https://bugzilla.redhat.com/show_bug.cgi?id=1239539
--- Comment #6 from Vincent Batts <[email protected]> --- here's the conversation with the tools team: ``` 2015-03-19 14:52:14 vbatts gcc 5.0.0 folks: anyone seeing issues where /usr/bin/ld is passed -r and -shared? 2015-03-19 14:52:30 vbatts i'm rebuilding golang on rawhide/f23 and hitting this 2015-03-19 14:52:45 vbatts https://groups.google.com/forum/#!topic/golang-dev/J5SKNjjhfjw has more information 2015-03-19 15:06:17 ajax whoa, someone using ld -r that isn't the kernel 2015-03-19 15:06:42 ajax ... and invoking it from gcc! 2015-03-19 15:06:51 ajax that's not a gcc5 bug it's a fedora bug 2015-03-19 15:07:45 ajax ... i think 2015-03-19 15:08:19 ajax i take it back, nothing in the magic hardened specs will add -shared 2015-03-19 15:08:43 ajax still, s/$(CC)/$(LD)/ maybe 2015-03-19 16:27:38 vbatts ajax: interesting. so, pointers? 2015-03-19 16:29:49 vbatts in fact, i'm not seeing -shared in that command 2015-03-19 16:29:56 vbatts http://pastebin.com/FFQ6R0WK 2015-03-19 16:35:12 kyle it's implied. 2015-03-19 16:35:22 kyle from redhat-hardened-cc1 2015-03-19 17:09:35 kyle dmalcolm, sorry, i keep forgetting to bring that mac mini into the lab for you. promise next wek. 2015-03-19 17:22:08 ajax kyle: no? 2015-03-19 17:22:09 ajax *cc1_options: 2015-03-19 17:22:09 ajax + %{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}} 2015-03-19 17:22:14 ajax nothing to add -shared there 2015-03-19 17:23:21 ajax vbatts: i don't know where that -shared is getting introduced, but i bet if you're angry enough with the --verbose or whaveter to gcc you can get it to emit enough stuff to find it. 2015-03-19 17:26:02 ajax or, if we're thinking zebras not horses, some change in ld might make it act as if -shared were set when it's not on the cmdline 2015-03-19 17:31:23 kyle my brain is too fried to read that. 2015-03-19 17:32:02 kyle but -shared will be implied for -pie to ld. [...] 2015-03-20 10:51:54 vbatts ajax, kyle: both the hardened specs are the same as f22, which compiles just fine 2015-03-20 10:53:51 ajax vbatts: yes. redhat-rpm-config changed though. 2015-03-20 10:56:30 ajax vbatts: i'm chasing another bug with the hardening macros atm, mind giving this a try? http://paste.fedoraproject.org/200561/86335714/raw/ 2015-03-20 10:59:37 * vbatts looks 2015-03-20 11:00:48 vbatts ah. i'm seeing this in a mock build, which may be tricky to apply that 2015-03-20 11:00:50 vbatts one sec 2015-03-20 11:01:59 ajax mockchain! 2015-03-20 11:02:42 vbatts oh? 2015-03-20 11:03:29 ajax mockchain -l /path/to/results -r fedora-rawhide-x86_64 foo.src.rpm 2015-03-20 11:03:47 ajax starts from rawhide, but then accumulates results in the -l path 2015-03-20 11:04:13 ajax so if you build something into the result dir evr newer than rawhide, that will win out on the next mockchain build into the same path 2015-03-20 11:06:22 vbatts ah 2015-03-20 11:13:42 vbatts ajax: no dice 2015-03-20 11:14:34 vbatts http://pastebin.test.redhat.com/271178 2015-03-20 11:17:59 ajax well okay, either -Wl options don't show up in specs the way i was blindly guessing they might, or line 17 is getting expanded in a context where the -r isn't around to be seen? 2015-03-20 11:28:59 vbatts just looking at the lines above that, to see if it was a prior job that failed 2015-03-20 11:29:01 vbatts http://pastebin.test.redhat.com/271184 [...] 2015-03-23 10:29:44 vbatts ajax: morning. any more thoughts on the /usr/bin/ld -r and -shared failure? 2015-03-23 10:30:37 vbatts still same issue with redhat-rpm-config.noarch 0:28-1.fc23 and gcc.x86_64 0:5.0.0-0.21.fc23 2015-03-23 10:39:15 jakub vbatts: guess redhat-rpm-config in /usr/lib/rpm/redhat/redhat-hardened-ld should not use just %{!shared:-pie} but better %{!shared:%{!r:-pie}} 2015-03-23 10:40:50 vbatts jakub: let me try that 2015-03-23 10:42:22 jakub of course that won't help packages that use -Wl,-r instead of -r, but those need to use -nostdlib too and are on their own anyway 2015-03-23 10:49:36 vbatts k. 2015-03-23 10:50:05 vbatts tried it. no dice. i think it's using -Wl,-r (and -nostdlib) 2015-03-23 10:50:32 fweimer vbatts: Does your package invoke ld directly? 2015-03-23 10:51:17 vbatts no 2015-03-23 10:54:00 vbatts http://pastebin.test.redhat.com/271444 2015-03-23 10:54:18 vbatts fweimer: ^^ 2015-03-23 11:23:28 jakub vbatts: ok, so -Wl,-r -nostdlib 2015-03-23 11:23:49 jakub vbatts: you need to filter out the -specs=/usr/lib/rpm/redhat/redhat-hardened-ld option then yourself 2015-03-23 13:26:27 vbatts jakub: interesting. though this failure doesn't not happen on f22, which has an identical /usr/lib/rpm/redhat/redhat-hardened-ld 2015-03-23 13:41:51 jakub vbatts: sure, but f22 doesn't force all packages to be "hardened", only f23 does 2015-03-23 13:42:38 jakub vbatts: in f22 only security relevant packages (suid apps, network facing daemons, apps with bad security record) explicitly request hardening 2015-03-23 13:43:08 jakub vbatts: the %{!r: fix I talked about is IMHO desirable in any case, then you can change your package to use -r instead of -Wl,-r ``` -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ golang mailing list [email protected] https://lists.fedoraproject.org/mailman/listinfo/golang
