Readjusted linker issues etc.

Robert Connolly robert at linuxfromscratch.org
Wed May 20 16:08:51 PDT 2009


On Sunday May 17 2009 09:09:10 pm robert baker wrote:
> Going back to my binutils obj/ directory and executing the below
> commad installed a working  re-adjusted linker.
> make -C ld install

You should be cross referencing with lfs-svn. Sometimes they have fixes. The 
x86_64 additions would be nice, but it's up to you if you want to add them 
(you'll need an x86_64 to be sure it works).

I prefer 'make -C ld install'.

> I haven't explored a solution that doesn't require keeping the build
> directory from the previous chapter just yet. Instead I have been
> reviewing the test suite failures that I am experiencing later in the
> build. Running the following for the binutils test suite results in a
> small handfull of errors.
> make CFLAGS="-fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow
> -nopie" -k check
>
> binutils tests
> FAIL: run objcopy of executable
> FAIL: run stripped executable
> FAIL: run stripped executable with saving a symbol
> FAIL: objdump -W
> FAIL: readelf -wa (compressed)
> ld tests
> FAIL: ld-elf/seg
> FAIL: vers4
> FAIL: Check --gc-section/-r/-u
> FAIL: ld-i386/hidden2
> FAIL: NOCROSSREFS 3
> FAIL: S-records
> FAIL: S-records with constructors
>
> The good news is with similar CFLAGS, and
> LDFLAGS="-Wl,-no-fatal-warning" all the glibc tests pass.

December 16, 2008, I wrote a thread named 'testsuites'. The Glibc, Binutils, 
and GCC test suites can be fixed by using GCC pass1 specs, but they need to 
be modified to add -fno-stack-protector and -fno-PIE to cc1 and cc1plus 
specs.

The -fstack-protector-all and -fPIE options are enabled in the gcc binary, not 
in the specs file, so they need to be disabled by command line or specs. This 
was done so that these options would be used by all compilers, not just C and 
C++.

The fortify_source and linker options are enabled in the specs file, so using 
pass1 specs would disable them. Pass1 specs also use -fPIC, but as far as I 
can remember this has never caused test suite failures.

The GCC test suite will probably use 'gcc/specs' instead of the system GCC 
specs. If that doesn't work then 'gcc/xgcc' needs to become a shell script 
pointing at the xgcc binary and using the --specs-file= option to point at 
the modified pass1 specs.

Using the modified pass1 specs will test the hardened toolchain with a vanilla 
compiler, so there is absolutely no loss in quality or protection.

Modifying the pass1 specs would use an Sed command to search for "cc1:" 
and "cc1plus:, and appending to the next new line. I don't remember how to do 
this from memory.

It would be nice if upstream would add -fno-stack-protector and -fno-PIE to 
their test suite CFLAGS. They might be willing, but I don't have the first 
clue how to make a patch for it.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20090520/beae6d25/attachment.sig>


More information about the hlfs-dev mailing list