Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 527214

Summary: flag-o-matic.eclass: strip-flags removes -nopie
Product: Gentoo Linux Reporter: Ulrich Müller <ulm>
Component: EclassesAssignee: Gentoo Toolchain Maintainers <toolchain>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Ulrich Müller gentoo-dev 2014-10-28 11:20:38 UTC 
I have the following in an ebuild:

    filter-flags -pie
    strip-flags

Now on a hardened system, filter-flags will append the -nopie flag (via the _filter-hardened function), but the subsequent strip-flags will remove it again. So, should -nopie be added to ALLOWED_FLAGS? Both -fno-PIE and -fno-pie are already there.

(Not sure if this qualifies as a bug. At least, the eclass documentation doesn't seem to require any particular calling order of functions.)
Comment 1 Anthony Basile gentoo-dev 2014-10-31 00:20:32 UTC 
(In reply to Ulrich Müller from comment #0)
> I have the following in an ebuild:
> 
>     filter-flags -pie
>     strip-flags
> 
> Now on a hardened system, filter-flags will append the -nopie flag (via the
> _filter-hardened function), but the subsequent strip-flags will remove it
> again. So, should -nopie be added to ALLOWED_FLAGS? Both -fno-PIE and
> -fno-pie are already there.
> 
> (Not sure if this qualifies as a bug. At least, the eclass documentation
> doesn't seem to require any particular calling order of functions.)


Ulrich, I'm not 100% sure what you're worried about there --- I was going to give you an analysis of the bash for strip-flags but you probably can read it better than I can!  Anyhow, adding -nopie to ALLOWED_FLAGS should do what you want.
Comment 2 Ulrich Müller gentoo-dev 2014-10-31 08:12:58 UTC 
(In reply to Anthony Basile from comment #1)
> Ulrich, I'm not 100% sure what you're worried about there ---

About calling order: strip-flags followed by filter-flags works, but the other way around it doesn't work. Which I think is surprising behaviour.

> [...]
> Anyhow, adding -nopie to ALLOWED_FLAGS should do what you want.

Ack.
Comment 3 SpanKY gentoo-dev 2014-11-01 03:45:55 UTC 
if we allow -fno-PIE, there's no reason to not also allow -nopie

http://sources.gentoo.org/eclass/flag-o-matic.eclass?r1=1.202&r2=1.203
Comment 4 Anthony Basile gentoo-dev 2014-11-01 15:32:55 UTC 
(In reply to Ulrich Müller from comment #2)
> (In reply to Anthony Basile from comment #1)
> > Ulrich, I'm not 100% sure what you're worried about there ---
> 
> About calling order: strip-flags followed by filter-flags works, but the
> other way around it doesn't work. Which I think is surprising behaviour.
> 

Oh I see, the calling order is an issue.


> > [...]
> > Anyhow, adding -nopie to ALLOWED_FLAGS should do what you want.
> 
> Ack.