CC),-msse2)

$ gcc --help -v 2>&1|grep sse2
  -mno-sse2                 Do not support MMX, SSE and SSE2 built-in functions and code generation
  -msse2                    Support MMX, SSE and SSE2 built-in functions and code generation

$ gcc --help -v 2>&1|grep pie
gcc version 3.4.6 (Gentoo 3.4.6, ssp-3.4.5-1.0, pie-8.7.9)
  -fpie                       Generate position-independent code for
  -pie, --pic-executable      Create a position independent executable

So the question is - why does gcc on Gentoo not show these -no* options in it's help for the hardened flags, when apparently other distros do?
 
You could obviously filter the flags for all the built software, like the old ebuilds did, but that kind of negates the point of running hardened - only vmxassist and hvmloader need non-hardened flags.

Comment 2 Chris Bainbridge (RETIRED) gentoo-dev

2006-04-10 11:57:48 UTC

I've tried to fix the problem by just adding the -nopie -no-stack* flags to the hvmloader and vmxassist Makefiles. Let me know if it works.

Comment 3 Tuan Van (RETIRED) gentoo-dev

2006-04-10 12:16:45 UTC

(In reply to comment #1)
> The xen Makefiles try to filter CFLAGS building different parts of the source 
> with the function:
> 
> test-gcc-flag = $(shell $(1) -v --help 2>&1 | grep -q " $(2) " && echo $(2))
> 
> calls are like:
> 
> ./xen/arch/x86/Rules.mk:CFLAGS  += $(call test-gcc-flag,$(CC),-nopie)
> ./xen/arch/x86/Rules.mk:CFLAGS  += $(call
> test-gcc-flag,$(CC),-fno-stack-protector)
> ./xen/arch/x86/Rules.mk:CFLAGS  += $(call
> test-gcc-flag,$(CC),-fno-stack-protector-all)
> ./tools/ioemu/target-i386-dm/Makefile:SSE2 := $(call
> test-gcc-flag,$(CC),-msse2)
> 
> $ gcc --help -v 2>&1|grep sse2
>   -mno-sse2                 Do not support MMX, SSE and SSE2 built-in functions
> and code generation
>   -msse2                    Support MMX, SSE and SSE2 built-in functions and
> code generation
> 
> $ gcc --help -v 2>&1|grep pie
> gcc version 3.4.6 (Gentoo 3.4.6, ssp-3.4.5-1.0, pie-8.7.9)
>   -fpie                       Generate position-independent code for
>   -pie, --pic-executable      Create a position independent executable
> 
> So the question is - why does gcc on Gentoo not show these -no* options in it's
> help for the hardened flags, when apparently other distros do?
> 
> You could obviously filter the flags for all the built software, like the old
> ebuilds did, but that kind of negates the point of running hardened - only
> vmxassist and hvmloader need non-hardened flags.
> 

there are couple problem with the way they test for PIE/SSP.
1. if CFLAGS is unset, the test failed to detect gcc. I have to have USE=custom-cflags to buils xen-tools
2. with xen-tools-3.0.2, they unset CFLAGS in the tools/firmware/{hvmloader,vmxassist}Makefile which causes test-gcc-flag failed to detect hardened gcc .

my workaround similar to your, but I just commented the "CFLAGS :=" line

sed -i -e 's/CFLAGS :=/# CFLAGS :=/g' "${S}/tools/firmware/hvmloader/Makefile" "${S}/tools/firmware/vmxassist/Makefile"

Comment 4 Chris Bainbridge (RETIRED) gentoo-dev

2006-04-10 12:42:46 UTC

It isn't the unset of CFLAGS that causes the failed gcc detect, it's the fact that under Gentoo 'gcc -v --help' doesn't show the nopie and no-stack-protector flags. Their code apparently works fine on other distributions.

If you just comment out the CFLAG := in the Makefiles, where do your -nopie no-stack-protector flags come from? They must be set somewhere for vmxassist to build?

Comment 5 Tuan Van (RETIRED) gentoo-dev

2006-04-10 13:47:09 UTC

I wasn't clear in my last comment, I meant it failed to detect gentoo gcc.
Why unset CFLAGS cause it failed I don't know (yet), but commented that line put "-nopie -fno-stack-protector"  back in there as you can see below. I differed the Makefile from the older version and notice the new "CFLAGS :=" line

make[2]: Entering directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/vmxassist'
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -D__ASSEMBLY__ -DDEBUG -DTEXTADDR=0x000D0000 -c head.S
gcc -Wall -Werror -Wstrict-prototypes   -Wdeclaration-after-statement -I. -I../../../tools/libxc -o gen gen.c
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -c vm86.c
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -c setup.c
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -c util.c
./gen > offsets.h
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -DTEXTADDR=0x000D0000 -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -D__ASSEMBLY__ -DDEBUG -DTEXTADDR=0x000D0000 -c trap.S
cpp -P -DDEBUG -DTEXTADDR=0x000D0000 vmxassist.ld > vmxassist.tmp
ld -o vmxassist -m elf_i386 -nostdlib --fatal-warnings -N -T vmxassist.tmp head.o trap.o vm86.o setup.o util.o
nm -n vmxassist > vmxassist.sym
objcopy -p -O binary -R .note -R .comment -R .bss -S --gap-fill=0 vmxassist vmxassist.tmp
dd if=vmxassist.tmp of=vmxassist.bin ibs=512 conv=sync
36+0 records in
36+0 records out
18432 bytes (18 kB) copied, 0.000756 seconds, 24.4 MB/s
rm -f vmxassist.tmp
make[2]: Leaving directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/vmxassist'
make[2]: Entering directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/hvmloader'
./mkhex rombios ../rombios/BIOS-bochs-latest > roms.h
./mkhex vgabios_stdvga ../vgabios/VGABIOS-lgpl-latest.bin >> roms.h
./mkhex vgabios_cirrusvga ../vgabios/VGABIOS-lgpl-latest.cirrus.bin >> roms.h
./mkhex vmxassist ../vmxassist/vmxassist.bin >> roms.h
./mkhex acpi ../acpi/acpi.bin >> roms.h
i686-pc-linux-gnu-gcc -O2 -march=pentium4 -fomit-frame-pointer -fforce-addr -mmmx -msse -msse2 -mfpmath=sse -nopie -fno-stack-protector -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement  -D__XEN_INTERFACE_VERSION__=0x00030101 -DNDEBUG -m32  -Wall -Wstrict-prototypes -Wdeclaration-after-statement     -DDEBUG -I. -I../../../tools/libxc -fno-builtin -O2 -msoft-float -c hvmloader.c acpi_madt.c
i686-pc-linux-gnu-gcc -m32 -nostdlib -Wl,-N -Wl,-Ttext -Wl,0x100000 -o hvmloader.tmp hvmloader.o acpi_madt.o
objcopy hvmloader.tmp hvmloader
rm -f hvmloader.tmp
make[2]: Leaving directory `/var/tmp/portage/xen-tools-3.0.2/work/xen-3.0.2/tools/firmware/hvmloader'

As for why `test-gcc-flag = $(shell $(1) -v --help 2>&1 | grep -q " $(2) " && echo $(2))` doesn't turn up any of "-nopie", "-fno-stack-protector", and "-fno-stack-protector-all" , may be the hardened team can tell.

Comment 6 Tuan Van (RETIRED) gentoo-dev

2006-04-10 17:09:58 UTC

my bad. thosee "-nopie -fno-stack-protector" came from
...
        if use custom-cflags; then
               filter-flags -fPIE -fstack-protector
        else
...
and I have USE=custom-cflags

the new ebuild pass this stage but failed at vga.c and you are already known about it.

Using this patch http://lists.xensource.com/archives/html/xen-changelog/2006-04/msg00108.html I was be able to emerge xen-tools-3.0.2 on hardened profile.

Comment 7 Tuan Van (RETIRED) gentoo-dev

2006-04-10 17:11:47 UTC

sorry to spam. I forgot to mention that hardened USE flag is missing in IUSE.

Comment 8 Chris Bainbridge (RETIRED) gentoo-dev

2006-04-11 03:27:08 UTC

It's not spam if it's a bug :)

I've added the patch and fixed IUSE.

Comment 9 solar (RETIRED) gentoo-dev

2006-04-16 09:39:36 UTC

I was able to compile xen-tools while using a hardened profile