FS#45283 - [qt5-base] -reduce-relocations breaks build for many downstream project
Attached to Project:
Arch Linux
Opened by Matt Corallo (BlueMatt) - Tuesday, 09 June 2015, 20:28 GMT
Last edited by Felix Yan (felixonmars) - Monday, 13 July 2015, 03:30 GMT
Opened by Matt Corallo (BlueMatt) - Tuesday, 09 June 2015, 20:28 GMT
Last edited by Felix Yan (felixonmars) - Monday, 13 July 2015, 03:30 GMT
|
Details
Description: qt5-base recently started being built with
-reduce-relocations, which breaks many downstream project
builds with the error
/usr/include/qt/QtCore/qglobal.h:1050:4: error: #error "You
must build your code with position independent code if Qt
was built with -reduce-relocations. " "Compile your code
with -fPIC (-fPIE is not enough)."
See https://bugs.archlinux.org/task/45147 and https://github.com/bitcoin/bitcoin/pull/6248#issuecomment-110491401 |
This task depends upon
Closed by Felix Yan (felixonmars)
Monday, 13 July 2015, 03:30 GMT
Reason for closing: Fixed
Additional comments about closing: specified -no-reduce-relocations in 5.5.0-1
Monday, 13 July 2015, 03:30 GMT
Reason for closing: Fixed
Additional comments about closing: specified -no-reduce-relocations in 5.5.0-1
https://bugreports.qt.io/browse/QTBUG-45755
Not an Arch decision or issue.
While we do specify -reduce-relocations in the Qt5 PKGBUILD, it is also the default on x86 platforms with linker support for -Bsymbolic-functions.
Finally, it's worth noting that -fPIC is added automatically by cmake and qmake; only projects using autotools need to add it manually.
The issue here is that Qt's -reduce-relocations option reduces our ability to harden our binaries.
With newer versions of GCC, -Bsymbolic-functions no longer plays nice with PIEs. While we could certainly downgrade to -fPIC instead, it would be detrimental to security. This is not a matter of us needing to set the correct flags, it's a matter of Qt's build breaking legitimate functionality.
I don't think it's reasonable for upstream libs to be setting policy for downstream applications, especially when it involves known divergence from the abi.
I think the -reduce-relocations option really needs to be reconsidered by distros now that GCC5 is in use.
a downstream project developer is certainly valuable.
I agree that the current situation is not ideal but I also feel that
these concerns need to be raised at the Qt bug tracker. Assuming that
no resolution is reached by Qt upstream and -reduce-relocations remains
enabled by default (along with the -fPIC requirement) then downstream
projects using autotools will need to adjust and build with -fPIC.
To clarify: if Qt was built with -reduce-relocations, there is no way for us to create a valid PIE binary. This is because -reduce-relocations breaks psABI compliance.
Projects using other buildsystems (Cmake, Qmake, etc) will suffer from this issue as well. I suspect that soon most distros will disable this option, prompting Qt to disable it by default.
I tested building our bitcoin package group (which includes bitcoin-qt)
against Qt5 with -fPIC and it seems to compile fine.
The issue is that by setting fPIC, we lose out on the optimizations that fPIE provides. Several sources say that -pie binaries should always be built with -fPIE objects, but in practice it appears as though fPIC/fPIE can be mixed safely.
I'm working on a change to Bitcoin that builds the qt objects with fPIC, but the rest as fPIE. I'll post the results here when they're ready.
Thanks!