Viktor Dukhovni:
On Wed, Feb 04, 2015 at 03:31:03PM +1300, Peter wrote:
Well for now, then I'll just have to remove -pie, but if I can get that
in as a feature request to make -pie work with shared=yes, then I would
really appreciate it. Not sure if it should be considered a blocker for
On 02/04/2015 04:07 PM, Viktor Dukhovni wrote:
The low-level details are easy, the hard part is the interface
glue. How should users be able to specify such flags, updating
the INSTALL documentation, ...
For a preview of a brute-force hack that makes it work, apply
the patch below:
diff
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
However, if my quick hack works, let us know, at least we'll know
what needs to be done to support this at some point later.
It works, hardening check shows all the executables to be position
independent.
Peter
On 02/04/2015 06:15 PM, Viktor Dukhovni wrote:
And they still work I hope, ... If you can, please also check that
dynamic maps still load.
I would hope so but I haven't actually run them yet. I will be pushing
them out to my testing repo soon and get some people to test.
Peter
On 02/04/2015 02:46 PM, li...@rhsoft.net wrote:
not for dynamic build but that below is from my rpmbuilder and it's a
hardened build supporting ASLR
snip
AUXLIBS=-lpcre -L%{_libdir}/mysql -lmysqlclient -lm -L%{_libdir}/sasl2
-lsasl2 -lssl -lcrypto -pie -Wl,-z,now -Wl,-z,relro,-z,noexecstack
On Wed, Feb 04, 2015 at 06:12:07PM +1300, Peter wrote:
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
However, if my quick hack works, let us know, at least we'll know
what needs to be done to support this at some point later.
It works, hardening check shows all the executables to be
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
Yes, but they did not use shared libraries. The compatible thing
to do would be a statically linked build. Once you're changing
the build, you may as well drop PIE support for now.
Right, I would not have pursued pie support much further, but if
On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
We've never supported pie, so if shared libraries don't work with
pie that's not a bug. Perhaps pie support could be considered
for 3.1.
Ok, I'm fine with that.
Peter
On Wed, Feb 04, 2015 at 03:31:03PM +1300, Peter wrote:
Well for now, then I'll just have to remove -pie, but if I can get that
in as a feature request to make -pie work with shared=yes, then I would
really appreciate it. Not sure if it should be considered a blocker for
3.0.0 or not, though,
On Wed, Feb 04, 2015 at 03:40:51PM +1300, Peter wrote:
On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
We've never supported pie, so if shared libraries don't work with
pie that's not a bug. Perhaps pie support could be considered
for 3.1.
Ok, I'm fine with that.
The low-level details
Am 04.02.2015 um 03:31 schrieb Peter:
On 02/04/2015 02:47 PM, Viktor Dukhovni wrote:
It may be tricky, Postfix applies AUXLIBS when building both the
final executables, and the shared libraries, but it seems that
-pie is not appropriate for shared libraries. Additinal makedefs
and Makefile.in
On Wed, Feb 04, 2015 at 05:00:40PM +1300, Peter wrote:
This is more along the lines of, I'm building 3rd-party postfix packages
for CentOS, the current stable postfix packages (sourced from Fedora)
have -pie enabled and so I'd like to keep it enabled if at all possible.
Yes, but they did not
On 02/04/2015 02:47 PM, Viktor Dukhovni wrote:
It may be tricky, Postfix applies AUXLIBS when building both the
final executables, and the shared libraries, but it seems that
-pie is not appropriate for shared libraries. Additinal makedefs
and Makefile.in logic would be required to create
On 02/04/2015 10:47 AM, Viktor Dukhovni wrote:
No, not CCARGS, AUXLIBS:
make -f Makefile.in shared=yes AUXLIBS=-fPIE makefiles
make
works with the GCC toolchain on my machine.
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
On 02/04/2015 10:49 AM, Wietse
On Wed, Feb 04, 2015 at 11:11:43AM +1300, Peter wrote:
On 02/04/2015 10:47 AM, Viktor Dukhovni wrote:
No, not CCARGS, AUXLIBS:
make -f Makefile.in shared=yes AUXLIBS=-fPIE makefiles
make
works with the GCC toolchain on my machine.
make makefiles shared=yes 'CCARGS=-fPIC'
Peter:
I'm trying to build Postfix 3.0.0 with dynamic loadable module support
(it builds fine without). When I add shared=yes dynamicmaps=yes to make
makefiles I get the following (fpaste of build.log from mock):
http://paste.fedoraproject.org/180820/14229612 (http://ur1.ca/jmm0z)
Note
On 02/04/2015 01:25 AM, Wietse Venema wrote:
Execute the following commands by themselves, not as part of
some insnaly complicated Linux build process.
make makefiles
make
If that works without error, then you made a mistake with the Linux
build process.
Still does the same thing.
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
Of course it does. You used both -fPIE and -fpie.
No, I used both -fPIE and -pie (without the f).
Peter
On 02/04/2015 09:59 AM, Peter wrote:
I simplified it down to this and was still got the error:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If I remove the -pie from AUXLIBS (either from the simplified version or
the full version) it builds just fine. It also builds just fine if
Peter:
On 02/04/2015 01:25 AM, Wietse Venema wrote:
Execute the following commands by themselves, not as part of
some insnaly complicated Linux build process.
make makefiles
make
If that works without error, then you made a mistake with the Linux
build process.
Still
On 02/04/2015 09:16 AM, Wietse Venema wrote:
OK, show the complete make makefiles command that you used without
the insanely complicated Linux build process. I have a few Linux
boxen where I can try that command myself.
The full make makefiles was:
make -f Makefile.init makefiles shared=yes
I'm trying to build Postfix 3.0.0 with dynamic loadable module support
(it builds fine without). When I add shared=yes dynamicmaps=yes to make
makefiles I get the following (fpaste of build.log from mock):
http://paste.fedoraproject.org/180820/14229612 (http://ur1.ca/jmm0z)
Note that the errors
Am 03.02.2015 um 23:35 schrieb Peter:
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
Of course it does. You used both -fPIE and -fpie.
No, I used both -fPIE and -pie (without the f)
BUT one belongs to CCARGS and the
On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
I simplified it down to this and was still got the error:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If you want PIE support, you'll need to use -fPIE (upper-case).
This
On Wed, Feb 04, 2015 at 10:45:23AM +1300, Peter wrote:
On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
I simplified it down to this and was still got the error:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If you want
On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
I simplified it down to this and was still got the error:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If you want PIE support, you'll need to use -fPIE (upper-case).
This makes it possible to enable ASLR for the Postfix
Viktor Dukhovni:
On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
I simplified it down to this and was still got the error:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If you want PIE support, you'll need to use -fPIE (upper-case).
This makes it possible to enable ASLR
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
BUT one belongs to CCARGS and the other to AUXLIBS
re-read the previous mails in this thread!
...and from one of *my* previous emails:
make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
...also fails
Can you suggest the combination
Am 04.02.2015 um 02:31 schrieb Peter:
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
BUT one belongs to CCARGS and the other to AUXLIBS
re-read the previous mails in this thread!
...and from one of *my* previous emails:
make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
On Wed, Feb 04, 2015 at 02:31:37PM +1300, Peter wrote:
Can you suggest the combination with -pie that is supposed to work and
actually *does* work?
It may be tricky, Postfix applies AUXLIBS when building both the
final executables, and the shared libraries, but it seems that
-pie is not
30 matches
Mail list logo
