|
 |
e4e18da |
From 5044719a27cb41889ec08177cba977596b783e83 Mon Sep 17 00:00:00 2001
|
|
|
e4e18da |
From: Nir Soffer <nsoffer@redhat.com>
|
|
|
e4e18da |
Date: Sun, 2 Aug 2020 02:01:06 +0300
|
|
|
e4e18da |
Subject: [PATCH] python: Remove extra link args
|
|
|
e4e18da |
|
|
|
e4e18da |
Fedora 33 builds fails now with:
|
|
|
e4e18da |
|
|
|
e4e18da |
/usr/bin/ld: /tmp/sanlock.cpython-39-x86_64-linux-gnu.so.mpvMfj.ltrans0.ltrans.o:
|
|
|
e4e18da |
relocation R_X86_64_PC32 against undefined symbol `PyExc_ValueError' can
|
|
|
e4e18da |
not be used when making a shared object; recompile with -fPIC
|
|
|
e4e18da |
|
|
|
e4e18da |
We use these extra link args:
|
|
|
e4e18da |
|
|
|
e4e18da |
extra_link_args=['-fPIE', '-Wl,-z,relro,-z,now'],
|
|
|
e4e18da |
|
|
|
e4e18da |
Looking the generated compiler command[1]:
|
|
|
e4e18da |
|
|
|
e4e18da |
gcc -pthread \
|
|
|
e4e18da |
-shared \
|
|
|
e4e18da |
-Wl,-z,relro \
|
|
|
e4e18da |
-Wl,--as-needed \
|
|
|
e4e18da |
-Wl,-z,now \
|
|
|
e4e18da |
-g \
|
|
|
e4e18da |
-Wl,-z,relro \
|
|
|
e4e18da |
-Wl,--as-needed \
|
|
|
e4e18da |
-Wl,-z,now \
|
|
|
e4e18da |
-g \
|
|
|
e4e18da |
-Wl,-z,relro \
|
|
|
e4e18da |
-Wl,--as-needed \
|
|
|
e4e18da |
-Wl,-z,now \
|
|
|
e4e18da |
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld \
|
|
|
e4e18da |
-O2 \
|
|
|
e4e18da |
-fexceptions \
|
|
|
e4e18da |
-g \
|
|
|
e4e18da |
-grecord-gcc-switches \
|
|
|
e4e18da |
-pipe \
|
|
|
e4e18da |
-Wall \
|
|
|
e4e18da |
-Werror=format-security \
|
|
|
e4e18da |
-Wp,-D_FORTIFY_SOURCE=2 \
|
|
|
e4e18da |
-Wp,-D_GLIBCXX_ASSERTIONS \
|
|
|
e4e18da |
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 \
|
|
|
e4e18da |
-fstack-protector-strong \
|
|
|
e4e18da |
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 \
|
|
|
e4e18da |
-m64 \
|
|
|
e4e18da |
-mtune=generic \
|
|
|
e4e18da |
-fasynchronous-unwind-tables \
|
|
|
e4e18da |
-fstack-clash-protection \
|
|
|
e4e18da |
-fcf-protection build/temp.linux-x86_64-3.9/sanlock.o \
|
|
|
e4e18da |
-L../src \
|
|
|
e4e18da |
-L/usr/lib64 \
|
|
|
e4e18da |
-lsanlock \
|
|
|
e4e18da |
-o build/lib.linux-x86_64-3.9/sanlock.cpython-39-x86_64-linux-gnu.so \
|
|
|
e4e18da |
-fPIE \
|
|
|
e4e18da |
-Wl,-z,relro,-z,now
|
|
|
e4e18da |
|
|
|
e4e18da |
This looks like a complete mess. These arguments are repeated 3 times:
|
|
|
e4e18da |
|
|
|
e4e18da |
-Wl,-z,relro \
|
|
|
e4e18da |
-Wl,--as-needed \
|
|
|
e4e18da |
-Wl,-z,now \
|
|
|
e4e18da |
|
|
|
e4e18da |
And our extra compiler flags adds the forth copy.
|
|
|
e4e18da |
|
|
|
e4e18da |
gcc says this about -fPIE:
|
|
|
e4e18da |
|
|
|
e4e18da |
These options are similar to -fpic and -fPIC, but the generated
|
|
|
e4e18da |
position-independent code can be only linked into executables
|
|
|
e4e18da |
|
|
|
e4e18da |
But our python extension is a shared object, so I don't think -fPIE
|
|
|
e4e18da |
makes sense.
|
|
|
e4e18da |
|
|
|
e4e18da |
The extra arguments were added in:
|
|
|
e4e18da |
|
|
|
e4e18da |
commit a1929080a6ce51879139eb8d05a425ccd3d37082
|
|
|
e4e18da |
Author: David Teigland <teigland@redhat.com>
|
|
|
e4e18da |
Date: Wed Oct 14 13:21:04 2015 -0500
|
|
|
e4e18da |
|
|
|
e4e18da |
python: add compile flags
|
|
|
e4e18da |
|
|
|
e4e18da |
Without any justification. I assume the intent was good, but it looks
|
|
|
e4e18da |
like this change was not needed, and somehow it worked until now.
|
|
|
e4e18da |
|
|
|
e4e18da |
If some hardening is needed, it should be done by python build
|
|
|
e4e18da |
infrastructure, not in sanlock. And it seems that python do use some
|
|
|
e4e18da |
hardening specs (e.g. -specs=/usr/lib/rpm/redhat/redhat-hardened-ld).
|
|
|
e4e18da |
|
|
|
e4e18da |
[1] https://kojipkgs.fedoraproject.org//work/tasks/8900/48358900/build.log
|
|
|
e4e18da |
|
|
|
e4e18da |
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
|
|
|
e4e18da |
---
|
|
|
e4e18da |
python/setup.py | 1 -
|
|
|
e4e18da |
1 file changed, 1 deletion(-)
|
|
|
e4e18da |
|
|
|
e4e18da |
diff --git a/python/setup.py b/python/setup.py
|
|
|
e4e18da |
index 0f3d683..b3bfaf1 100644
|
|
|
e4e18da |
--- a/python/setup.py
|
|
|
e4e18da |
+++ b/python/setup.py
|
|
|
e4e18da |
@@ -12,7 +12,6 @@ sanlock = Extension(name='sanlock',
|
|
|
e4e18da |
include_dirs=['../src'],
|
|
|
e4e18da |
library_dirs=['../src'],
|
|
|
e4e18da |
extra_compile_args=["-std=c99"],
|
|
|
e4e18da |
- extra_link_args=['-fPIE', '-Wl,-z,relro,-z,now'],
|
|
|
e4e18da |
libraries=sanlocklib)
|
|
|
e4e18da |
|
|
|
e4e18da |
version = None
|
|
|
e4e18da |
--
|
|
|
e4e18da |
2.25.4
|
|
|
e4e18da |
|