FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 12-14-2007, 04:11 PM
brant williams
 
Default error building glibc on amd64

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


The USE flags for "hardened" and "nls" appear now to be turned off
somewhere (and have been disabled since the last time you compiled gcc --
note the asterisk after the flags).


Can you paste the output of `emerge --info`?

Also, what steps have you taken so far? You said that you just chrooted
into this system; are you just now doing this from the install disc? You
might want to compile a kernel and make sure the box will boot without the
install disc before emerging other packages or changing the profile.


brant williams
FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002



On Fri, 14 Dec 2007, Marcel Meyer wrote:


Date: Fri, 14 Dec 2007 17:29:04 +0100
From: Marcel Meyer <meyerm@fs.tum.de>
Reply-To: gentoo-hardened@lists.gentoo.org
To: gentoo-hardened@lists.gentoo.org
Subject: [gentoo-hardened] error building glibc on amd64

Hello,

I just wanted to build my first hardened AMD64 system and ran into the
following problem after chrooting into the unpacked tarball:
(2007-0 AMD64 multilib - keywords: amd64)


$ emerge --sync
[..]

$ ls -l /etc/make.profile
lrwxrwxrwx 1 root root 47 Dec 14
00:34 /etc/make.profile -> ../usr/portage/profiles/hardened/amd64/multilib

$ emerge -p binutils gcc glibc

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild U ] sys-devel/binutils-2.18-r1 [2.16.1-r3] USE="-nls*"
[ebuild R ] sys-devel/gcc-3.4.6-r2 USE="-d% -hardened* -nls*"
[ebuild U ] sys-libs/glibc-2.6.1 [2.3.6-r5]
USE="-debug% -gd% -hardened* -nls* -vanilla%"

$ gcc-config -l
[1] x86_64-pc-linux-gnu-3.4.6 *
[2] x86_64-pc-linux-gnu-3.4.6-hardenednopie
[3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
[4] x86_64-pc-linux-gnu-3.4.6-hardenednossp
[5] x86_64-pc-linux-gnu-3.4.6-vanilla

$ emerge -Du world
[..]

Source unpacked.
Compiling source

in /var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1 ...
* Building multilib glibc for ABIs: x86 amd64

* ABI: x86
* CBUILD: x86_64-pc-linux-gnu
* CHOST: x86_64-pc-linux-gnu
* CTARGET: x86_64-pc-linux-gnu
* CBUILD_OPT: i686-pc-linux-gnu
* CTARGET_OPT: i686-pc-linux-gnu
* CC:
* CFLAGS: -O2 -fno-strict-aliasing -fno-stack-protector -nopie
[..]
checking for -z nodelete option... configure: error: linker with -z nodelete
support required
[..]


The log file says nothing more than the message above. I already tried to
reemerge binutils to be sure the linker was ok. That didn't help.

This is my first AMD64 system so I'm not yet into the multilib stuff -
perhaps I made an error by not specifying "hardened" and/or "multilib" as
USE-flag? But after reading through the archives, I thought they are both
not used as long as I take the right profile.

Below you find my make.conf and the output of emerge --info. Thank you for
reading!

Marcel



$ emerge --info
emerge --info
Portage 2.1.3.19 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.3.6-r5,
2.6.19-gentoo-r5 x86_64)
================================================== ===============
System uname: 2.6.19-gentoo-r5 x86_64 AMD Opteron(tm) Processor 850
Timestamp of tree: Fri, 14 Dec 2007 14:16:01 +0000
app-shells/bash: 3.2_p17
dev-lang/python: 2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9
sys-apps/sandbox: 1.2.18.1-r2
sys-devel/autoconf: 2.61-r1
sys-devel/automake: 1.10
sys-devel/binutils: 2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool: 1.5.24
virtual/os-headers: 2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -fforce-addr"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox
sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/
http://distfiles.gentoo.org
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="amd64 bash-completion berkdb caps crypt memlimit ncurses nptl pam
readline skey snmp ssl unicode vim-syntax xattr xinetd zlib" ELIBC="glibc"
INPUT_DEVICES="mouse keyboard" KERNEL="linux" USERLAND="GNU"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL,
LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

$ cat /etc/make.conf
USE="-*
bash-completion berkdb
caps crypt
memlimit
ncurses nptl
pam
readline
skey snmp ssl
unicode
vim-syntax
xattr xinetd
zlib
"

CHOST="x86_64-pc-linux-gnu"

CFLAGS="-march=k8 -O2 -pipe -fforce-addr"
CXXFLAGS="${CFLAGS}"

# ACCEPT_KEYWORDS="~amd64"

PORT_LOGDIR="/var/log/portage"
PORT_ENOTICE_DIR="/var/log/portage/enotice"
PORTDIR_OVERLAY="/usr/local/portage"

GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/
http://distfiles.gentoo.org
http://www.ibiblio.org/pub/Linux/distributions/gentoo"

SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"

MAKEOPTS="-j5"

FEATURES="parallel-fetch sandbox strict"

PORTAGE_NICENESS="5"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_ELOG_CLASSES="info warn error log"
PORTAGE_ELOG_SYSTEM="save"

ALSA_CARDS=""
ALSA_PCM_PLUGINS=""
APACHE2_MODULES=""
LCD_DEVICES=""
VIDEO_CARDS=""


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHYrlXdCBnhE3rYAIRCLF5AJ46rqM5mR08x/S/rR3mFAfNOwGlBgCfS6WO
pX54I2tSV+w3qlvaas8OmWc=
=eN+G
-----END PGP SIGNATURE-----
--
gentoo-hardened@gentoo.org mailing list
 
Old 12-15-2007, 01:55 AM
Marcel Meyer
 
Default error building glibc on amd64

Hi Brant,

thank you for answering.

Am Freitag, 14. Dezember 2007 schrieb brant williams:
> The USE flags for "hardened" and "nls" appear now to be turned off
> somewhere (and have been disabled since the last time you compiled gcc --
> note the asterisk after the flags).
That's correct. I started my USE-variable in "make.conf" with a "-*" to get
a minimal system and only added flags I intended to use. I did _not_
add "nls" since I didn't intent to use any other language and left
out "hardened" and "pic" too, since I assumed they would be "added by the
profile" no matter what I add into make.conf. Just as with "multilib" - or
do I need it...?


> Can you paste the output of `emerge --info`?
Hehe, you didn't read until the end ;-). I cite the output from last time
again below for reference.


> Also, what steps have you taken so far? You said that you just chrooted
> into this system; are you just now doing this from the install disc?
Correct, editing the usual files from the live cd bash, chrooting, syncing
and then the update world. That was all.


> You might want to compile a kernel and make sure the box will boot without
> the install disc before emerging other packages or changing the profile.
Thank you for your suggestion. But I now tried it again _with_ hardened
added to my USE-flags (after you explicitly mentioned it above) and
retried. This time it worked as intented...

Below you will find the "make.conf" and "emerge --info" output which
_didn't_ work. The only relevant difference seems to be the addition of
the "hardened" USE-flag. I added "pic" too to be sure... So my working
setup (at least until now ;-) ) is the same as below only with these two
flags added. I guess I will start an emerge -e world to be safe.


Can someone please explain what USE/C/CXX flags or other variables
should/must be set on a hardened system when using the hardened profile?
Obviously "hardened" is one of them ;-). What about "multilib"?

Thanks!
Marcel


> > $ emerge --info
> > emerge --info
> > Portage 2.1.3.19 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.3.6-r5,
> > 2.6.19-gentoo-r5 x86_64)
> > ================================================== ===============
> > System uname: 2.6.19-gentoo-r5 x86_64 AMD Opteron(tm) Processor 850
> > Timestamp of tree: Fri, 14 Dec 2007 14:16:01 +0000
> > app-shells/bash: 3.2_p17
> > dev-lang/python: 2.4.4-r6
> > dev-python/pycrypto: 2.0.1-r6
> > sys-apps/baselayout: 1.12.9
> > sys-apps/sandbox: 1.2.18.1-r2
> > sys-devel/autoconf: 2.61-r1
> > sys-devel/automake: 1.10
> > sys-devel/binutils: 2.18-r1
> > sys-devel/gcc-config: 1.3.16
> > sys-devel/libtool: 1.5.24
> > virtual/os-headers: 2.6.22-r2
> > ACCEPT_KEYWORDS="amd64"
> > CBUILD="x86_64-pc-linux-gnu"
> > CFLAGS="-march=k8 -O2 -pipe -fforce-addr"
> > CHOST="x86_64-pc-linux-gnu"
> > CONFIG_PROTECT="/etc"
> > CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/splash /etc/terminfo"
> > CXXFLAGS="-march=k8 -O2 -pipe -fforce-addr"
> > DISTDIR="/usr/portage/distfiles"
> > FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox
> > sfperms strict unmerge-orphans userfetch"
> > GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gento
> >o/ http://distfiles.gentoo.org
> > http://www.ibiblio.org/pub/Linux/distributions/gentoo"
> > MAKEOPTS="-j5"
> > PKGDIR="/usr/portage/packages"
> > PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
> > --compress --force --whole-file --delete --delete-after --stats
> > --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages
> > --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp"
> > PORTDIR="/usr/portage"
> > PORTDIR_OVERLAY="/usr/local/portage"
> > SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
> > USE="amd64 bash-completion berkdb caps crypt memlimit ncurses nptl pam
> > readline skey snmp ssl unicode vim-syntax xattr xinetd zlib"
> > ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux"
> > USERLAND="GNU"
> > Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG,
> > LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
> > PORTAGE_RSYNC_EXTRA_OPTS
> >
> > $ cat /etc/make.conf
> > USE="-*
> > bash-completion berkdb
> > caps crypt
> > memlimit
> > ncurses nptl
> > pam
> > readline
> > skey snmp ssl
> > unicode
> > vim-syntax
> > xattr xinetd
> > zlib
> > "
> >
> > CHOST="x86_64-pc-linux-gnu"
> >
> > CFLAGS="-march=k8 -O2 -pipe -fforce-addr"
> > CXXFLAGS="${CFLAGS}"
> >
> > # ACCEPT_KEYWORDS="~amd64"
> >
> > PORT_LOGDIR="/var/log/portage"
> > PORT_ENOTICE_DIR="/var/log/portage/enotice"
> > PORTDIR_OVERLAY="/usr/local/portage"
> >
> > GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gento
> >o/ http://distfiles.gentoo.org
> > http://www.ibiblio.org/pub/Linux/distributions/gentoo"
> >
> > SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
> >
> > MAKEOPTS="-j5"
> >
> > FEATURES="parallel-fetch sandbox strict"
> >
> > PORTAGE_NICENESS="5"
> > PORTAGE_TMPFS="/dev/shm"
> > PORTAGE_ELOG_CLASSES="info warn error log"
> > PORTAGE_ELOG_SYSTEM="save"
> >
> > ALSA_CARDS=""
> > ALSA_PCM_PLUGINS=""
> > APACHE2_MODULES=""
> > LCD_DEVICES=""
> > VIDEO_CARDS=""
 

Thread Tools




All times are GMT. The time now is 07:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org