Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Compilation problems RELRO,DSO,PIE
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
fluffybunnyuk
n00b
n00b


Joined: 15 May 2013
Posts: 1

PostPosted: Wed May 15, 2013 9:43 pm    Post subject: Compilation problems RELRO,DSO,PIE Reply with quote

trying to compile zlib-1.2.6

im having to use CFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now" to get RELRO,DSO onto the libraries but the binaries end up as "RELRO,nopie"

i think my specs file is screwed up. solutions on compiling full relro libraries and pie binaries plz or frankly anything that can help my build out

output of make is below

Code:
root:/sources/zlib-1.2.8# make                                                                                                                                             
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o example.o test/example.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o adler32.o adler32.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o crc32.o crc32.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o deflate.o deflate.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o infback.o infback.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o inffast.o inffast.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o inflate.o inflate.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o inftrees.o inftrees.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o trees.o trees.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o zutil.o zutil.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o compress.o compress.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o uncompr.o uncompr.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o gzclose.o gzclose.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o gzlib.o gzlib.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o gzread.o gzread.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -c -o gzwrite.o gzwrite.c
ar rc libz.a adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example example.o -L. libz.a
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o minigzip.o test/minigzip.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip minigzip.o -L. libz.a
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/adler32.o adler32.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/crc32.o crc32.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/deflate.o deflate.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/infback.o infback.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inffast.o inffast.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inflate.o inflate.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inftrees.o inftrees.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/trees.o trees.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/zutil.o zutil.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/compress.o compress.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/uncompr.o uncompr.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzclose.o gzclose.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzlib.o gzlib.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzread.o gzread.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzwrite.o gzwrite.c
gcc -shared -Wl,-soname,libz.so.1,--version-script,zlib.map -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o libz.so.1.2.8 adler32.lo crc32.lo deflate.lo infback.lo inffast.lo inflate.lo inftrees.lo trees.lo zutil.lo compress.lo uncompr.lo gzclose.lo gzlib.lo gzread.lo gzwrite.lo  -lc
rm -f libz.so libz.so.1
ln -s libz.so.1.2.8 libz.so
ln -s libz.so.1.2.8 libz.so.1
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o examplesh example.o -L. libz.so.1.2.8
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzipsh minigzip.o -L. libz.so.1.2.8
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o example64.o test/example.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example64 example64.o -L. libz.a
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o minigzip64.o test/minigzip.c
gcc -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -march=native -mtune=native -O3 -pipe -DNDEBUG=1 -msse3 -Wl,-z,relro -Wl,-z,now  -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip64 minigzip64.o -L. libz.a
Back to top
View user's profile Send private message
Apheus
Guru
Guru


Joined: 12 Jul 2008
Posts: 419

PostPosted: Fri May 17, 2013 1:56 pm    Post subject: Re: Compilation problems RELRO,DSO,PIE Reply with quote

What profile is active?

Fine-tuning -fPIC/PIE for single packages is not necessary if you switch to one of the hardened profiles, or unmask and set the "hardened" use flag for gcc, glibc, binutils, libtool, pkgconfig (did I forget something?). Recompile these packages, check the default compiler with "gcc-config -l" and you get every future package compiled as PIC/PIE and with SSP.

D_FORTIFY_SOURCE is set to 2 even in default profiles afaik.

EDIT: added pkgconfig to the list
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum