Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#41877 - [hardening-wrapper] breaks firefox configure checks only when using clang

Attached to Project: Community Packages
Opened by Steven Honeyman (stevenhoneyman) - Monday, 08 September 2014, 20:12 GMT
Last edited by Daniel Micay (thestinger) - Monday, 29 September 2014, 21:50 GMT
Task Type Support Request
Category Packages
Status Closed
Assigned To Daniel Micay (thestinger)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

gcc is my usual compiler, but apparently a bug I have with firefox is the result of using gcc 4.9.1 to compile it!
I compile it with gcc and all hardening options in this script without a problem, but it doesn't even start to compile with CC=clang and CXX=clang++
All of the other flags I have in makepkg cflags/ldflags, so I really only use the wrapper to add PIC/PIE/pie in the right places
I read that clang is using "-Wl,-pie" instead, which I tried, but that just broke it :)

Additional info: I wish this bug tracker had a code box feature!
Note: my libjpeg is fine, it accepts it with gcc, or with clang but no pie.
during ./configure:

checking for __attribute__((warn_unused_result))... yes
checking for LC_MESSAGES... yes
checking for localeconv... yes
checking for pkg-config... /usr/bin/pkg-config
checking for libevent... yes
checking MOZ_LIBEVENT_CFLAGS...
checking MOZ_LIBEVENT_LIBS... -levent
checking for YASM assembler... checking for yasm... yasm
checking for jpeg_destroy_compress in -ljpeg... yes
configure: error: Insufficient JPEG library version for --with-system-jpeg
------ config.log ------
^
In file included from configure:15341:
/usr/include/sys/types.h:98:17: error: cannot combine with previous 'type-name' declaration specifier
typedef __pid_t pid_t;
^
./confdefs.h:12:15: note: expanded from macro 'pid_t'
#define pid_t int
^
3 errors generated.
configure: failed program was:
#line 15339 "configure"
#include "confdefs.h"
#include <stdio.h>
#include <sys/types.h>
#include <jpeglib.h>
int main() {
#if JPEG_LIB_VERSION < 62
#error "Insufficient JPEG library version (62 required)."
#endif
#ifndef JCS_EXTENSIONS
#error "libjpeg-turbo JCS_EXTENSIONS required"
#endif

; return 0; }
configure: error: Insufficient JPEG library version for --with-system-jpeg
*** Fix above errors and then restart with\
"make -f client.mk build"
/tmp/makepkg/firefox/src/mozilla-release/client.mk:363: recipe for target 'configure' failed
make[2]: *** [configure] Error 1
make[2]: Leaving directory '/tmp/makepkg/firefox/src/mozilla-release'
/tmp/makepkg/firefox/src/mozilla-release/client.mk:377: recipe for target 'obj-x86_64-unknown-linux-gnu/Makefile' failed
make[1]: *** [obj-x86_64-unknown-linux-gnu/Makefile] Error 2
make[1]: Leaving directory '/tmp/makepkg/firefox/src/mozilla-release'
client.mk:187: recipe for target 'build' failed
make: *** [build] Error 2
==> ERROR: A failure occurred in build().
Aborting...


This task depends upon

Closed by  Daniel Micay (thestinger)
Monday, 29 September 2014, 21:50 GMT
Reason for closing:  Fixed
Comment by Steven Honeyman (stevenhoneyman) - Monday, 08 September 2014, 20:15 GMT
Maybe it is not just me, maybe the script needs a slight mod?

Ref: https://bugs.ruby-lang.org/issues/5697
http://www.redhat.com/archives/libvir-list/2013-November/msg00877.html
Comment by Steven Honeyman (stevenhoneyman) - Tuesday, 09 September 2014, 00:59 GMT
OK, I finally got it to start! After all that looking... when using this hardening-wrapper, the fix is:

export CPP="clang -E"
export CXXCPP="clang -E"

Note that it only needs that with the wrapper, it works fine as-is without it. It's still compiling so I havent checked the log yet, but I suspect maybe one of the "-version" checks is getting messed up when getting "wrapped", which would mean comfigure doesn't know to use "clang -E" instead of cpp (it tried to run "/lib/cpp"!)

For anyone trying to compile firefox 32, with clang, and sandbox mode enabled... mozilla screwed something up again and you need to add a cflag: "-Wno-c++11-narrowing"

Hope this info is of some use to you
Comment by Daniel Micay (thestinger) - Sunday, 28 September 2014, 22:59 GMT
Does it actually build *without* hardening-wrapper using those two exports?
Comment by Steven Honeyman (stevenhoneyman) - Sunday, 28 September 2014, 23:10 GMT
Yes (just tried with latest to confirm), but they weren't required unless hardening-wrapper is involved.

(from original post) "Note: my libjpeg is fine, it accepts it with gcc, or with clang but no pie."
Comment by Daniel Micay (thestinger) - Sunday, 28 September 2014, 23:13 GMT
So it works with hardening-wrapper + Clang and HARDENING_PIE=0 in the environment?
Comment by Steven Honeyman (stevenhoneyman) - Sunday, 28 September 2014, 23:15 GMT
Ah, I misunderstood - 2 mins I'll tell you...
Comment by Steven Honeyman (stevenhoneyman) - Sunday, 28 September 2014, 23:23 GMT
Yes, that is the case.

H.W. + Clang + HARDENING_PIE=0 ==> works
H.W. + Clang + HARDENING_PIE=1 ==> fails
H.W. + Clang + HARDENING_PIE=1 + (the two exports) ==> works
Comment by Steven Honeyman (stevenhoneyman) - Sunday, 28 September 2014, 23:36 GMT
Here's a `head -n500` of the log file if that's any use (from a HW+Clang+pie, only other flags in use to test were -O3 and -Wl,-O1).

As I said, for some weird reason it changes the preprocessor to /lib/cpp and (of course) goes horribly wrong after that!
   clang-pie.log (29.8 KiB)
Comment by Daniel Micay (thestinger) - Sunday, 28 September 2014, 23:40 GMT
hardening-wrapper-6-1 should fix this
Comment by Steven Honeyman (stevenhoneyman) - Monday, 29 September 2014, 18:17 GMT
Confirmed, 6-1 fixed this. (Well, my build failed half way through... but that's my config problem, unrelated to this!)

Loading...