dear bug-wranglers, please assign to hardened team /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/srclib/apr/libtool --silent --mode=compile gcc -pthread -O2 -mcpu=i686 -fomit-frame-pointer ... ... lots of compiler Include dirs and so on... ... -prefer-non-pic -static -c vhost.c && touch vhost.lo vhost.c:535: error: syntax error before numeric constant vhost.c: In function `remove_unused_name_vhosts': vhost.c:537: error: invalid type argument of `unary *' vhost.c:538: error: invalid type argument of `unary *' vhost.c:541: error: `main_s' undeclared (first use in this function) vhost.c:541: error: (Each undeclared identifier is reported only once vhost.c:541: error: for each function it appears in.) vhost.c:544: error: invalid type argument of `unary *' vhost.c:553: error: invalid lvalue in assignment make[2]: *** [vhost.lo] Error 1 full command and full stop of the emerge can be seen in the URL Reproducible: Always Steps to Reproduce: 1. emerge hardened-gcc-3.3.2.1-r1 2. emerge apache 3. blow fuse Actual Results: Reading specs from /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.2/specs Configured with: /var/tmp/portage/gcc-3.3.2-r3/work/gcc-3.3.2/configure --prefix=/usr --bindir=/usr/i386-pc-linux-gnu/gcc-bin/3.3 --includedir=/usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.2/include --datadir=/usr/share/gcc-data/i386-pc-linux-gnu/3.3 --mandir=/usr/share/gcc-data/i386-pc-linux-gnu/3.3/man --infodir=/usr/share/gcc-data/i386-pc-linux-gnu/3.3/info --enable-shared --host=i386-pc-linux-gnu --target=i386-pc-linux-gnu --with-system-zlib --enable-languages=c,c++,f77,objc,java --enable-threads=posix --enable-long-long --disable-checking --enable-cstdio=stdio --enable-clocale=generic --enable-__cxa_atexit --enable-version-specific-runtime-libs --with-gxx-include-dir=/usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.2/include/g++-v3 --with-local-prefix=/usr/local --enable-shared --enable-nls --without-included-gettext --x-includes=/usr/X11R6/include --x-libraries=/usr/X11R6/lib --enable-interpreter --enable-java-awt=xlib --with-x --disable-multilib Thread model: posix gcc version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice) /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.2/cc1 -quiet -v -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/srclib/apr/include -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/srclib/apr-util/include -I. -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/os/unix -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/server/mpm/prefork -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/http -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/filters -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/proxy -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/include -I/usr/include/openssl -I/var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/dav/main -D__GNUC__=3 -D__GNUC_MINOR__=3 -D__GNUC_PATCHLEVEL__=2 -D__PIC__ -D__pic__ -DPIC -Dpic -D_REENTRANT -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER vhost.c -fPIC -fpie -fstack-protector -fstack-protector-all -fforce-addr -quiet -dumpbase vhost.c -mcpu=i686 -auxbase-strip .libs/vhost.lo -O2 -version -fomit-frame-pointer -o /tmp/ccddfeSr.s GNU C version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice) (i386-pc-linux-gnu) compiled by GNU C version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice). GGC heuristics: --param ggc-min-expand=64 --param ggc-min-heapsize=64322 ignoring nonexistent directory "/usr/local/include" ignoring nonexistent directory "/usr/i386-pc-linux-gnu/include" #include "..." search starts here: #include <...> search starts here: /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/srclib/apr/include /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/srclib/apr-util/include . /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/os/unix /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/server/mpm/prefork /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/http /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/filters /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/proxy /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/include /usr/include/openssl /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/modules/dav/main /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.2/include /usr/include End of search list. vhost.c:535: error: syntax error before numeric constant vhost.c: In function `remove_unused_name_vhosts': vhost.c:537: error: invalid type argument of `unary *' vhost.c:538: error: invalid type argument of `unary *' vhost.c:541: error: `main_s' undeclared (first use in this function) vhost.c:541: error: (Each undeclared identifier is reported only once vhost.c:541: error: for each function it appears in.) vhost.c:544: error: invalid type argument of `unary *' vhost.c:553: error: invalid lvalue in assignment the problem is that even if libtool is given -static and -prefer-non-pic, the gcc specs are still triggered with automatic PIE and PIC and SSP compiling Expected Results: should have worked 11:53:08 [/usr/local/chroots/chroot001:13996.pty-s3.epoch] epoch /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/server # emerge info Portage 2.0.49-r18 (hardened-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.22) ================================================================= System uname: 2.4.22 i686 Pentium III (Coppermine) Gentoo Base System version 1.4.3.12 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer" CHOST="i386-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync9.de.gentoo.org/gentoo-portage" USE="X berkdb crypt gdbm gtk java libwww nls opengl pam perl python readline sdl ssl tcpd tetex x86 zlib"
the -Dpie in the hcc.conf makes it bail out because the vhost.c uses an pointer for ip addresses, called "pip" which gets overburned with the -Dpic from the hcc.conf manipulated specs file voila, fast return of investment! in the meantime, use these safe lines in hcc.conf and reenable hcc -a 12:21:40 [/usr/local/chroots/chroot001:13996.pty-s3.epoch] epoch /var/tmp/portage/apache-2.0.48-r1/work/httpd-2.0.48/server # cat /etc/hcc.conf | grep PIC_ACTIV | grep CPP HGCC_32_DEFAULT_SPECS_CPP_SECTION_PIC_ACTIVATION="%{!yet_exec: %{!nopie: %{!static: -D__PIC__ -D__pic__ -DPIC}}}" HGCC_32_CONSERV_SPECS_CPP_SECTION_PIC_ACTIVATION="%{yet_dyn: %{!yet_exec: %{!nopie: %{!static: -D__PIC__ -D__pic__ -DPIC}}}}" HGCC_33_DEFAULT_SPECS_CPP_SECTION_PIC_ACTIVATION="%{!yet_exec: %{!nopie: %{!static: -D__PIC__ -D__pic__ -DPIC}}}" HGCC_33_CONSERV_SPECS_CPP_SECTION_PIC_ACTIVATION="%{yet_dyn: %{!yet_exec: %{!nopie: %{!static: -D__PIC__ -D__pic__ -DPIC}}}}" see that the -Dpic was removed! thanks to solar, Alex
the pointer is called "pic" pointer for ip chain not pip HTH, Alex
added to gcc-3.3.2.1-r1 in cvs, if such problems appear on your side, wait for cvs to sync and reemerge hardened-gcc, then etc-update and hardened-gcc -A thanks, Alex
re-opening to resolve invalid so it doesn't show up on 'REMIND' searches, as this has been overtaken by events (hardened compiler doesn't define '-Dpic')
bug no longer relevant; hardened gcc doesn't define -Dpic.
