1 |
> The email I replied to was originally posted by "Hinnerk van Bruinehsen". |
2 |
|
3 |
Crazy, gmail is acting like it was in response to my message about |
4 |
compiling firefox. Sorry about that. |
5 |
|
6 |
- Grant |
7 |
|
8 |
|
9 |
> Let's see my question in details, that might clarify it. Here is the part |
10 |
> of the ebuild I'm asking questions about: |
11 |
> |
12 |
> " |
13 |
> if [[ $(gcc-major-version) -lt 4 ]]; then |
14 |
> append-cxxflags -fno-stack-protector |
15 |
> elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 |
16 |
> ]]; then |
17 |
> if use amd64 || use x86; then |
18 |
> append-flags -mno-avx |
19 |
> fi |
20 |
> fi |
21 |
> " |
22 |
> |
23 |
> Break it down: |
24 |
> |
25 |
> " |
26 |
> if [[ $(gcc-major-version) -lt 4 ]]; then |
27 |
> append-cxxflags -fno-stack-protector |
28 |
> " |
29 |
> The first part is a historical remnant from times before Zorry. We used |
30 |
> gcc-3.4.6 for a long time. It used a different implementation for SSP. |
31 |
> |
32 |
> " |
33 |
> elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 |
34 |
> ]]; then |
35 |
> if use amd64 || use x86; then |
36 |
> append-flags -mno-avx |
37 |
> fi |
38 |
> fi |
39 |
> " |
40 |
> |
41 |
> The second part disables avx optimisations if the gcc version is newer |
42 |
> than 4.3. However avx support isn't around so long and it's not mature. |
43 |
> Avx is an instruction set extension, that is getting some attention |
44 |
> lately. I'm lucky to have a system, with a capable processor. The block |
45 |
> disabling the optimisations resides right besides the stack-protector |
46 |
> statement. That's why I thought some hardened floks put it there. And I'm |
47 |
> curious about the reason. |
48 |
> |
49 |
> Of course it might be simply there, because enabling avx optimizations can |
50 |
> actually decrease performance. Like you can see it here: |
51 |
> http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1 |
52 |
> |
53 |
> Security is more important for me compared to speed. That's why I'm |
54 |
> interested in any security effect of a compiler option (like creating |
55 |
> textrels or so). If it's a security problem, I won't use corei7-avx, but |
56 |
> rather go for simple corei7. |
57 |
> |
58 |
> Regards: |
59 |
> Dw. |
60 |
> -- |
61 |
> dr Tóth Attila, Radiológus, 06-20-825-8057 |
62 |
> Attila Toth MD, Radiologist, +36-20-825-8057 |
63 |
> |
64 |
> 2012.Február 19.(V) 19:32 időpontban Grant ezt írta: |
65 |
>>> There's a snippet in your ebuild: |
66 |
>>> "append-flags -mno-avx" |
67 |
>>> |
68 |
>>> What is the problem with avx? Is it an option counteracting with |
69 |
>>> security? |
70 |
>> |
71 |
>> I'm sorry but I'm not sure what you mean. I should change the firefox |
72 |
>> ebuild? |
73 |
>> |
74 |
>> - Grant |
75 |
>> |
76 |
>> |
77 |
>>>>>>>>> Firefox won't compile on my system due to the issue |
78 |
>>>>>>>>> described here: |
79 |
>>>>>>>>> |
80 |
>>>>>>>>> http://www.gossamer-threads.com/lists/gentoo/hardened/245060 |
81 |
>>>>>>>> |
82 |
>>>>>>>> |
83 |
>>>>>>>>> |
84 |
>>>> FWIW: I had no trouble compiling Firefox 9.0 on my amd64 system |
85 |
>>>>>>>> using the current stable 3.2.2-r1 kernel, gcc 4.5.3, |
86 |
>>>>>>>> grsec/pax enabled. |
87 |
>>>>>>> |
88 |
>>>>>>> To confirm, you aren't on a hardened profile? |
89 |
>>>>>> |
90 |
>>>>>> I am on a hardened profile, currently using |
91 |
>>>>>> hardened/linux/amd64/no-multilib/selinux profile, only running |
92 |
>>>>>> stable software. |
93 |
>>>>> |
94 |
>>>>> I don't get it then. Does anyone know why I can't compile Firefox |
95 |
>>>>> as described in the link above? This sums it up: |
96 |
>>>>> |
97 |
>>>>> "firefox-9.0 ebuild stalls at the install phase while xpcshell |
98 |
>>>>> command tops CPU usage for hours." |
99 |
>>>>> |
100 |
>>>>> Although xpcshell doesn't use any CPU for me. It just sits there |
101 |
>>>>> and the install phase doesn't proceed. |
102 |
>>>>> |
103 |
>>>>> - Grant |
104 |
>>>>> |
105 |
>>>> |
106 |
>>>> I can compile Icecat with a customized ebuild. since it's basically |
107 |
>>>> the same as Firefox, maybe that helps. Basically it disables jit. |