Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Aaron M. Ucko]

Michael Stapelberg  writes:

> Could you provide the command line for doing this please?

Sure, no problem.

sudo apt install debootstrap debian-ports-archive-keyring

sudo debootstrap --arch=x32 --variant=buildd \
--keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg \
unstable $DIR https://deb.debian.org/debian-ports

You'll then want to establish an rbind mount for $DIR/dev and regular
bind mounts for, at minimum, $DIR/proc and $DIR/sys.  (You might
consider doing the same for $DIR/home and $DIR/tmp.)

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Michael Stapelberg]

Could you provide the command line for doing this please?

On Mon, Nov 13, 2017 at 5:20 PM, Aaron M. Ucko  wrote:
> Michael Stapelberg  writes:
>
>> Do I understand correctly that you’re saying booting an amd64 machine
>> with syscall.x32=y should suffice to reproduce the issue?
>
> AIUI, that setting should let you work in a local x32 chroot, though you
> will of course have to set it up first via debootstrap or the like.
>
> --
> Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
> http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu



-- 
Best regards,
Michael

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Aaron M. Ucko]

Michael Stapelberg  writes:

> Do I understand correctly that you’re saying booting an amd64 machine
> with syscall.x32=y should suffice to reproduce the issue?

AIUI, that setting should let you work in a local x32 chroot, though you
will of course have to set it up first via debootstrap or the like.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Michael Stapelberg]

Do I understand correctly that you’re saying booting an amd64 machine
with syscall.x32=y should suffice to reproduce the issue?

On Sun, Nov 12, 2017 at 6:17 PM, Aaron M. Ucko  wrote:
> Michael Stapelberg  writes:
>
>> ucko, what’s the procedure here? How can Steffen get access to a
>> machine on which to reproduce this issue?
>
> Good question.  Technically, x32 is an alternate ABI for amd64, so the
> amd64 porter box could in principle additionally host x32 chroots.
> However, to do so, it would need an explicit kernel command line setting
> (syscall.x32=y), since x32 binary support is off by default for now to
> avoid adding a potential attack vector for little practical gain.
>
> I'm not an official porter or buildd maintainer, and don't know what
> setup they use, sorry.
>
> --
> Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
> http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu



-- 
Best regards,
Michael

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Aaron M. Ucko]

Michael Stapelberg  writes:

> ucko, what’s the procedure here? How can Steffen get access to a
> machine on which to reproduce this issue?

Good question.  Technically, x32 is an alternate ABI for amd64, so the
amd64 porter box could in principle additionally host x32 chroots.
However, to do so, it would need an explicit kernel command line setting
(syscall.x32=y), since x32 binary support is off by default for now to
avoid adding a potential attack vector for little practical gain.

I'm not an official porter or buildd maintainer, and don't know what
setup they use, sorry.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Michael Stapelberg]

Sorry, I just realized we don’t actually have an x32 porterbox listed
at https://db.debian.org/machines.cgi.

ucko, what’s the procedure here? How can Steffen get access to a
machine on which to reproduce this issue?

Thanks.

On Fri, Nov 10, 2017 at 5:30 PM, Michael Stapelberg
 wrote:
> You can get a guest account on Debian porter machines (we have one for
> each architecture which Debian supports). Please follow
> https://dsa.debian.org/doc/guest-account/, I’m happy to sponsor your
> request.
>
> On Fri, Nov 10, 2017 at 5:26 PM, Steffen Jaeckel  wrote:
>> On 10/18/2017 05:31 PM, Michael Stapelberg wrote:
>>> [+cc steffen, karel]
>>>
>>> Any clues about this build failure?
>>>
>>> On Wed, Oct 18, 2017 at 8:22 AM, Aaron M. Ucko  wrote:
 Source: libtomcrypt
 Version: 1.18-1
 Severity: important
 Justification: fails to build from source (but built successfully in the 
 past)
 User: debian-...@lists.debian.or

 The latest build of libtomcrypt for x32 (admittedly not a release
 architecture) failed per the below excerpts from
 https://buildd.debian.org/status/fetch.php?pkg=libtomcrypt=x32=1.18.0-1=1508165690=0:

   libtool: compile:  gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow 
 -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align 
 -Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement 
 -Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer 
 -DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<>=. 
 -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
 -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
 -D_FORTIFY_SOURCE=2 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
 -Wl,-z,now -c src/ciphers/aes/aes.c  -fPIC -DPIC -o 
 src/ciphers/aes/.libs/aes.o
   [...]
   libtool --mode=link --tag=CC gcc -I./src/headers/ -Wall -Wsign-compare 
 -Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast 
 -Wcast-align -Wstrict-prototypes -Wpointer-arith 
 -Wdeclaration-after-statement -Wwrite-strings -Wno-type-limits -O3 
 -funroll-loops -fomit-frame-pointer -DGIT_VERSION=\"1.18.0\" -g -O2 
 -fdebug-prefix-map=/<>=. 
 -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
 -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
 -D_FORTIFY_SOURCE=2  -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
 -Wl,-z,now src/ciphers/aes/aes.lo src/ciphers/aes/aes_enc.lo 
 src/ciphers/anubis.lo [...] src/stream/sober128/sober128_test.lo -lgmp 
 -ltommath -o libtomcrypt.la -rpath /usr/local/lib -version-info 1:0
   libtool: link: gcc -shared  -fPIC -DPIC  src/ciphers/aes/.libs/aes.o 
 src/ciphers/aes/.libs/aes_enc.o src/ciphers/.libs/anubis.o [...] 
 src/stream/sober128/.libs/sober128_test.o   -lgmp -ltommath  -O3 -g -O2 
 -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong 
 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z -Wl,relro -Wl,-z -Wl,now   
 -Wl,-soname -Wl,libtomcrypt.so.1 -o .libs/libtomcrypt.so.1.0.0
   /usr/bin/ld: src/ciphers/aes/.libs/aes.o: relocation R_X86_64_PC32 
 against symbol `rijndael_setup' can not be used when making a shared 
 object; recompile with -fPIC
   /usr/bin/ld: final link failed: Bad value
   collect2: error: ld returned 1 exit status

 I'm not sure why the linker's complaining about missing an option you
 did in fact supply, but perhaps the use of pie-*.specs is somehow
 throwing things off; please try forgoing PIE on x32 for now.

 Thanks!

 --
 Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
 http://www.mit.edu/~amu/ | 
 http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
>>
>> Any updates on this?
>>
>> I built the library with x32 support on my local machine and that
>> works as expected
>>
>>> $ file .libs/test
>>> .libs/test: ELF 32-bit LSB executable, x86-64, version 1 (SYSV),
>> dynamically linked, interpreter /libx32/ld-linux-x32.so.2, for GNU/Linux
>> 3.4.0, BuildID[sha1]=e747673ddc8a354679b2e0f97b12886a7c6273c2, not stripped
>>> $ gcc -dumpversion
>>> 5.4.0
>>
>>
>> Can I somehow create this exact environment locally so I can try to
>> reproduce?
>>
>> --
>> Steffen Jaeckel - s_jaec...@gmx.de
>> GnuPG fingerprint:  C438 6A23 7ED4 3A47 5541 B942 7B2C D0DD 4BCF F59B
>> My OTR key has changed on 30. Sept. 2015!
>> jabber: jaec...@jabber.ccc.de F052DE29 4FA9A02D 44A794E5 AE5AC0FB C5865C64
>
>
>
> --
> Best regards,
> Michael



-- 
Best regards,
Michael

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Michael Stapelberg]

You can get a guest account on Debian porter machines (we have one for
each architecture which Debian supports). Please follow
https://dsa.debian.org/doc/guest-account/, I’m happy to sponsor your
request.

On Fri, Nov 10, 2017 at 5:26 PM, Steffen Jaeckel  wrote:
> On 10/18/2017 05:31 PM, Michael Stapelberg wrote:
>> [+cc steffen, karel]
>>
>> Any clues about this build failure?
>>
>> On Wed, Oct 18, 2017 at 8:22 AM, Aaron M. Ucko  wrote:
>>> Source: libtomcrypt
>>> Version: 1.18-1
>>> Severity: important
>>> Justification: fails to build from source (but built successfully in the 
>>> past)
>>> User: debian-...@lists.debian.or
>>>
>>> The latest build of libtomcrypt for x32 (admittedly not a release
>>> architecture) failed per the below excerpts from
>>> https://buildd.debian.org/status/fetch.php?pkg=libtomcrypt=x32=1.18.0-1=1508165690=0:
>>>
>>>   libtool: compile:  gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow 
>>> -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align 
>>> -Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement 
>>> -Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer 
>>> -DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<>=. 
>>> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
>>> -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
>>> -D_FORTIFY_SOURCE=2 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
>>> -Wl,-z,now -c src/ciphers/aes/aes.c  -fPIC -DPIC -o 
>>> src/ciphers/aes/.libs/aes.o
>>>   [...]
>>>   libtool --mode=link --tag=CC gcc -I./src/headers/ -Wall -Wsign-compare 
>>> -Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast 
>>> -Wcast-align -Wstrict-prototypes -Wpointer-arith 
>>> -Wdeclaration-after-statement -Wwrite-strings -Wno-type-limits -O3 
>>> -funroll-loops -fomit-frame-pointer -DGIT_VERSION=\"1.18.0\" -g -O2 
>>> -fdebug-prefix-map=/<>=. 
>>> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
>>> -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
>>> -D_FORTIFY_SOURCE=2  -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
>>> -Wl,-z,now src/ciphers/aes/aes.lo src/ciphers/aes/aes_enc.lo 
>>> src/ciphers/anubis.lo [...] src/stream/sober128/sober128_test.lo -lgmp 
>>> -ltommath -o libtomcrypt.la -rpath /usr/local/lib -version-info 1:0
>>>   libtool: link: gcc -shared  -fPIC -DPIC  src/ciphers/aes/.libs/aes.o 
>>> src/ciphers/aes/.libs/aes_enc.o src/ciphers/.libs/anubis.o [...] 
>>> src/stream/sober128/.libs/sober128_test.o   -lgmp -ltommath  -O3 -g -O2 
>>> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong 
>>> -specs=/usr/share/dpkg/pie-link.specs -Wl,-z -Wl,relro -Wl,-z -Wl,now   
>>> -Wl,-soname -Wl,libtomcrypt.so.1 -o .libs/libtomcrypt.so.1.0.0
>>>   /usr/bin/ld: src/ciphers/aes/.libs/aes.o: relocation R_X86_64_PC32 
>>> against symbol `rijndael_setup' can not be used when making a shared 
>>> object; recompile with -fPIC
>>>   /usr/bin/ld: final link failed: Bad value
>>>   collect2: error: ld returned 1 exit status
>>>
>>> I'm not sure why the linker's complaining about missing an option you
>>> did in fact supply, but perhaps the use of pie-*.specs is somehow
>>> throwing things off; please try forgoing PIE on x32 for now.
>>>
>>> Thanks!
>>>
>>> --
>>> Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
>>> http://www.mit.edu/~amu/ | 
>>> http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
>
> Any updates on this?
>
> I built the library with x32 support on my local machine and that
> works as expected
>
>> $ file .libs/test
>> .libs/test: ELF 32-bit LSB executable, x86-64, version 1 (SYSV),
> dynamically linked, interpreter /libx32/ld-linux-x32.so.2, for GNU/Linux
> 3.4.0, BuildID[sha1]=e747673ddc8a354679b2e0f97b12886a7c6273c2, not stripped
>> $ gcc -dumpversion
>> 5.4.0
>
>
> Can I somehow create this exact environment locally so I can try to
> reproduce?
>
> --
> Steffen Jaeckel - s_jaec...@gmx.de
> GnuPG fingerprint:  C438 6A23 7ED4 3A47 5541 B942 7B2C D0DD 4BCF F59B
> My OTR key has changed on 30. Sept. 2015!
> jabber: jaec...@jabber.ccc.de F052DE29 4FA9A02D 44A794E5 AE5AC0FB C5865C64



-- 
Best regards,
Michael

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Steffen Jaeckel]

On 10/18/2017 05:31 PM, Michael Stapelberg wrote:
> [+cc steffen, karel]
> 
> Any clues about this build failure?
> 
> On Wed, Oct 18, 2017 at 8:22 AM, Aaron M. Ucko  wrote:
>> Source: libtomcrypt
>> Version: 1.18-1
>> Severity: important
>> Justification: fails to build from source (but built successfully in the 
>> past)
>> User: debian-...@lists.debian.or
>>
>> The latest build of libtomcrypt for x32 (admittedly not a release
>> architecture) failed per the below excerpts from
>> https://buildd.debian.org/status/fetch.php?pkg=libtomcrypt=x32=1.18.0-1=1508165690=0:
>>
>>   libtool: compile:  gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow 
>> -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align 
>> -Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement 
>> -Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer 
>> -DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<>=. 
>> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
>> -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
>> -D_FORTIFY_SOURCE=2 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
>> -Wl,-z,now -c src/ciphers/aes/aes.c  -fPIC -DPIC -o 
>> src/ciphers/aes/.libs/aes.o
>>   [...]
>>   libtool --mode=link --tag=CC gcc -I./src/headers/ -Wall -Wsign-compare 
>> -Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast 
>> -Wcast-align -Wstrict-prototypes -Wpointer-arith 
>> -Wdeclaration-after-statement -Wwrite-strings -Wno-type-limits -O3 
>> -funroll-loops -fomit-frame-pointer -DGIT_VERSION=\"1.18.0\" -g -O2 
>> -fdebug-prefix-map=/<>=. 
>> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
>> -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
>> -D_FORTIFY_SOURCE=2  -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
>> -Wl,-z,now src/ciphers/aes/aes.lo src/ciphers/aes/aes_enc.lo 
>> src/ciphers/anubis.lo [...] src/stream/sober128/sober128_test.lo -lgmp 
>> -ltommath -o libtomcrypt.la -rpath /usr/local/lib -version-info 1:0
>>   libtool: link: gcc -shared  -fPIC -DPIC  src/ciphers/aes/.libs/aes.o 
>> src/ciphers/aes/.libs/aes_enc.o src/ciphers/.libs/anubis.o [...] 
>> src/stream/sober128/.libs/sober128_test.o   -lgmp -ltommath  -O3 -g -O2 
>> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong 
>> -specs=/usr/share/dpkg/pie-link.specs -Wl,-z -Wl,relro -Wl,-z -Wl,now   
>> -Wl,-soname -Wl,libtomcrypt.so.1 -o .libs/libtomcrypt.so.1.0.0
>>   /usr/bin/ld: src/ciphers/aes/.libs/aes.o: relocation R_X86_64_PC32 against 
>> symbol `rijndael_setup' can not be used when making a shared object; 
>> recompile with -fPIC
>>   /usr/bin/ld: final link failed: Bad value
>>   collect2: error: ld returned 1 exit status
>>
>> I'm not sure why the linker's complaining about missing an option you
>> did in fact supply, but perhaps the use of pie-*.specs is somehow
>> throwing things off; please try forgoing PIE on x32 for now.
>>
>> Thanks!
>>
>> --
>> Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
>> http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Any updates on this?

I built the library with x32 support on my local machine and that
works as expected

> $ file .libs/test
> .libs/test: ELF 32-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked, interpreter /libx32/ld-linux-x32.so.2, for GNU/Linux
3.4.0, BuildID[sha1]=e747673ddc8a354679b2e0f97b12886a7c6273c2, not stripped
> $ gcc -dumpversion
> 5.4.0


Can I somehow create this exact environment locally so I can try to
reproduce?

-- 
Steffen Jaeckel - s_jaec...@gmx.de
GnuPG fingerprint:  C438 6A23 7ED4 3A47 5541 B942 7B2C D0DD 4BCF F59B
My OTR key has changed on 30. Sept. 2015!
jabber: jaec...@jabber.ccc.de F052DE29 4FA9A02D 44A794E5 AE5AC0FB C5865C64

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Michael Stapelberg]

[+cc steffen, karel]

Any clues about this build failure?

On Wed, Oct 18, 2017 at 8:22 AM, Aaron M. Ucko  wrote:
> Source: libtomcrypt
> Version: 1.18-1
> Severity: important
> Justification: fails to build from source (but built successfully in the past)
> User: debian-...@lists.debian.or
>
> The latest build of libtomcrypt for x32 (admittedly not a release
> architecture) failed per the below excerpts from
> https://buildd.debian.org/status/fetch.php?pkg=libtomcrypt=x32=1.18.0-1=1508165690=0:
>
>   libtool: compile:  gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow 
> -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align 
> -Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement 
> -Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer 
> -DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<>=. 
> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
> -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
> -D_FORTIFY_SOURCE=2 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
> -Wl,-z,now -c src/ciphers/aes/aes.c  -fPIC -DPIC -o 
> src/ciphers/aes/.libs/aes.o
>   [...]
>   libtool --mode=link --tag=CC gcc -I./src/headers/ -Wall -Wsign-compare 
> -Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast 
> -Wcast-align -Wstrict-prototypes -Wpointer-arith 
> -Wdeclaration-after-statement -Wwrite-strings -Wno-type-limits -O3 
> -funroll-loops -fomit-frame-pointer -DGIT_VERSION=\"1.18.0\" -g -O2 
> -fdebug-prefix-map=/<>=. 
> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
> -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
> -D_FORTIFY_SOURCE=2  -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
> -Wl,-z,now src/ciphers/aes/aes.lo src/ciphers/aes/aes_enc.lo 
> src/ciphers/anubis.lo [...] src/stream/sober128/sober128_test.lo -lgmp 
> -ltommath -o libtomcrypt.la -rpath /usr/local/lib -version-info 1:0
>   libtool: link: gcc -shared  -fPIC -DPIC  src/ciphers/aes/.libs/aes.o 
> src/ciphers/aes/.libs/aes_enc.o src/ciphers/.libs/anubis.o [...] 
> src/stream/sober128/.libs/sober128_test.o   -lgmp -ltommath  -O3 -g -O2 
> -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong 
> -specs=/usr/share/dpkg/pie-link.specs -Wl,-z -Wl,relro -Wl,-z -Wl,now   
> -Wl,-soname -Wl,libtomcrypt.so.1 -o .libs/libtomcrypt.so.1.0.0
>   /usr/bin/ld: src/ciphers/aes/.libs/aes.o: relocation R_X86_64_PC32 against 
> symbol `rijndael_setup' can not be used when making a shared object; 
> recompile with -fPIC
>   /usr/bin/ld: final link failed: Bad value
>   collect2: error: ld returned 1 exit status
>
> I'm not sure why the linker's complaining about missing an option you
> did in fact supply, but perhaps the use of pie-*.specs is somehow
> throwing things off; please try forgoing PIE on x32 for now.
>
> Thanks!
>
> --
> Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
> http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu



-- 
Best regards,
Michael

Bug#879027: libtomcrypt: FTBFS on x32: final link failed: Bad value

[Aaron M. Ucko]

Source: libtomcrypt
Version: 1.18-1
Severity: important
Justification: fails to build from source (but built successfully in the past)
User: debian-...@lists.debian.or

The latest build of libtomcrypt for x32 (admittedly not a release
architecture) failed per the below excerpts from
https://buildd.debian.org/status/fetch.php?pkg=libtomcrypt=x32=1.18.0-1=1508165690=0:

  libtool: compile:  gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow 
-DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align 
-Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement 
-Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer 
-DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<>=. 
-specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
-Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
-D_FORTIFY_SOURCE=2 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
-Wl,-z,now -c src/ciphers/aes/aes.c  -fPIC -DPIC -o src/ciphers/aes/.libs/aes.o
  [...]
  libtool --mode=link --tag=CC gcc -I./src/headers/ -Wall -Wsign-compare 
-Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align 
-Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement 
-Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer 
-DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<>=. 
-specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat 
-Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time 
-D_FORTIFY_SOURCE=2  -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro 
-Wl,-z,now src/ciphers/aes/aes.lo src/ciphers/aes/aes_enc.lo 
src/ciphers/anubis.lo [...] src/stream/sober128/sober128_test.lo -lgmp 
-ltommath -o libtomcrypt.la -rpath /usr/local/lib -version-info 1:0
  libtool: link: gcc -shared  -fPIC -DPIC  src/ciphers/aes/.libs/aes.o 
src/ciphers/aes/.libs/aes_enc.o src/ciphers/.libs/anubis.o [...] 
src/stream/sober128/.libs/sober128_test.o   -lgmp -ltommath  -O3 -g -O2 
-specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong 
-specs=/usr/share/dpkg/pie-link.specs -Wl,-z -Wl,relro -Wl,-z -Wl,now   
-Wl,-soname -Wl,libtomcrypt.so.1 -o .libs/libtomcrypt.so.1.0.0
  /usr/bin/ld: src/ciphers/aes/.libs/aes.o: relocation R_X86_64_PC32 against 
symbol `rijndael_setup' can not be used when making a shared object; recompile 
with -fPIC
  /usr/bin/ld: final link failed: Bad value
  collect2: error: ld returned 1 exit status

I'm not sure why the linker's complaining about missing an option you
did in fact supply, but perhaps the use of pie-*.specs is somehow
throwing things off; please try forgoing PIE on x32 for now.

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu