View previous topic :: View next topic |
How long until hardened and toolchain will produce a hardened gcc4? |
1 year |
|
23% |
[ 40 ] |
5 years |
|
20% |
[ 35 ] |
10 years |
|
7% |
[ 13 ] |
lifetime |
|
4% |
[ 8 ] |
eternity |
|
44% |
[ 76 ] |
|
Total Votes : 172 |
|
Author |
Message |
rbu Retired Dev
Joined: 21 Aug 2004 Posts: 59 Location: Berlin, Germany
|
Posted: Thu Aug 20, 2009 1:25 pm Post subject: |
|
|
I have added the overlay to layman-global.txt, you can now do
# layman -a hardened-development
+ <overlay
+ type = "git"
+ src = "git://git.overlays.gentoo.org/proj/hardened-development.git"
+ name = "hardened-development"
+ status = "official"
+ contact = "hardened@gentoo.org">
+ <description>Development Overlay for Hardened Gcc 4.x Toolchain</description>
+ <link>http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-development.git;a=summary</link>
+</overlay>
--rbu |
|
Back to top |
|
|
kernelOfTruth Watchman
Joined: 20 Dec 2005 Posts: 6111 Location: Vienna, Austria; Germany; hello world :)
|
|
Back to top |
|
|
Dwokfur Tux's lil' helper
Joined: 15 Sep 2006 Posts: 86 Location: Budapest, Hungary, Europe
|
Posted: Sat Aug 22, 2009 2:10 pm Post subject: |
|
|
I'm currently on Holiday, so I felt it's time to perform a system-wide upgrade. I bumped gcc from 4.3.3 to 4.4.1 and glibc from 2.9 to 2.10.1. In combined it with the regular weekly package upgrade.
There were some bugs I hit because of the new toolchain, but none of them seems to be hardened related:
- xulrunner-1.8: 280562
- bug-buddy: 277826
- glib header & new toolchain combo: 277291 (popped up while compiling devhelp)
I'm having a problem with vtk, but I hope it could be solved after bumping boost to .39. Vtk is not a crucial system component after all...
Something hardened related: I had to disable mprotect on gst-inspect-0.10 again after gst-plugins upgrade. It became obvious after failing to upgrade totem.
Another for dev-lang/spidemonkey, which spreads beyond of my scope:
Code: |
i686-pc-linux-gnu-ld -shared -soname libjs.so -o Linux_All_OPT.OBJ/libjs.so Linux_All_OPT.OBJ/jsapi.lo Linux_All_OPT.OBJ/jsarena.lo Linux_All_OPT.OBJ/jsarray.lo Linux_All_OPT.OBJ/jsatom.lo Linux_All_OPT.OBJ/jsbool.lo Linux_All_OPT.OBJ/jscntxt.lo Linux_All_OPT.OBJ/jsdate.lo Linux_All_OPT.OBJ/jsdbgapi.lo Linux_All_OPT.OBJ/jsdhash.lo Linux_All_OPT.OBJ/jsdtoa.lo Linux_All_OPT.OBJ/jsemit.lo Linux_All_OPT.OBJ/jsexn.lo Linux_All_OPT.OBJ/jsfun.lo Linux_All_OPT.OBJ/jsgc.lo Linux_All_OPT.OBJ/jshash.lo Linux_All_OPT.OBJ/jsinterp.lo Linux_All_OPT.OBJ/jsiter.lo Linux_All_OPT.OBJ/jslock.lo Linux_All_OPT.OBJ/jslog2.lo Linux_All_OPT.OBJ/jslong.lo Linux_All_OPT.OBJ/jsmath.lo Linux_All_OPT.OBJ/jsnum.lo Linux_All_OPT.OBJ/jsobj.lo Linux_All_OPT.OBJ/jsopcode.lo Linux_All_OPT.OBJ/jsparse.lo Linux_All_OPT.OBJ/jsprf.lo Linux_All_OPT.OBJ/jsregexp.lo Linux_All_OPT.OBJ/jsscan.lo Linux_All_OPT.OBJ/jsscope.lo Linux_All_OPT.OBJ/jsscript.lo Linux_All_OPT.OBJ/jsstr.lo Linux_All_OPT.OBJ/jsutil.lo Linux_All_OPT.OBJ/jsxdrapi.lo Linux_All_OPT.OBJ/jsxml.lo Linux_All_OPT.OBJ/prmjtime.lo -lm -L/usr/lib/nspr -lnspr4
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetNaNValue':
jsapi.c:(.text+0x2d): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetNegativeInfinityValue':
jsapi.c:(.text+0x60): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetPositiveInfinityValue':
jsapi.c:(.text+0x93): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetEmptyStringValue':
jsapi.c:(.text+0xc6): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetTypeName':
jsapi.c:(.text+0x107): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo:jsapi.c:(.text+0x138): more undefined references to `__stack_chk_fail_local' follow
i686-pc-linux-gnu-ld: Linux_All_OPT.OBJ/libjs.so: hidden symbol `__stack_chk_fail_local' isn't defined
i686-pc-linux-gnu-ld: final link failed: Nonrepresentable section on output
make[1]: *** [Linux_All_OPT.OBJ/libjs.so] Error 1
make[1]: Leaving directory `/var/tmp/portage/dev-lang/spidermonkey-1.7.0/work/js/src'
make: *** [all] Error 2
|
Please take a look at on this.
Openoffice-3.1 compiles and works fine.
Failed to use python-updater after upgrading to python-2.6. Python still set to 2.5. I have to check my grsec policy...
xine-lib still creates TEXTRELs in its tvtime so and PaXTeam's patch still cures it. Can somebody push it into portage? Maybe rbu?
Nice Holiday to everyone:
Dw. |
|
Back to top |
|
|
Dwokfur Tux's lil' helper
Joined: 15 Sep 2006 Posts: 86 Location: Budapest, Hungary, Europe
|
Posted: Sat Aug 29, 2009 6:56 am Post subject: hardened-development layman repo problem |
|
|
Back from lake Balaton:
* Overlay "hardened-development" does not exist!
Regards:
Dw. |
|
Back to top |
|
|
zorry Developer
Joined: 30 Mar 2008 Posts: 380 Location: Umeå The north part of scandinavia
|
Posted: Sat Aug 29, 2009 12:13 pm Post subject: Re: hardened-development layman repo problem |
|
|
Dwokfur wrote: | Back from lake Balaton:
* Overlay "hardened-development" does not exist!
Regards:
Dw. |
Have you updated the overlay list ?
http://www.gentoo.org/proj/en/overlays/layman-global.txt
Code: |
<overlay
type = "git"
src = "git://git.overlays.gentoo.org/proj/hardened-development.git"
name = "hardened-development"
status = "official"
contact = "hardened@gentoo.org">
<description>Development Overlay for Hardened Gcc 4.x Toolchain</description>
<link>http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-development.git;a=summary</link>
</overlay>
</layman>
|
_________________ gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1) |
|
Back to top |
|
|
Dwokfur Tux's lil' helper
Joined: 15 Sep 2006 Posts: 86 Location: Budapest, Hungary, Europe
|
Posted: Sat Aug 29, 2009 2:27 pm Post subject: |
|
|
Dwokfur wrote: |
There were some bugs I hit because of the new toolchain, but none of them seems to be hardened related:
- xulrunner-1.8: 280562
- bug-buddy: 277826
- glib header & new toolchain combo: 277291 (popped up while compiling devhelp)
Something hardened related: I had to disable mprotect on gst-inspect-0.10 again after gst-plugins upgrade. It became obvious after failing to upgrade totem.
Another for dev-lang/spidemonkey, which spreads beyond of my scope:
|
After a week at lake Balaton, I opened four tickets to track the issues and I also proposed some temporary solutions.
- Ticket #73
- Ticket #74
- Ticket #75
- Ticket #76
Dw. |
|
Back to top |
|
|
timeBandit Bodhisattva
Joined: 31 Dec 2004 Posts: 2719 Location: here, there or in transit
|
Posted: Sat Aug 29, 2009 2:53 pm Post subject: |
|
|
Locked. This morphed into a support thread long ago and should have been split, but that would be too much work (and pointless) now.
Continued by Support for GCC 4.x on hardened systems in Unsupported Software. _________________ Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
Back to top |
|
|
|