Bug 1228570
| Summary: | hardening breaks Mono 4 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dan Horák <dan> | ||||||
| Component: | mono | Assignee: | Xavier Lamien <lxtnow> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 23 | CC: | chkr, claudiorodrigo, itamar, lxtnow, moceap, moez.roy, neale, paul, pokorra.mailinglists | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | s390x | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | mono-4.3.2-7.fc25 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2016-03-03 11:59:46 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 467765, 1199775 | ||||||||
| Attachments: |
|
||||||||
|
Description
Dan Horák
2015-06-05 08:25:13 UTC
rather mono-4.0.1-8.fc23, which uses mono-4.0.1.28.tar.bz2 mono-4.0.1.44.tar.bz2 looks differently ... reproduced on F-22 with
# go back 1 commit (incorrect update to 4.0.1.44)
git reset --hard HEAD^
and
diff --git a/mono.spec b/mono.spec
index 55d5d8d..48d88f9 100644
--- a/mono.spec
+++ b/mono.spec
@@ -1,4 +1,5 @@
-%global bootstrap 0
+%global _hardened_build 1
+%global bootstrap 1
%if 0%{?rhel}%{?el6}%{?el7}
%if 0%{?el6}
%define mono_arches %ix86 x86_64 %{arm} sparcv9 alpha s390x ppc ppc64 ppc64le
@@ -13,7 +14,7 @@
Name: mono
Version: 4.0.1
-Release: 8%{?dist}
+Release: 8%{?dist}.1
Summary: Cross-platform, Open Source, .NET development framework
Group: Development/Languages
@@ -46,7 +47,11 @@ Obsoletes: mono-entityframework
# need to bootstrap mono, comment out this BuildRequires
# and don't delete the binaries in %%prep.
+%if 0%{bootstrap}
+# for bootstrap, use monolite insted local mono
+%else
BuildRequires: mono-core >= 4.0
+%endif
# JIT only available on these:
ExclusiveArch: %mono_arches
[sharkcz@devel4 mono]$ fedpkg verrel
mono-4.0.1-8.fc23.1
mono-4.0.1.44.tar.bz2 fails to build on F-22 even without hardening Does the bootstrap variable get used anywhere else? If not, the in the %build section a make get-monolite-latest may need to be done before the main make. How is_hardened_build used in the rest of the spec? The bootstrap variable controls whether mono-core package is set as BuildRequires and also whether the bundled monolite should be removed. The whole spec file is at http://pkgs.fedoraproject.org/cgit/mono.git/tree/mono.spec?id=89b45145573e4513845502e6ab2941b08913fb5e Hardening means evaluating http://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/tree/redhat-hardened-cc1 and http://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/tree/redhat-hardened-ld by the compiler/linker as described in https://fedoraproject.org/wiki/Changes/Harden_All_Packages#Detailed_Harden_Flags_Description It is implemented via http://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/tree/macros#n130 - updating the global compiler/linker flags. I believe I have found the problem. To access thread variables in the mono runtime there is a platform-specific macro that aids in the extraction:
# if defined(PIC)
// This only works if libmono is linked into the application
# define MONO_THREAD_VAR_OFFSET(var,offset) do { guint64 foo; \
__asm__ ("basr %%r1,0\n\t" \
"j 0f\n\t" \
".quad " #var "@TLSGD\n\t" \
"0:\n\t" \
"lg %%r2,4(%%r1)\n\t" \
"brasl %%r14,__tls_get_offset@PLT:tls_gdcall:"#var"\n\t" \
"lgr %0,%%r2\n\t" \
: "=r" (foo) : \
: "1", "2", "14", "cc"); \
offset = foo; } while (0)
# else
# define MONO_THREAD_VAR_OFFSET(var,offset) do { guint64 foo; \
__asm__ ("basr %%r1,0\n\t" \
"j 0f\n\t" \
".quad " #var "@NTPOFF\n" \
"0:\n\t" \
"lg %0,4(%%r1)\n\t" \
: "=r" (foo) : : "1"); \
offset = foo; } while (0)
# endif
As you can see, at the moment only situations where PIC and not-PIC are catered for. I have to examine the sequence required when PIE is specified to produce correct instructions.
Created attachment 1035423 [details]
Patch to support -fPIE
Patch that I am submitting upstream to enable builds when using -fPIE.
Created attachment 1035506 [details]
Revised patch
I attached an earlier attempt which didn't provide -fpie support and broke non-PIE/pie builds.
(In reply to Neale Ferguson from comment #8) > Created attachment 1035506 [details] > Revised patch > > I attached an earlier attempt which didn't provide -fpie support and broke > non-PIE/pie builds. Thanks for helping. Would this same patch be also applicable for Bug 1224945 - mono build failure on ppc64le? This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23 |