Bug 292772

Summary:	libs built by >=dev-lang/ghc-6.10 are built pie-enabled under hardened gentoo.
Product:	Gentoo Linux	Reporter:	Hongjiu Zhang <voidprayer>
Component:	Current packages	Assignee:	Gentoo's Haskell Language team <haskell>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	fixed ebuild new ebuild 6.12's edition.

Description Hongjiu Zhang 2009-11-11 10:47:56 UTC

I am using Haskell overlay, while using the GHC in the Portage. Since now gcc-4.3.4 is stablized in non-SELinux Hardened profile, I am using Hardened GCC 4. While emerging app-editors/yi, I got the following error messages. I talked to ivanm and some other people in #haskell and they told me this could be caused by a broken toolchain.
Building yi-0.6.1...
[  1 of 119] Compiling System.FriendlyPath ( System/FriendlyPath.hs, dist/build/System/FriendlyPath.o )
[  2 of 119] Compiling Shim.ProjectContent ( Shim/ProjectContent.hs, dist/build/Shim/ProjectContent.o )
[  3 of 119] Compiling Parser.Incremental ( Parser/Incremental.hs, dist/build/Parser/Incremental.o )
[  4 of 119] Compiling Data.Trie        ( Data/Trie.hs, dist/build/Data/Trie.o )
[  5 of 119] Compiling Data.DelayList   ( Data/DelayList.hs, dist/build/Data/DelayList.o )
[  6 of 119] Compiling Data.Rope        ( Data/Rope.hs, dist/build/Data/Rope.o )
[  7 of 119] Compiling Data.Prototype   ( Data/Prototype.hs, dist/build/Data/Prototype.o )
[  8 of 119] Compiling HConf.Utils      ( HConf/Utils.hs, dist/build/HConf/Utils.o )
[  9 of 119] Compiling HConf.Paths      ( HConf/Paths.hs, dist/build/HConf/Paths.o )
[ 10 of 119] Compiling Paths_yi         ( dist/build/autogen/Paths_yi.hs, dist/build/Paths_yi.o )
[ 11 of 119] Compiling HConf            ( HConf.hs, dist/build/HConf.o )
[ 12 of 119] Compiling Yi.Char.Unicode  ( Yi/Char/Unicode.hs, dist/build/Yi/Char/Unicode.o )
[ 13 of 119] Compiling Yi.UI.Common[boot] ( Yi/UI/Common.hs-boot, dist/build/Yi/UI/Common.o-boot )
[ 14 of 119] Compiling Yi.String        ( Yi/String.hs, dist/build/Yi/String.o )
[ 15 of 119] Compiling Yi.Monad         ( Yi/Monad.hs, dist/build/Yi/Monad.o )
[ 16 of 119] Compiling Yi.Keymap.Completion ( Yi/Keymap/Completion.hs, dist/build/Yi/Keymap/Completion.o )
[ 17 of 119] Compiling Yi.Editor[boot]  ( Yi/Editor.hs-boot, dist/build/Yi/Editor.o-boot )
[ 18 of 119] Compiling Yi.Debug         ( Yi/Debug.hs, dist/build/Yi/Debug.o )
[ 19 of 119] Compiling Yi.Prelude       ( Yi/Prelude.hs, dist/build/Yi/Prelude.o )
[ 20 of 119] Compiling Yi.Dynamic       ( Yi/Dynamic.hs, dist/build/Yi/Dynamic.o )
[ 21 of 119] Compiling Yi.Event         ( Yi/Event.hs, dist/build/Yi/Event.o )
[ 22 of 119] Compiling Yi.Interact      ( Yi/Interact.hs, dist/build/Yi/Interact.o )
[ 23 of 119] Compiling Yi.Keymap[boot]  ( Yi/Keymap.hs-boot, dist/build/Yi/Keymap.o-boot )
[ 24 of 119] Compiling Yi.Style         ( Yi/Style.hs, dist/build/Yi/Style.o )
[ 25 of 119] Compiling Yi.Style.Library ( Yi/Style/Library.hs, dist/build/Yi/Style/Library.o )
[ 26 of 119] Compiling Yi.Interpreter   ( Yi/Interpreter.hs, dist/build/Yi/Interpreter.o )
[ 27 of 119] Compiling Shim.Utils       ( Shim/Utils.hs, dist/build/Shim/Utils.o )
[ 28 of 119] Compiling Shim.CabalInfo   ( Shim/CabalInfo.hs, dist/build/Shim/CabalInfo.o )
[ 29 of 119] Compiling Yi.Buffer.Misc[boot] ( Yi/Buffer/Misc.hs-boot, dist/build/Yi/Buffer/Misc.o-boot )
[ 30 of 119] Compiling Yi.Buffer.Basic  ( Yi/Buffer/Basic.hs, dist/build/Yi/Buffer/Basic.o )
ghc: /usr/lib/ghc-6.10.4/ghc-prim-0.1.0.0/HSghc-prim-0.1.0.0.o: unknown symbol `_GLOBAL_OFFSET_TABLE_'
Loading package ghc-prim ... linking ... ghc: unable to load package `ghc-prim'

emerge --info:
Portage 2.1.7.4 (hardened/linux/x86/10.0/desktop, gcc-4.3.4, glibc-2.10.1-r0, 2.6.31-11-generic i686)
=================================================================
System uname: Linux-2.6.31-11-generic-i686-Genuine_Intel-R-_CPU_T2050_@_1.60GHz-with-gentoo-2.0.1
Timestamp of tree: Sun, 08 Nov 2009 12:20:01 +0000
app-shells/bash:     4.0_p35
dev-lang/python:     2.6.4, 3.1.1-r1
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.5.2-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.9.6-r2, 1.10.2, 1.11
sys-devel/binutils:  2.20
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
DISTDIR="/var/cache/portage/distfiles"
FEATURES="assume-digests buildpkg distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://mirrors.163.com/gentoo http://gentoo.aditsu.net"
LANG="zh_CN.UTF-8"
LC_ALL="C"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="*"
MAKEOPTS="-j3"
PKGDIR="/var/cache/portage/packages"
PORTAGE_COMPRESS="xz"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/var/cache/portage/ebuilds/gentoo"
PORTDIR_OVERLAY="/var/cache/portage/ebuilds/sunrise /var/cache/portage/ebuilds/gentoo-china /var/cache/portage/ebuilds/haskell /var/cache/portage/ebuilds/local"
SYNC="rsync://mirror.averse.net/gentoo-portage"
USE="X a52 aac acl acpi bash-completion berkdb bluetooth branding bzip2 cairo cdr cli consolekit cracklib crypt cups dbus dri dts dvd dvdr eds emboss encode evo fam flac gdbm gif gnome gpm gstreamer gtk hal hardened iconv ipv6 jpeg ldap libnotify lzma mad mikmod mmx mmxext modules mp3 mp4 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl pic png ppds pppd python quicktime readline reflection sdl session spell spl sse sse2 ssl startup-notification svg sysfs tcpd thunar tiff truetype unicode urandom usb vim-syntax vorbis win32codecs x264 x86 xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 	emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m 	maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="*" USERLAND="GNU" VIDEO_CARDS="intel" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

gcc-config:
 [1] i686-pc-linux-gnu-4.3.4 *
 [2] i686-pc-linux-gnu-4.3.4-hardenednopie
 [3] i686-pc-linux-gnu-4.3.4-vanilla

I again re-emerged everything about Haskell with i686-pc-linux-gnu-4.3.4-vanilla and it is okay. Maybe some more tricks should be add in ghc ebuilds?

Thank you.

Comment 1 Hongjiu Zhang 2009-11-23 08:07:54 UTC

Upstream bug: http://hackage.haskell.org/trac/ghc/ticket/3668

Comment 2 Hongjiu Zhang 2009-11-27 17:02:16 UTC

Created attachment 211342 [details]
fixed ebuild

Add a sed to fix ghc.wrapper in order to enable buildin-time cflags and ldflags for finally ghc. The trick is in ghc-6.6 and ghc-6.8, but not in 6.10.

diff to show the change:
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/ghc/ghc-6.10.4.ebuild,v 1.4 2009/09/16 06:50:28 kolmodin Exp $
+# $Header: $
 
 # Brief explanation of the bootstrap logic:
 #
@@ -171,6 +171,10 @@
 				|| die "Relocating ghc from /usr to workdir failed"
 		fi
 
+		# Modify the ghc driver script to use GHC_CFLAGS
+		sed -i -e "s|wrapped|wrapped ${GHC_CFLAGS}|" \
+	                "${S}/ghc/ghc.wrapper"
+
 		# Hack to prevent haddock being installed, remove when ./configure
 		# supports something better to not build docs or haddock.
 		sed -i -e 's/DO_NOT_INSTALL =/DO_NOT_INSTALL = haddock/' \

Comment 3 Hongjiu Zhang 2009-11-27 17:04:13 UTC

New ebuild should fixed the problem. Already tested on Hardened and build yi correctly. I think it won't break other packages but I am not sure. At least my system is okay.

Thanks to ivanm, trofi^w, dcoutts and igloo for help. Hope this bug solved.

Comment 4 Hongjiu Zhang 2009-11-28 09:04:57 UTC

Created attachment 211394 [details]
new ebuild

Sorry, remove the ppc64 patch as the parameter is already in GHC_FLAGS.

Comment 5 Hongjiu Zhang 2009-11-28 11:57:54 UTC

Created attachment 211406 [details]
6.12's edition.

Comment 6 Lennart Kolmodin (RETIRED) gentoo-dev

2009-12-01 07:40:08 UTC

So GHC was able to build itself successfully, but then you had trouble to actually use it to compile things.

I see we had a similar solution earlier, in ghc 6.6.1 and 6.8.3, sorry for your troubles.

I'll get it tested on my machine too, and then get it committed.
I'm sure you fixed a lot of other issues as well with your patch, thanks!

Comment 7 Hongjiu Zhang 2009-12-04 09:50:01 UTC

I don't know whether it is posibble to add a new variable in make.conf called HSFLAGS for Haskell. Imho flags about arches should be portage-only settings and never affect users' compiling.
    Since the wrapper script works like gcc's specs to set up the default behaviour of ghc, while specs have many things to do with hardened stuff, we can put some flags like "-optl-nopie" in it; however, maybe we should not add things like "-optc-march" or "-optc-pipe" in the script, which is not set in gcc's specs but CFLAGS. This might be hard, and associated with Portage devs.
    Or maybe we can add some functions to haskell.eclass. They can dynamically create a list of flags according to the current portage settings. While building haskell packages, these flags are applied, while users' own compiling won't use it.

Some suggestions. :)

Thanks.

Comment 8 Lennart Kolmodin (RETIRED) gentoo-dev

2009-12-05 09:29:39 UTC

Fixed and committed to portage.
Please reopen if it did not fix the issue.

(In reply to comment #7)
>     Or maybe we can add some functions to haskell.eclass. They can dynamically
> create a list of flags according to the current portage settings. While
> building haskell packages, these flags are applied, while users' own compiling
> won't use it.
Usually you set the flags once and don't change them. Most of the flags are dropped anyway, we just want the arch and ABI flags. Those remain constant with your system. Many other flags makes ghc break in various ways.

Thanks again!