Re: [gentoo-hardened] glibc - gentoo-hardened - Gentoo Mailing List Archives

From:	Magnus Granberg <zorry@×××.nu>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] glibc
Date:	Wed, 08 Oct 2008 20:41:41
Message-Id:	`48ED36F7.5030302@ume.nu`
In Reply to:	[gentoo-hardened] glibc by Ernesto Rodriguez Ortiz

1

Ernesto Rodriguez Ortiz skrev:

2

> Hello here, I have some problems compiled glibc, I am trying to install a server with PaX and SELinux, I have an decompressing stage3 hardened and portage, change the profile for selinux/2007.0/x86/hardened and set the make.conf as a show down .Any idea how I can fix the problem with glibc?

3

>

4

> Portage 2.1.4.4 (selinux/2007.0/x86/hardened, gcc-3.4.6, glibc-2.6.1-r0, 2.6.25-gentoo-r7 i686)

5

> =================================================================

6

> System uname: 2.6.22-nova-r9 i686 unknown

7

> Timestamp of tree: Mon, 22 Sep 2008 01:45:01 +0000

8

> app-shells/bash:     3.2_p33

9

> dev-lang/python:     2.4.4-r6

10

> dev-python/pycrypto: 2.0.1-r6

11

> sys-apps/baselayout: 1.12.11.1

12

> sys-apps/sandbox:    1.2.18.1-r2

13

> sys-devel/autoconf:  2.61-r2

14

> sys-devel/automake:  1.10

15

> sys-devel/binutils:  2.18-r3

16

> sys-devel/gcc-config: 1.4.0-r4

17

> sys-devel/libtool:   1.5.24

18

> virtual/os-headers:  2.6.23-r3

19

> ACCEPT_KEYWORDS="x86"

20

> CBUILD="i686-pc-linux-gnu"

21

> CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"

22

> CHOST="i686-pc-linux-gnu"

23

> CONFIG_PROTECT="/etc /usr/share/X11/xkb"

24

> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"

25

> CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"

26

> DISTDIR="/usr/portage/distfiles"

27

> FEATURES="distlocks loadpolicy metadata-transfer sandbox selinux sesandbox sfperms strict unmerge-orphans userfetch"

28

> GENTOO_MIRRORS="http://10.128.50.122

29

>

30

31

> checking for .symver assembler directive... yes

32

> checking for ld --version-script... yes

33

> checking for .previous assembler directive... yes

34

> checking for .protected and .hidden assembler directive... yes

35

> checking whether __attribute__((visibility())) is supported... yes

36

> checking for broken __attribute__((visibility()))... no

37

> checking for broken __attribute__((alias()))... no

38

> checking whether to put _rtld_local into .sdata section... no

39

> checking for .preinit_array/.init_array/.fini_array support... no

40

> configure: error: Need linker with .init_array/.fini_array support.

41

>  *

42

>  * ERROR: sys-libs/glibc-2.6.1 failed.

43

>  * Call stack:

44

>  *               ebuild.sh, line   49:  Called src_compile

45

>  *             environment, line 3379:  Called eblit-run 'src_compile'

46

>  *             environment, line 1104:  Called eblit-glibc-src_compile

47

>  *       src_compile.eblit, line  181:  Called toolchain-glibc_src_compile

48

>  *       src_compile.eblit, line  120:  Called glibc_do_configure 'src_compile'

49

>  *       src_compile.eblit, line   97:  Called die

50

>  * The specific snippet of code:

51

>  *      "${S}"/configure ${myconf} || die "failed to configure glibc"

52

>  *  The die message:

53

>  *   failed to configure glibc

54

>  *

55

>  * If you need support, post the topmost build error, and the call stack if relevant.

56

>  * A complete build log is located at '/var/log/portage/sys-libs:glibc-2.6.1:20081008-153540.log'.

57

>  * The ebuild environment file is located at '/var/tmp/portage/sys-libs/glibc-2.6.1/temp/environment'.

58

>  *

59

>

60

>

61

>

62

63

Start with removeing  the -fstack-protector-all in your CFLAGS and CXXFLAGS.

64

Any hardened flag is on by the compiler and don't need to be set in your 

65

CFLAGS and CXXFLAGS.

66

67

/Magnus

1	Ernesto Rodriguez Ortiz skrev:
2	> Hello here, I have some problems compiled glibc, I am trying to install a server with PaX and SELinux, I have an decompressing stage3 hardened and portage, change the profile for selinux/2007.0/x86/hardened and set the make.conf as a show down .Any idea how I can fix the problem with glibc?
3	>
4	> Portage 2.1.4.4 (selinux/2007.0/x86/hardened, gcc-3.4.6, glibc-2.6.1-r0, 2.6.25-gentoo-r7 i686)
5	> =================================================================
6	> System uname: 2.6.22-nova-r9 i686 unknown
7	> Timestamp of tree: Mon, 22 Sep 2008 01:45:01 +0000
8	> app-shells/bash: 3.2_p33
9	> dev-lang/python: 2.4.4-r6
10	> dev-python/pycrypto: 2.0.1-r6
11	> sys-apps/baselayout: 1.12.11.1
12	> sys-apps/sandbox: 1.2.18.1-r2
13	> sys-devel/autoconf: 2.61-r2
14	> sys-devel/automake: 1.10
15	> sys-devel/binutils: 2.18-r3
16	> sys-devel/gcc-config: 1.4.0-r4
17	> sys-devel/libtool: 1.5.24
18	> virtual/os-headers: 2.6.23-r3
19	> ACCEPT_KEYWORDS="x86"
20	> CBUILD="i686-pc-linux-gnu"
21	> CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"
22	> CHOST="i686-pc-linux-gnu"
23	> CONFIG_PROTECT="/etc /usr/share/X11/xkb"
24	> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
25	> CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"
26	> DISTDIR="/usr/portage/distfiles"
27	> FEATURES="distlocks loadpolicy metadata-transfer sandbox selinux sesandbox sfperms strict unmerge-orphans userfetch"
28	> GENTOO_MIRRORS="http://10.128.50.122
29	>
30
31	> checking for .symver assembler directive... yes
32	> checking for ld --version-script... yes
33	> checking for .previous assembler directive... yes
34	> checking for .protected and .hidden assembler directive... yes
35	> checking whether __attribute__((visibility())) is supported... yes
36	> checking for broken __attribute__((visibility()))... no
37	> checking for broken __attribute__((alias()))... no
38	> checking whether to put _rtld_local into .sdata section... no
39	> checking for .preinit_array/.init_array/.fini_array support... no
40	> configure: error: Need linker with .init_array/.fini_array support.
41	> *
42	> * ERROR: sys-libs/glibc-2.6.1 failed.
43	> * Call stack:
44	> * ebuild.sh, line 49: Called src_compile
45	> * environment, line 3379: Called eblit-run 'src_compile'
46	> * environment, line 1104: Called eblit-glibc-src_compile
47	> * src_compile.eblit, line 181: Called toolchain-glibc_src_compile
48	> * src_compile.eblit, line 120: Called glibc_do_configure 'src_compile'
49	> * src_compile.eblit, line 97: Called die
50	> * The specific snippet of code:
51	> * "${S}"/configure ${myconf} \|\| die "failed to configure glibc"
52	> * The die message:
53	> * failed to configure glibc
54	> *
55	> * If you need support, post the topmost build error, and the call stack if relevant.
56	> * A complete build log is located at '/var/log/portage/sys-libs:glibc-2.6.1:20081008-153540.log'.
57	> * The ebuild environment file is located at '/var/tmp/portage/sys-libs/glibc-2.6.1/temp/environment'.
58	> *
59	>
60	>
61	>
62
63	Start with removeing the -fstack-protector-all in your CFLAGS and CXXFLAGS.
64	Any hardened flag is on by the compiler and don't need to be set in your
65	CFLAGS and CXXFLAGS.
66
67	/Magnus

Gentoo Archives: gentoo-hardened