[hardening-discuss] Bug#465827: Bug#465827: FTBFS on m68k using hardening-wrapper
Luk Claes
luk at debian.org
Fri Mar 21 17:42:50 UTC 2008
Kees Cook wrote:
> Hi!
>
> On Fri, Mar 21, 2008 at 03:47:57PM +0100, Luk Claes wrote:
>> On Fri, Feb 15, 2008 at 09:44:40AM +0100, Tobias Toedter wrote:
>>
>>> I've just switched to use hardening-wrapper for my package worker.
>>> However, on m68k, the package FTBFS with this error message:
>> This is not m68k specific, it happens on some other archs too.
>>
>>> checking for gcc... gcc
>>> checking for C compiler default output file name...
>>> configure: error: C compiler cannot create executables
>> The problem is that '-z relro' is on some archs interpreted as two
>> options instead of one because of the whitespace. This can be solved by
>> using '-Wl,z,relro' instead...
>
> I think you meant '-Wl,-z,relro', but -Wl is for passing ld flags down
> from gcc. In the hardening-wrapper's case, it is passing the -z relro
> directly to ld.
>
> Additionally, it's not passed as white-space, it's passed as two
> arguments. This is what -Wl,-z,relro does too. For example, if -Wl,-z,relro
> works, so should hardening-wrapper:
>
> $ strace -s 1024 -f gcc -o hi hi.c -Wl,-z,relro
> ...
> [pid 15948] execve("/usr/bin/ld", ["/usr/bin/ld", ... "-z", "relro", ...
> ...
>
> I don't have an m68k machine to test with, but if you run with
> DEB_BUILD_HARDENING_DEBUG=1 you should be able to see the commands that
> are being run during the configure script, and should help narrow down
> the problem.
quagga's FTBFS seems to come from using hardening-wrapper. Please do ack
or deny, TIA.
Cheers
Luk
More information about the hardening-discuss
mailing list