New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

compiler flags hidden in log #126

Open
kartikm opened this Issue May 2, 2014 · 11 comments

Comments

Projects
None yet
4 participants
@kartikm
Contributor

kartikm commented May 2, 2014

See: http://qa.debian.org/bls/packages/n/netsniff-ng.html for more details. Fixing this will help Debian's goal for hardening support.

@tklauser

This comment has been minimized.

Show comment
Hide comment
@tklauser

tklauser May 3, 2014

Contributor

I'll have a look at it and try to fix it if appropriate. Thanks!

Contributor

tklauser commented May 3, 2014

I'll have a look at it and try to fix it if appropriate. Thanks!

@tklauser

This comment has been minimized.

Show comment
Hide comment
@tklauser

tklauser May 3, 2014

Contributor

If you build with `make Q=', does that fix the warning?

Contributor

tklauser commented May 3, 2014

If you build with `make Q=', does that fix the warning?

@tklauser tklauser self-assigned this May 5, 2014

@tklauser tklauser added the NEEDINFO label May 26, 2014

@tklauser tklauser added the debian label Apr 17, 2016

@tklauser

This comment has been minimized.

Show comment
Hide comment
@tklauser

tklauser Apr 17, 2016

Contributor

Ping. @kartikm did you have a chance to test whether building with make Q= fixes the issue?

Contributor

tklauser commented Apr 17, 2016

Ping. @kartikm did you have a chance to test whether building with make Q= fixes the issue?

@kartikm

This comment has been minimized.

Show comment
Hide comment
@kartikm

kartikm Apr 17, 2016

Contributor

Oops. I missed to test earlier, will do and update here.

Contributor

kartikm commented Apr 17, 2016

Oops. I missed to test earlier, will do and update here.

@vkochan

This comment has been minimized.

Show comment
Hide comment
@vkochan

vkochan Apr 17, 2016

Contributor

Yes, 'make Q=' showed the compiler flags.

Contributor

vkochan commented Apr 17, 2016

Yes, 'make Q=' showed the compiler flags.

@kartikm

This comment has been minimized.

Show comment
Hide comment
@kartikm

kartikm Apr 27, 2016

Contributor

Uploading new version, so we will know in sometime about this. Sorry again for late heads up.

Contributor

kartikm commented Apr 27, 2016

Uploading new version, so we will know in sometime about this. Sorry again for late heads up.

@tklauser

This comment has been minimized.

Show comment
Hide comment
@tklauser

tklauser Apr 27, 2016

Contributor

Juding from the log at https://buildd.debian.org/status/fetch.php?pkg=netsniff-ng&arch=i386&ver=0.6.1-1&stamp=1461740187 it looks like the problem isn't solved yet. I guess you'll need the attached patch against debian/rules to make it work properly: pkg-netsniff-ng-compiler-flags-unhide.patch.txt

i.e. in the build-stamp target of debian/rules you'll need to use:

$(MAKE) Q= PREFIX=/usr ETCDIR=/etc

instead of:

$(MAKE) PREFIX=/usr ETCDIR=/etc

Contributor

tklauser commented Apr 27, 2016

Juding from the log at https://buildd.debian.org/status/fetch.php?pkg=netsniff-ng&arch=i386&ver=0.6.1-1&stamp=1461740187 it looks like the problem isn't solved yet. I guess you'll need the attached patch against debian/rules to make it work properly: pkg-netsniff-ng-compiler-flags-unhide.patch.txt

i.e. in the build-stamp target of debian/rules you'll need to use:

$(MAKE) Q= PREFIX=/usr ETCDIR=/etc

instead of:

$(MAKE) PREFIX=/usr ETCDIR=/etc

@kartikm

This comment has been minimized.

Show comment
Hide comment
@kartikm
Contributor

kartikm commented Apr 28, 2016

@tklauser

This comment has been minimized.

Show comment
Hide comment
@tklauser

tklauser Apr 28, 2016

Contributor

Strange. In the logs I can see them now: https://buildd.debian.org/status/fetch.php?pkg=netsniff-ng&arch=i386&ver=0.6.1-2&stamp=1461822277

Could it be that the echo -e ... && gcc confuses the build log parser?

Contributor

tklauser commented Apr 28, 2016

Strange. In the logs I can see them now: https://buildd.debian.org/status/fetch.php?pkg=netsniff-ng&arch=i386&ver=0.6.1-2&stamp=1461822277

Could it be that the echo -e ... && gcc confuses the build log parser?

@kartikm

This comment has been minimized.

Show comment
Hide comment
@kartikm

kartikm Apr 28, 2016

Contributor

I'll check in details later during weekend. This isn't blocker/serious :)

Contributor

kartikm commented Apr 28, 2016

I'll check in details later during weekend. This isn't blocker/serious :)

@archey

This comment has been minimized.

Show comment
Hide comment
@archey

archey May 1, 2016

Contributor

I have been watching this closely and I went ahead added the hardening flags to compile every tool in the netsniff-ng suite. It seems like every tool compiled correctly and linked except for mausezahn, here is the error:

usr/bin/ld: mausezahn/automops.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC

gcc (GCC) 5.3.0
Compilation flags:

CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="-march=x86-64 -mtune=generic -O3 -pipe -fstack-protector-all --param=ssp-buffer-size=4"
CXXFLAGS="-march=x86-64 -mtune=generic -O3 -pipe -fstack-protector-all --param=ssp-buffer-size=4"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"

Added -fPIC to CFLAGS and -z now -pie to LDFLAGS

Hope this with enabling hardening support on these packages.

If your need more output please let me know, I was able to gather this with make Q= as mentioned above.

Contributor

archey commented May 1, 2016

I have been watching this closely and I went ahead added the hardening flags to compile every tool in the netsniff-ng suite. It seems like every tool compiled correctly and linked except for mausezahn, here is the error:

usr/bin/ld: mausezahn/automops.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC

gcc (GCC) 5.3.0
Compilation flags:

CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="-march=x86-64 -mtune=generic -O3 -pipe -fstack-protector-all --param=ssp-buffer-size=4"
CXXFLAGS="-march=x86-64 -mtune=generic -O3 -pipe -fstack-protector-all --param=ssp-buffer-size=4"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"

Added -fPIC to CFLAGS and -z now -pie to LDFLAGS

Hope this with enabling hardening support on these packages.

If your need more output please let me know, I was able to gather this with make Q= as mentioned above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment