[gentoo-dev] Re: [PATCH 1/4] autotools.eclass: don't inject -I${SYSROOT} to aclocal
On 17 Jan 2022 11:09, Sam James wrote:
> When -I${SYSROOT} is injected, it'll override the default of -Im4, which
> results in trying to install macros to ${SYSROOT} (a sandbox violation)
> when they can't be found.
>
> From aclocal(1):
> ```
>-I DIR add directory to search list for .m4 files
>
>--install
> copy third-party files to the first -I directory
> ```
>
> The first directry is normally -Im4 if anything, whereas when injected
> (when ${SYSROOT} is defined), it ends up being ${SYSROOT}, not m4 (so
> we try to copy macros to somewhere outside of the build directory).
we should define the semantics we want and bring it upstream to get into
automake. although it seems like ACLOCAL_PATH might work well enough
for us now to switch to that.
as a stop gap, it seems like the use of --install is pretty low ? we're
cross-compiling about ~2.5k packages in CrOS every day and never seen a
failure here. so the few packages which are running into troubles can
workaround it by setting AT_SYS_M4DIR right ?
> In EAPI 7+, this is almost always the case! We don't generally expect
> to find macros (particularly things like autoconf-archive) in ${SYSROOT}
> because that's for DEPEND-class dependencies, then they end up being
> copied in unnecessarily and wrongly.
i think this optimism is misplaced. libraries often install m4 files
which is precisely why this logic is in here.
https://bugs.gentoo.org/677002#c10
deleting this check will break things. prob more than we're fixing.
-mike
signature.asc
Description: PGP signature
[gentoo-dev] [PATCH 8/8] flag-o-matic.eclass: allow -frecord-command-line
In Clang, -frecord-gcc-switches does the same as this anyway.
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 062bd04e2e0bd..50caa401bacfb 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -80,6 +80,7 @@ _setup-allowed-flags() {
# Cosmetic/output related, see e.g. bug #830534
-fno-diagnostics-color '-fmessage-length=*'
-fno-ident -fpermissive -frecord-gcc-switches
+ -frecord-command-line
'-fdiagnostics*' '-fplugin*'
'-W*' -w
--
2.34.1
[gentoo-dev] [PATCH 7/8] flag-o-matic.eclass: allow -fstack-clash-protection, -fcf-protection=*
-fstack-clash-protection suggested by Arfrever.
Reported-by: Arfrever Frehtes Taifersar Arahesis
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 7ac4f4a7791d1..062bd04e2e0bd 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -53,6 +53,8 @@ _setup-allowed-flags() {
# Hardening flags
'-fstack-protector*'
'-fstack-check*' -fno-stack-check
+ -fstack-clash-protection
+ '-fcf-protection=*'
-fbounds-check -fbounds-checking
-fno-PIE -fno-pie -nopie -no-pie
# Spectre mitigations, bug #646076
--
2.34.1
[gentoo-dev] [PATCH 6/8] flag-o-matic.eclass: allow -ffixed-x18 for arm64
Needed for shadow stack bits on ARM64.
Closes: https://bugs.gentoo.org/800533
Thanks-to: Jannik Glückert
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index a2e37b89b6f08..7ac4f4a7791d1 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -109,6 +109,9 @@ _setup-allowed-flags() {
-mfix-rm7000 -mno-fix-rm7000 -mfix-r1 -mno-fix-r1
'-mr10k-cache-barrier=*' -mthumb -marm
+ # needed for arm64 (and in particular SCS)
+ -ffixed-x18
+
# gcc 4.5
-mno-fma4 -mno-movbe -mno-xop -mno-lwp
# gcc 4.6
--
2.34.1
[gentoo-dev] [PATCH 5/8] flag-o-matic.eclass: allow -glldb
We already allow -ggdb for GDB and this is the analogue for LLDB.
Bug: https://bugs.gentoo.org/800533
Reported-by: Jannik Glückert
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index d6590a2e52dfd..a2e37b89b6f08 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -73,6 +73,7 @@ _setup-allowed-flags() {
-gdwarf '-gdwarf-*'
-gstabs -gstabs+
-gz
+ -glldb
# Cosmetic/output related, see e.g. bug #830534
-fno-diagnostics-color '-fmessage-length=*'
--
2.34.1
[gentoo-dev] [PATCH 4/8] flag-o-matic.eclass: allow Spectre mitigation flags
Closes: https://bugs.gentoo.org/646076
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 5 +
1 file changed, 5 insertions(+)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 37577209281a1..d6590a2e52dfd 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -55,6 +55,11 @@ _setup-allowed-flags() {
'-fstack-check*' -fno-stack-check
-fbounds-check -fbounds-checking
-fno-PIE -fno-pie -nopie -no-pie
+ # Spectre mitigations, bug #646076
+ '-mindirect-branch=*'
+ -mindirect-branch-register
+ '-mfunction-return=*'
+ -mretpoline
# Misc
-fno-unit-at-a-time -fno-strict-overflow
--
2.34.1
[gentoo-dev] [PATCH 3/8] flag-o-matic.eclass: restructure comments a bit
No functional change.
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 38ad14d8f5fe8..37577209281a1 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -49,13 +49,20 @@ setup-allowed-flags() {
_setup-allowed-flags() {
ALLOWED_FLAGS=(
-pipe -O '-O[12sg]' '-mcpu=*' '-march=*' '-mtune=*'
+
+ # Hardening flags
'-fstack-protector*'
- '-fsanitize*' '-fno-sanitize*'
'-fstack-check*' -fno-stack-check
- -fbounds-check -fbounds-checking -fno-strict-overflow
- -fno-PIE -fno-pie -nopie -no-pie -fno-unit-at-a-time
+ -fbounds-check -fbounds-checking
+ -fno-PIE -fno-pie -nopie -no-pie
+
+ # Misc
+ -fno-unit-at-a-time -fno-strict-overflow
+
+ # Sanitizers
+ '-fsanitize*' '-fno-sanitize*'
- # debugging symbols should generally be very safe to add
+ # Debugging symbols should generally be very safe to add
-g '-g[0-9]'
-ggdb '-ggdb[0-9]'
-gdwarf '-gdwarf-*'
--
2.34.1
[gentoo-dev] [PATCH 2/8] flag-o-matic.eclass: allow -fno-diagnostics-color -fmessage-length=0
Both of these options are useful for automated reports and should
be harmless.
Closes: https://bugs.gentoo.org/830534
Reported-by: Agostino Sarubbo
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index f8181a17e911a..38ad14d8f5fe8 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -62,6 +62,8 @@ _setup-allowed-flags() {
-gstabs -gstabs+
-gz
+ # Cosmetic/output related, see e.g. bug #830534
+ -fno-diagnostics-color '-fmessage-length=*'
-fno-ident -fpermissive -frecord-gcc-switches
'-fdiagnostics*' '-fplugin*'
'-W*' -w
--
2.34.1
[gentoo-dev] [PATCH 1/8] flag-o-matic.eclass: strip-flags: Fix logic to properly support "=" in patterns.
From: Arfrever Frehtes Taifersar Arahesis
Signed-off-by: Arfrever Frehtes Taifersar Arahesis
Signed-off-by: Sam James
---
eclass/flag-o-matic.eclass | 23 +++
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 32119cb9a526f..f8181a17e911a 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: flag-o-matic.eclass
@@ -48,7 +48,7 @@ setup-allowed-flags() {
# Note: shell globs and character lists are allowed
_setup-allowed-flags() {
ALLOWED_FLAGS=(
- -pipe -O '-O[12sg]' -mcpu -march -mtune
+ -pipe -O '-O[12sg]' '-mcpu=*' '-march=*' '-mtune=*'
'-fstack-protector*'
'-fsanitize*' '-fno-sanitize*'
'-fstack-check*' -fno-stack-check
@@ -70,7 +70,7 @@ _setup-allowed-flags() {
'-[DUILR]*' '-Wl,*'
# Linker choice flag
- '-fuse-ld'
+ '-fuse-ld=*'
)
# allow a bunch of flags that negate features / control ABI
@@ -80,19 +80,19 @@ _setup-allowed-flags() {
-fno-omit-frame-pointer '-fno-builtin*'
)
ALLOWED_FLAGS+=(
- -mregparm -mno-app-regs -mapp-regs -mno-mmx -mno-sse
+ '-mregparm=*' -mno-app-regs -mapp-regs -mno-mmx -mno-sse
-mno-sse2 -mno-sse3 -mno-ssse3 -mno-sse4 -mno-sse4.1 -mno-sse4.2
-mno-avx -mno-aes -mno-pclmul -mno-sse4a -mno-3dnow -mno-popcnt
-mno-abm -mips1 -mips2 -mips3 -mips4 -mips32 -mips64 -mips16
-mplt
- -msoft-float -mno-soft-float -mhard-float -mno-hard-float -mfpu
- -mieee -mieee-with-inexact -mschedule -mfloat-gprs -mspe
-mno-spe
+ -msoft-float -mno-soft-float -mhard-float -mno-hard-float
'-mfpu=*'
+ -mieee -mieee-with-inexact '-mschedule=*' -mfloat-gprs -mspe
-mno-spe
-mtls-direct-seg-refs -mno-tls-direct-seg-refs -mflat -mno-flat
- -mno-faster-structs -mfaster-structs -m32 -m64 -mx32 -mabi
- -mlittle-endian -mbig-endian -EL -EB -fPIC -mlive-g0 -mcmodel
- -mstack-bias -mno-stack-bias -msecure-plt '-m*-toc' -mfloat-abi
+ -mno-faster-structs -mfaster-structs -m32 -m64 -mx32 '-mabi=*'
+ -mlittle-endian -mbig-endian -EL -EB -fPIC -mlive-g0
'-mcmodel=*'
+ -mstack-bias -mno-stack-bias -msecure-plt '-m*-toc'
'-mfloat-abi=*'
-mfix-r4000 -mno-fix-r4000 -mfix-r4400 -mno-fix-r4400
-mfix-rm7000 -mno-fix-rm7000 -mfix-r1 -mno-fix-r1
- -mr10k-cache-barrier -mthumb -marm
+ '-mr10k-cache-barrier=*' -mthumb -marm
# gcc 4.5
-mno-fma4 -mno-movbe -mno-xop -mno-lwp
@@ -452,9 +452,8 @@ strip-flags() {
local new=()
for x in ${!var} ; do
- local flag=${x%%=*}
for y in "${ALLOWED_FLAGS[@]}" ; do
- if [[ -z ${flag%%${y}} ]] ; then
+ if [[ ${x} == ${y} ]] ; then
new+=( "${x}" )
break
fi
--
2.34.1
Re: [gentoo-dev] [RFC] making rust-bin ordered first in virtual/rust
On 1/18/22 18:13, Sam James wrote: Not that I'm advocating for removing source builds or anything like that, I'm not ? ;) -- Toralf PGP 23217DA7 9B888F45 OpenPGP_signature Description: OpenPGP digital signature
Re: [gentoo-dev] [RFC] making rust-bin ordered first in virtual/rust
> On 17 Jan 2022, at 23:24, Georgy Yakovlev wrote:
>
> Hi,
>
> I've been approached multiple times with that request, and a lot of
> time I see new users completely destroyed by rust build time and disk
> space requirements.
>
I'll out myself as being one of these people!
> WDYT about switching order of rusts in a virtual?
>
> RDEPEND="|| (
>~dev-lang/rust-${PV}
>~dev-lang/rust-bin-${PV}
> )"
>
>
> becomes
>
> RDEPEND="|| (
>~dev-lang/rust-bin-${PV}
> ~dev-lang/rust-${PV}
> )"
>
>
> Existing installs should be unaffected ofc.
> But portage may prefer to depclean rust and not rust-bin if both are
> present.
> Users who wish to use source version at all times can just add it to
> world file.
>
> I see both positives and negatives of doing that, but would like to
> reach out to community first.
I'd like to do -bin first to be consistent with OpenJDK, IcedTea,
and to improve first-install experience.
Not that I'm advocating for removing source builds or anything
like that, but I dare say Rust is generally not something that people
can customise much anyway.
As Ionen has noted, we did already switch in desktop stages.
Best,
sam
signature.asc
Description: Message signed with OpenPGP
