Build ghc with hardened toolchain

Hello. I am using Gentoo with hardened features enabled. Recently i want to try yi-editor. I built GHC with emerge and nothing strange happened. However, I got following error information when i built yi: Building yi-0.6.1... [ 1 of 119] Compiling System.FriendlyPath ( System/FriendlyPath.hs, dist/build/System/FriendlyPath.o ) [ 2 of 119] Compiling Shim.ProjectContent ( Shim/ProjectContent.hs, dist/build/Shim/ProjectContent.o ) [ 3 of 119] Compiling Parser.Incremental ( Parser/Incremental.hs, dist/build/Parser/Incremental.o ) [ 4 of 119] Compiling Data.Trie ( Data/Trie.hs, dist/build/Data/Trie.o ) [ 5 of 119] Compiling Data.DelayList ( Data/DelayList.hs, dist/build/Data/DelayList.o ) [ 6 of 119] Compiling Data.Rope ( Data/Rope.hs, dist/build/Data/Rope.o ) [ 7 of 119] Compiling Data.Prototype ( Data/Prototype.hs, dist/build/Data/Prototype.o ) [ 8 of 119] Compiling HConf.Utils ( HConf/Utils.hs, dist/build/HConf/Utils.o ) [ 9 of 119] Compiling HConf.Paths ( HConf/Paths.hs, dist/build/HConf/Paths.o ) [ 10 of 119] Compiling Paths_yi ( dist/build/autogen/Paths_yi.hs, dist/build/Paths_yi.o ) [ 11 of 119] Compiling HConf ( HConf.hs, dist/build/HConf.o ) [ 12 of 119] Compiling Yi.Char.Unicode ( Yi/Char/Unicode.hs, dist/build/Yi/Char/Unicode.o ) [ 13 of 119] Compiling Yi.UI.Common[boot] ( Yi/UI/Common.hs-boot, dist/build/Yi/UI/Common.o-boot ) [ 14 of 119] Compiling Yi.String ( Yi/String.hs, dist/build/Yi/String.o ) [ 15 of 119] Compiling Yi.Monad ( Yi/Monad.hs, dist/build/Yi/Monad.o ) [ 16 of 119] Compiling Yi.Keymap.Completion ( Yi/Keymap/Completion.hs, dist/build/Yi/Keymap/Completion.o ) [ 17 of 119] Compiling Yi.Editor[boot] ( Yi/Editor.hs-boot, dist/build/Yi/Editor.o-boot ) [ 18 of 119] Compiling Yi.Debug ( Yi/Debug.hs, dist/build/Yi/Debug.o ) [ 19 of 119] Compiling Yi.Prelude ( Yi/Prelude.hs, dist/build/Yi/Prelude.o ) [ 20 of 119] Compiling Yi.Dynamic ( Yi/Dynamic.hs, dist/build/Yi/Dynamic.o ) [ 21 of 119] Compiling Yi.Event ( Yi/Event.hs, dist/build/Yi/Event.o ) [ 22 of 119] Compiling Yi.Interact ( Yi/Interact.hs, dist/build/Yi/Interact.o ) [ 23 of 119] Compiling Yi.Keymap[boot] ( Yi/Keymap.hs-boot, dist/build/Yi/Keymap.o-boot ) [ 24 of 119] Compiling Yi.Style ( Yi/Style.hs, dist/build/Yi/Style.o ) [ 25 of 119] Compiling Yi.Style.Library ( Yi/Style/Library.hs, dist/build/Yi/Style/Library.o ) [ 26 of 119] Compiling Yi.Interpreter ( Yi/Interpreter.hs, dist/build/Yi/Interpreter.o ) [ 27 of 119] Compiling Shim.Utils ( Shim/Utils.hs, dist/build/Shim/Utils.o ) [ 28 of 119] Compiling Shim.CabalInfo ( Shim/CabalInfo.hs, dist/build/Shim/CabalInfo.o ) [ 29 of 119] Compiling Yi.Buffer.Misc[boot] ( Yi/Buffer/Misc.hs-boot, dist/build/Yi/Buffer/Misc.o-boot ) [ 30 of 119] Compiling Yi.Buffer.Basic ( Yi/Buffer/Basic.hs, dist/build/Yi/Buffer/Basic.o ) ghc: /usr/lib/ghc-6.10.4/ghc-prim-0.1.0.0/HSghc-prim-0.1.0.0.o: unknown symbol `_GLOBAL_OFFSET_TABLE_' Loading package ghc-prim ... linking ... ghc: unable to load package `ghc-prim' I notice that Gentoo has already done some works about disabling hardened features temporarily for Haskell. Here is the mk/build.mk: # Gentoo changes docdir = /usr/share/doc/ghc-6.10.4 htmldir = /usr/share/doc/ghc-6.10.4 SRC_HC_OPTS+= -optc-march=native -opta-march=native -optc-nopie -optl-nopie -optc-fno-PIE -opta-Wa,--noexecstack SRC_CC_OPTS+=-O2 -march=native -pipe -nopie -Wa,--noexecstack XMLDocWays= HADDOCK_DOCS=NO SRC_HC_OPTS+=-w While talking on IRC (#gentoo-haskell and #haskell) I was told that this might be caused by a broken GHC. Although above shows that PIE are disabled, ghc-prim (maybe at least) is still built with PIE enabled. According to advice from #gentoo-haskell, I was told to seek for help here. I also submit a bug about it as #3668. (Very sorry that I ask everywhere. Forgive me, but until yesterday I forgot my password of my gmail and cannot join a mailling-list.) Thank igloo told me add "-nopie" in SRC_LD_OPTS. I did but still failed: ------------------------------------------------------------------------ == make boot - --no-print-directory -r --jobserver-fds=3,4 - --jobserver-fds=3,4 -j; in /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/utils/genapply ------------------------------------------------------------------------ /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp -c GenApply.hs -o GenApply.o -ohi GenApply.hi /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -M -dep-makefile .depend -osuf o -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp GenApply.hs /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -o genapply -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp -nopie GenApply.o ghc: unrecognised flags: -nopie Usage: For basic information, try the `--help' option. make[2]: *** [genapply] Error 1 Failed making boot in genapply: 1 make[1]: *** [boot] Error 1 make: *** [stage1] Error 1 I am surprised that why "-nopie" is sent here. Since wiki only told me to see config.mk.in and it does not have any examples, I have no idea about SRC_LD_OPTS. I need help how to completely disable PIE for GHC. Thank you very much. Hongjiu Zhang

More information: Gentoo's emerge --info: Portage 2.1.7.6 (hardened/linux/x86/10.0/desktop, gcc-4.3.4, glibc-2.10.1-r1, 2.6.31-11-generic i686) ================================================================= System uname: Linux-2.6.31-11-generic-i686-Genuine_Intel-R-_CPU_T2050_@_1.60GHz-with-gentoo-1.12.13 Timestamp of tree: Mon, 23 Nov 2009 06:45:01 +0000 app-shells/bash: 4.0_p28 dev-lang/python: 2.6.2-r1 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=native -pipe -fomit-frame-pointer" DISTDIR="/var/cache/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y" FEATURES="assume-digests buildpkg distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict test test-fail-continue unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://mirrors.163.com/gentoo http://gentoo.aditsu.net" LANG="zh_CN.UTF-8" LC_ALL="C" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="*" MAKEOPTS="-j3" PKGDIR="/var/cache/portage/packages" PORTAGE_COMPRESS="xz" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/var/cache/portage/ebuilds/gentoo" PORTDIR_OVERLAY="/var/cache/portage/ebuilds/haskell /var/cache/portage/ebuilds/local" SYNC="rsync://mirror.averse.net/gentoo-portage" USE="X a52 aac acl acpi bash-completion berkdb bluetooth branding bzip2 cairo cdr cli consolekit cracklib crypt cups dbus dri dts dvd dvdr eds emboss encode evo fam flac gdbm gif gnome gpm gstreamer gtk hal hardened iconv ipv6 jpeg ldap libnotify lzma mad mikmod mmx mmxext modules mp3 mp4 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl pic png ppds pppd python quicktime readline reflection sdl session spell spl sse sse2 ssl startup-notification svg sysfs tcpd thunar tiff truetype unicode urandom usb vorbis win32codecs x264 x86 xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="*" USERLAND="GNU" VIDEO_CARDS="intel" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Maybe it is not a broken GHC, but a broken ghc-prim library (Some other libraries might also be affected.). But I do not know how to transfer "-nopie" cflags and ldflags to those library. Talked to igloo and tried $CONF_LD_OPTS+= -nopie, I still cannot get yi built. Thank you for all your help.

Sorry, it is about ghc.wrapper. Add the options here to solve the
problem. Thanks.
2009/11/24 章宏九
Hello.
I am using Gentoo with hardened features enabled. Recently i want to try yi-editor. I built GHC with emerge and nothing strange happened. However, I got following error information when i built yi:
Building yi-0.6.1... [ 1 of 119] Compiling System.FriendlyPath ( System/FriendlyPath.hs, dist/build/System/FriendlyPath.o ) [ 2 of 119] Compiling Shim.ProjectContent ( Shim/ProjectContent.hs, dist/build/Shim/ProjectContent.o ) [ 3 of 119] Compiling Parser.Incremental ( Parser/Incremental.hs, dist/build/Parser/Incremental.o ) [ 4 of 119] Compiling Data.Trie ( Data/Trie.hs, dist/build/Data/Trie.o ) [ 5 of 119] Compiling Data.DelayList ( Data/DelayList.hs, dist/build/Data/DelayList.o ) [ 6 of 119] Compiling Data.Rope ( Data/Rope.hs, dist/build/Data/Rope.o ) [ 7 of 119] Compiling Data.Prototype ( Data/Prototype.hs, dist/build/Data/Prototype.o ) [ 8 of 119] Compiling HConf.Utils ( HConf/Utils.hs, dist/build/HConf/Utils.o ) [ 9 of 119] Compiling HConf.Paths ( HConf/Paths.hs, dist/build/HConf/Paths.o ) [ 10 of 119] Compiling Paths_yi ( dist/build/autogen/Paths_yi.hs, dist/build/Paths_yi.o ) [ 11 of 119] Compiling HConf ( HConf.hs, dist/build/HConf.o ) [ 12 of 119] Compiling Yi.Char.Unicode ( Yi/Char/Unicode.hs, dist/build/Yi/Char/Unicode.o ) [ 13 of 119] Compiling Yi.UI.Common[boot] ( Yi/UI/Common.hs-boot, dist/build/Yi/UI/Common.o-boot ) [ 14 of 119] Compiling Yi.String ( Yi/String.hs, dist/build/Yi/String.o ) [ 15 of 119] Compiling Yi.Monad ( Yi/Monad.hs, dist/build/Yi/Monad.o ) [ 16 of 119] Compiling Yi.Keymap.Completion ( Yi/Keymap/Completion.hs, dist/build/Yi/Keymap/Completion.o ) [ 17 of 119] Compiling Yi.Editor[boot] ( Yi/Editor.hs-boot, dist/build/Yi/Editor.o-boot ) [ 18 of 119] Compiling Yi.Debug ( Yi/Debug.hs, dist/build/Yi/Debug.o ) [ 19 of 119] Compiling Yi.Prelude ( Yi/Prelude.hs, dist/build/Yi/Prelude.o ) [ 20 of 119] Compiling Yi.Dynamic ( Yi/Dynamic.hs, dist/build/Yi/Dynamic.o ) [ 21 of 119] Compiling Yi.Event ( Yi/Event.hs, dist/build/Yi/Event.o ) [ 22 of 119] Compiling Yi.Interact ( Yi/Interact.hs, dist/build/Yi/Interact.o ) [ 23 of 119] Compiling Yi.Keymap[boot] ( Yi/Keymap.hs-boot, dist/build/Yi/Keymap.o-boot ) [ 24 of 119] Compiling Yi.Style ( Yi/Style.hs, dist/build/Yi/Style.o ) [ 25 of 119] Compiling Yi.Style.Library ( Yi/Style/Library.hs, dist/build/Yi/Style/Library.o ) [ 26 of 119] Compiling Yi.Interpreter ( Yi/Interpreter.hs, dist/build/Yi/Interpreter.o ) [ 27 of 119] Compiling Shim.Utils ( Shim/Utils.hs, dist/build/Shim/Utils.o ) [ 28 of 119] Compiling Shim.CabalInfo ( Shim/CabalInfo.hs, dist/build/Shim/CabalInfo.o ) [ 29 of 119] Compiling Yi.Buffer.Misc[boot] ( Yi/Buffer/Misc.hs-boot, dist/build/Yi/Buffer/Misc.o-boot ) [ 30 of 119] Compiling Yi.Buffer.Basic ( Yi/Buffer/Basic.hs, dist/build/Yi/Buffer/Basic.o ) ghc: /usr/lib/ghc-6.10.4/ghc-prim-0.1.0.0/HSghc-prim-0.1.0.0.o: unknown symbol `_GLOBAL_OFFSET_TABLE_' Loading package ghc-prim ... linking ... ghc: unable to load package `ghc-prim'
I notice that Gentoo has already done some works about disabling hardened features temporarily for Haskell. Here is the mk/build.mk:
# Gentoo changes docdir = /usr/share/doc/ghc-6.10.4 htmldir = /usr/share/doc/ghc-6.10.4 SRC_HC_OPTS+= -optc-march=native -opta-march=native -optc-nopie -optl-nopie -optc-fno-PIE -opta-Wa,--noexecstack SRC_CC_OPTS+=-O2 -march=native -pipe -nopie -Wa,--noexecstack XMLDocWays= HADDOCK_DOCS=NO SRC_HC_OPTS+=-w
While talking on IRC (#gentoo-haskell and #haskell) I was told that this might be caused by a broken GHC. Although above shows that PIE are disabled, ghc-prim (maybe at least) is still built with PIE enabled. According to advice from #gentoo-haskell, I was told to seek for help here.
I also submit a bug about it as #3668. (Very sorry that I ask everywhere. Forgive me, but until yesterday I forgot my password of my gmail and cannot join a mailling-list.) Thank igloo told me add "-nopie" in SRC_LD_OPTS. I did but still failed:
------------------------------------------------------------------------ == make boot - --no-print-directory -r --jobserver-fds=3,4 - --jobserver-fds=3,4 -j; in /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/utils/genapply ------------------------------------------------------------------------ /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp -c GenApply.hs -o GenApply.o -ohi GenApply.hi /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -M -dep-makefile .depend -osuf o -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp GenApply.hs /var/tmp/portage/dev-lang/ghc-6.10.4/work/usr/bin/ghc -o genapply -package-conf /var/tmp/portage/dev-lang/ghc-6.10.4/work/ghc-6.10.4/libraries/bootstrapping.conf -H32m -O -optc-march=native -opta-march=native -optc-nopie -optl-nopie -opta-Wa,--noexecstack -w -package pretty -fforce-recomp -nopie GenApply.o ghc: unrecognised flags: -nopie Usage: For basic information, try the `--help' option. make[2]: *** [genapply] Error 1 Failed making boot in genapply: 1 make[1]: *** [boot] Error 1 make: *** [stage1] Error 1
I am surprised that why "-nopie" is sent here. Since wiki only told me to see config.mk.in and it does not have any examples, I have no idea about SRC_LD_OPTS.
I need help how to completely disable PIE for GHC. Thank you very much.
Hongjiu Zhang
participants (1)
-
章宏九