[Swan-dev] libreswan FTBFS on hppa and alpha due to lack of -fstack-protector

Andrew Cagney andrew.cagney at gmail.com
Wed Feb 8 17:56:32 UTC 2017


On 3 February 2017 at 20:07, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Fri 2017-02-03 19:53:22 -0500, Paul Wouters wrote:
>> On Fri, 3 Feb 2017, Daniel Kahn Gillmor wrote:
>>
>>> i notice that mk/userland-cflags.mk has -fstack-protector-all set inside
>>> USERCOMPILE.
>>>
>>> However, there are at least two debian unofficial architectures (alpha
>>> and hppa) where gcc doesn't have -fstack-protector available.
>>
>> You can pass USERCOMPILE= to the "make programs" ?
>> eg you could use:
>>
>> make
>>    USERCOMPILE=" -fexceptions -fno-strict-aliasing -fPIE -DPIE -DFORCE_PR_ASSERT" \
>>    programs

> This seems like an unpleasant maintenance situation to be in -- it means
> that if you improve USERCOMPILE in mk/userland-cflags.mk at some point,
> debian won't get those changes on these platforms unless i notice and
> update them.  What i really want is to be able to just strip one of
> these options out on the two architectures.
>
> I can go this route if you prefer, but it seems unclean.  any other suggestions?

Try thinking of of USERCOMPILE the same way you would think of CFLAGS
when the build system uses autoconf:
- its something reserved for the "user" - the person building the package
- it would even be called CFLAGS except we've some messed up makefile
vs kernel module build interaction
So do we meet that expectation?

  -fexceptions -fstack-protector-all -fno-strict-aliasing -fPIE -DPIE
-DFORCE_PR_ASSERT

-fexceptions is officially used to support mixed C and C++ code.
Unofficially, it makes for better back traces when debugging.

-fstack-protector-all -fPIE -DPIE all depend on your level of paranoia

-fno-strict-aliasing dates back to at least 2012 and
380de4f526c86b03cdb7fa58b7af0d2aaa191c8c.  I don't believe we've any
evidence for or against having this option

That leaves  -DFORCE_PR_ASSERT which dates back to
https://lists.libreswan.org/pipermail/swan-dev/2014-February/000088.html
I suspect it is no longer needed since all calls to PR_ASSERT seem to
have disappeared.  I'll remove it from USERCOMPILE and define it
elsewhere.


>>> You can detect it with something like:
>>>
>>>   printf 'int main() { return 0;}' | gcc -x c -fstack-protector-all -
>>
>> Well, that would be terrible for those cross compiling :P
>
> well, i guess if you used $(CC) from whatever the cross environment is,
> then you should be able to cross-build ok, right?  not that anyone's
> doing a lot of cross-compiling on hppa or alpha these days :)
>
>      --dkg
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>


More information about the Swan-dev mailing list