Re: Build of devel/ninja and lang/gcc11 fails with latest 14-CURRENT amd64
I confirm, the attached patch fixes ports mentioned in my previous mail.
Re: Build of devel/ninja and lang/gcc11 fails with latest 14-CURRENT amd64
From: Konstantin Belousov Subject: Re: Build of devel/ninja and lang/gcc11 fails with latest 14-CURRENT amd64 Date: Sat, 13 Nov 2021 00:56:16 +0200 > Ninja builds with the following patch, other failing ports have a chance > as well. I tried it and build of devel/ninja is surely fixed. But build of lang/gcc11 still failed with same error. --- Yasuhiro Kimura
Re: Extracting base.txz files missing flags
> Maybe you missed something - you cannot change flags when your system > has security level (kern.securelevel) raised above 0. Nobody missed that since anyone can easily install default freebsd and observe... $ sysctl kern.securelevel kern.securelevel: -1 SECURITY(7) - introduction to security under FreeBSD The security levels are: -1Permanently insecure mode - always run the system in insecure mode. This is the default initial value. Thus they have no effect as shipped. Nor do the schg'd files posted interact jointly with securelevels to produce more security together. They're just a list of arbitrarily chosen anti-footshooters, and anti-malware and other security theatre, that don't really need to be managed by freebsd as such. Though the handbook security section could point to some port/pkg/mtree's if some users wanted to try making some offerings there. It would also be foolish to presume or suggest, without at least continuous formal verification etc, that any of today's OS cannot be compromised, regardless of whatever options are enabled. Even then, you have the problem of all the secret blackbox hardware aka CPU / NIC they all run on... #OpenFabs #OpenHW #OpenAudit .
Re: Build of devel/ninja and lang/gcc11 fails with latest 14-CURRENT amd64
On Sat, Nov 13, 2021 at 05:31:53AM +0900, Yasuhiro Kimura wrote: > Hello, > > I made regular weekly update of my 14-CURRENT amd64 host and poudriere > jail from main-n250481-517e52b6c21 to main-n250619-b39a93b18ef. And > after that build of devel/ninja and lang/gcc11 fails as following. > > devel/ninja: > -- > ===> Building for ninja-1.10.2,2 > ESC[1m./src/util.cc:492:3: ESC[0mESC[0;1;31merror: ESC[0mESC[1munknown type > name 'cpu_set_t'; did you mean 'cpuset_t'?E > ESC[0m > cpu_set_t set; > ESC[0;1;32m ^ > ESC[0mESC[0;32m cpuset_t > ESC[0mESC[1m/usr/include/sys/_cpuset.h:50:24: ESC[0mESC[0;1;30mnote: > ESC[0m'cpuset_t' declared hereESC[0m > typedef struct _cpuset cpuset_t; > ESC[0;1;32m ^ > ESC[0m1 error generated. > bootstrapping ninja... > warning: A compatible version of re2c (>= 0.11.3) was not found; changes to > src/*.in.cc will not affect your build. > when running: c++ -MMD -MT build/util.o -MF build/util.o.d -Wall -Wextra > -Wno-deprecated -Wno-missing-field-initializers -Wno-unused-parameter > -fno-rtti -fno-exceptions -fvisibility=hidden -pipe > '-DNINJA_PYTHON="python3.8"' -O2 -DNDEBUG -fdiagnostics-color > -I/usr/local/include -DUSE_PPOLL -DNINJA_HAVE_BROWSE -I. -O2 -pipe > -fstack-protector-strong -fno-strict-aliasing -c ./src/util.cc -o > build/util.o > Traceback (most recent call last): > File "configure.py", line 519, in > objs += cxx(name, variables=cxxvariables) > File "configure.py", line 287, in cxx > return n.build(built(name + objext), 'cxx', src(name + '.cc'), **kwargs) > File "configure.py", line 169, in build > self._run_command(self._expand(cmd, local_vars)) > File "configure.py", line 194, in _run_command > subprocess.check_call(cmdline, shell=True) > File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call > raise CalledProcessError(retcode, cmd) > subprocess.CalledProcessError: Command 'c++ -MMD -MT build/util.o -MF > build/util.o.d -Wall -Wextra -Wno-deprecated -Wno-missing-field-initializers > -Wno-unused-parameter -fno-rtti -fno-exceptions -fvisibility=hidden -pipe > '-DNINJA_PYTHON="python3.8"' -O2 -DNDEBUG -fdiagnostics-color > -I/usr/local/include -DUSE_PPOLL -DNINJA_HAVE_BROWSE -I. -O2 -pipe > -fstack-protector-strong -fno-strict-aliasing -c ./src/util.cc -o > build/util.o' returned non-zero exit status 1. > *** Error code 1 > > Stop. > make: stopped in /usr/ports/devel/ninja > -- > > lang/gcc11: > -- > /wrkdirs/usr/ports/lang/gcc11/work/.build/./prev-gcc/xg++ > -B/wrkdirs/usr/ports/lang/gcc11/work/.build/./prev-gcc/ > -B/usr/local/x86_64-portbld-freebsd14.0/bin/ -nostdinc++ > -B/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/src/.libs > > -B/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/libsupc++/.libs > -isystem > /wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/include/x86_64-portbld-freebsd14.0 > -isystem > /wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/include > -isystem > /wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/libstdc++-v3/libsupc++ > -L/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/src/.libs > > -L/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/libsupc++/.libs > -fno-PIE -c -DIN_GCC_FRONTEND -g -O2 -fno-checking -gtoggle -DIN_GCC -fPIC >-fno-exceptions -fno-rtti -fasynchronous-unwind-tables -W -Wall > -Wno-narrowing -Wwrite-strings -Wcast-qual -Wno-error=format-diag > -Wmissing-format-attribute -Woverloaded-virtual -pedantic -Wno-long-long > -Wno-variadic-macros -Wno-overlength-strings -DHAVE_CONFIG_H -I. -Ijit > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/jit > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../include > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libcpp/include > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libcody > -I/usr/local/include > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libdecnumber > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libdecnumber/dpd > -I../libdecnumber > -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libbacktrace > -DLIBICONV_PLUG -o jit/libgccjit.o -MT jit/libgccjit.o -MMD -MP -MF > jit/.deps/libgccjit.TPo > /wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/jit/libgccjit.c > In file included from /usr/include/sys/cpuset.h:39, > from /usr/include/sched.h:36, > from /usr/include/pthread.h:48, > from > /wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/jit/libgccjit.c:27:
Re: Extracting base.txz files missing flags
On 12/11/2021 22:33, grarpamp wrote: Flags are not security since root will bypass everything. Maybe you missed something - you cannot change flags when your system has security level (kern.securelevel) raised above 0. And this level cannot be lowered on running system, only at boot time. Also kernel modules cannot be loaded. See "man security" for more. While some may beg for anti-footshooting, but where might that cry end up... chflags -Rhx schg / . Nor should freebsd fill that role when local admins know best for and given their own individual environments. If local tendency is to run around as root and disrupt your filesystems so bad that even these... ./libexec/ld-elf.so.1 ./libexec/ld-elf32.so.1 ... get routinely wrecked, then you have bigger local problems to work on than freebsd can help you with :) Kind regards Miroslav Lachman
Re: Extracting base.txz files missing flags
On Fri, Nov 12, 2021 at 09:04:47PM +0100, Herbert J. Skuhra wrote: > On Fri, 12 Nov 2021 20:22:38 +0100, "Herbert J. Skuhra" wrote: > > > > Hi! > > > > # uname -rms > > FreeBSD 12.2-RELEASE-p10 amd64 > > > > # cd tmp > > # fetch > > https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz > > # tar -xzvf base.txz > > # find . -flags schg > > ./sbin/init > > ./var/empty > > ./usr/bin/opieinfo > > ./usr/bin/passwd > > ./usr/bin/su > > ./usr/bin/chpass > > ./usr/bin/opiepasswd > > ./usr/bin/login > > ./usr/bin/crontab > > ./usr/lib/librt.so.1 > > ./libexec/ld-elf.so.1 > > ./libexec/ld-elf32.so.1 > > ./lib/libc.so.7 > > ./lib/libcrypt.so.5 > > ./lib/libthr.so.3 > > > > On 13.0-STABLE (stable/13-n247985-ef1134110e80): > > > > # cd tmp > > # fetch > > https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz > > # tar -xzvf base.txz > > # find . -flags schg > > ./var/empty > > > > On 14.0-CURRENT (main-n250458-c441592a0e15): > > > > # cd tmp > > # fetch > > https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz > > # tar -xzvf base.txz > > # find . -flags schg > > # find . -flags schg,uarch > > ./var/empty > > > > PBKAC or bug? > > 12.3-RC1 (r371003): also affected > 13.0-RELEASE (releng/13.0-n244733-ea31abc261f): OK This seems to be a libarchive bug, somewhere in the extraction code. I can reproduce it trivially on UFS or ZFS and in a debugger I can see that SF_IMMUTABLE is present during extraction. There is some deferral logic to ensure that setting SF_IMMUTABLE is one of the last steps during extract, and the problem seems to be related to that mechanism.
Re: Extracting base.txz files missing flags
Flags are not security since root will bypass everything. While some may beg for anti-footshooting, but where might that cry end up... chflags -Rhx schg / . Nor should freebsd fill that role when local admins know best for and given their own individual environments. If local tendency is to run around as root and disrupt your filesystems so bad that even these... > ./libexec/ld-elf.so.1 > ./libexec/ld-elf32.so.1 ... get routinely wrecked, then you have bigger local problems to work on than freebsd can help you with :) nb: /var/empty is an ssh make install-time thing, that mtree might have picked up, but sshd itself doesn't check or require schg [theatre] there. tar should probably get an extended verbose mode format that lists all metadata that is extractable to disk, such as flags.
Re: Build of devel/ninja and lang/gcc11 fails with latest 14-CURRENT amd64
Ports graphics/cairo, multimedia/ffmpeg, www/firefox are also affected.
Build of devel/ninja and lang/gcc11 fails with latest 14-CURRENT amd64
Hello, I made regular weekly update of my 14-CURRENT amd64 host and poudriere jail from main-n250481-517e52b6c21 to main-n250619-b39a93b18ef. And after that build of devel/ninja and lang/gcc11 fails as following. devel/ninja: -- ===> Building for ninja-1.10.2,2 ESC[1m./src/util.cc:492:3: ESC[0mESC[0;1;31merror: ESC[0mESC[1munknown type name 'cpu_set_t'; did you mean 'cpuset_t'?E ESC[0m cpu_set_t set; ESC[0;1;32m ^ ESC[0mESC[0;32m cpuset_t ESC[0mESC[1m/usr/include/sys/_cpuset.h:50:24: ESC[0mESC[0;1;30mnote: ESC[0m'cpuset_t' declared hereESC[0m typedef struct _cpuset cpuset_t; ESC[0;1;32m ^ ESC[0m1 error generated. bootstrapping ninja... warning: A compatible version of re2c (>= 0.11.3) was not found; changes to src/*.in.cc will not affect your build. when running: c++ -MMD -MT build/util.o -MF build/util.o.d -Wall -Wextra -Wno-deprecated -Wno-missing-field-initializers -Wno-unused-parameter -fno-rtti -fno-exceptions -fvisibility=hidden -pipe '-DNINJA_PYTHON="python3.8"' -O2 -DNDEBUG -fdiagnostics-color -I/usr/local/include -DUSE_PPOLL -DNINJA_HAVE_BROWSE -I. -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -c ./src/util.cc -o build/util.o Traceback (most recent call last): File "configure.py", line 519, in objs += cxx(name, variables=cxxvariables) File "configure.py", line 287, in cxx return n.build(built(name + objext), 'cxx', src(name + '.cc'), **kwargs) File "configure.py", line 169, in build self._run_command(self._expand(cmd, local_vars)) File "configure.py", line 194, in _run_command subprocess.check_call(cmdline, shell=True) File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'c++ -MMD -MT build/util.o -MF build/util.o.d -Wall -Wextra -Wno-deprecated -Wno-missing-field-initializers -Wno-unused-parameter -fno-rtti -fno-exceptions -fvisibility=hidden -pipe '-DNINJA_PYTHON="python3.8"' -O2 -DNDEBUG -fdiagnostics-color -I/usr/local/include -DUSE_PPOLL -DNINJA_HAVE_BROWSE -I. -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -c ./src/util.cc -o build/util.o' returned non-zero exit status 1. *** Error code 1 Stop. make: stopped in /usr/ports/devel/ninja -- lang/gcc11: -- /wrkdirs/usr/ports/lang/gcc11/work/.build/./prev-gcc/xg++ -B/wrkdirs/usr/ports/lang/gcc11/work/.build/./prev-gcc/ -B/usr/local/x86_64-portbld-freebsd14.0/bin/ -nostdinc++ -B/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/src/.libs -B/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/libsupc++/.libs -isystem /wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/include/x86_64-portbld-freebsd14.0 -isystem /wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/include -isystem /wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/libstdc++-v3/libsupc++ -L/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/src/.libs -L/wrkdirs/usr/ports/lang/gcc11/work/.build/prev-x86_64-portbld-freebsd14.0/libstdc++-v3/libsupc++/.libs -fno-PIE -c -DIN_GCC_FRONTEND -g -O2 -fno-checking -gtoggle -DIN_GCC -fPIC -fno-exceptions -fno-rtti -fasynchronous-unwind-tables -W -Wall -Wno-narrowing -Wwrite-strings -Wcast-qual -Wno-error=format-diag -Wmissing-format-attribute -Woverloaded-virtual -pedantic -Wno-long-long -Wno-variadic-macros -Wno-overlength-strings -DHAVE_CONFIG_H -I. -Ijit -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/jit -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../include -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libcpp/include -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libcody -I/usr/local/include -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libdecnumber -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libdecnumber/dpd -I../libdecnumber -I/wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/../libbacktrace -DLIBICONV_PLUG -o jit/libgccjit.o -MT jit/libgccjit.o -MMD -MP -MF jit/.deps/libgccjit.TPo /wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/jit/libgccjit.c In file included from /usr/include/sys/cpuset.h:39, from /usr/include/sched.h:36, from /usr/include/pthread.h:48, from /wrkdirs/usr/ports/lang/gcc11/work/gcc-11.2.0/gcc/jit/libgccjit.c:27: /usr/include/sys/bitset.h:314:41: error: attempt to use poisoned "malloc" 314 | #define BITSET_ALLOC(_s, mt, mf)malloc(BITSET_SIZE((_s)), mt, (mf)) | ^ gmake[4]: *** [Makefile:1142: jit/libgccjit.o
Re: Extracting base.txz files missing flags
On Fri, 12 Nov 2021 20:22:38 +0100, "Herbert J. Skuhra" wrote: > > Hi! > > # uname -rms > FreeBSD 12.2-RELEASE-p10 amd64 > > # cd tmp > # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz > # tar -xzvf base.txz > # find . -flags schg > ./sbin/init > ./var/empty > ./usr/bin/opieinfo > ./usr/bin/passwd > ./usr/bin/su > ./usr/bin/chpass > ./usr/bin/opiepasswd > ./usr/bin/login > ./usr/bin/crontab > ./usr/lib/librt.so.1 > ./libexec/ld-elf.so.1 > ./libexec/ld-elf32.so.1 > ./lib/libc.so.7 > ./lib/libcrypt.so.5 > ./lib/libthr.so.3 > > On 13.0-STABLE (stable/13-n247985-ef1134110e80): > > # cd tmp > # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz > # tar -xzvf base.txz > # find . -flags schg > ./var/empty > > On 14.0-CURRENT (main-n250458-c441592a0e15): > > # cd tmp > # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz > # tar -xzvf base.txz > # find . -flags schg > # find . -flags schg,uarch > ./var/empty > > PBKAC or bug? 12.3-RC1 (r371003): also affected 13.0-RELEASE (releng/13.0-n244733-ea31abc261f): OK -- Herbert
Extracting base.txz files missing flags
Hi! # uname -rms FreeBSD 12.2-RELEASE-p10 amd64 # cd tmp # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz # tar -xzvf base.txz # find . -flags schg ./sbin/init ./var/empty ./usr/bin/opieinfo ./usr/bin/passwd ./usr/bin/su ./usr/bin/chpass ./usr/bin/opiepasswd ./usr/bin/login ./usr/bin/crontab ./usr/lib/librt.so.1 ./libexec/ld-elf.so.1 ./libexec/ld-elf32.so.1 ./lib/libc.so.7 ./lib/libcrypt.so.5 ./lib/libthr.so.3 On 13.0-STABLE (stable/13-n247985-ef1134110e80): # cd tmp # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz # tar -xzvf base.txz # find . -flags schg ./var/empty On 14.0-CURRENT (main-n250458-c441592a0e15): # cd tmp # fetch https://download.freebsd.org/ftp/releases/amd64/13.0-RELEASE/base.txz # tar -xzvf base.txz # find . -flags schg # find . -flags schg,uarch ./var/empty PBKAC or bug? -- Herbert