Bug 1539097
Summary: | unbound: Automatically inherit build flags from the build environment | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> |
Component: | unbound | Assignee: | Petr Menšík <pemensik> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | pemensik, pj.pandit, pwouters |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | unbound-1.7.0-2.fc28.x86_64 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-26 09:42:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1548821 | ||
Bug Blocks: | 1539083 |
Description
Florian Weimer
2018-01-26 16:02:48 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'. Upstream already has support for both -z now and -pie flags in configure. So extra export flags can be removed and package default can be used with a new configure options. Prepared in master and f28. unbound-1.6.8-5.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb1f26bd2c unbound-1.6.8-6.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb1f26bd2c unbound-1.6.8-6.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. /usr/lib64/libunbound.so.2.5.7 in unbound-libs-1.6.8-6.fc28.x86_64 still doesn't use the redhat-rpm-config CFLAGS and therefore lacks annobin annotations. (In reply to Florian Weimer from comment #6) > /usr/lib64/libunbound.so.2.5.7 in unbound-libs-1.6.8-6.fc28.x86_64 still > doesn't use the redhat-rpm-config CFLAGS and therefore lacks annobin > annotations. I disagree, flags are used when linking, according to build log [1]. ./libtool --tag=CC --mode=link gcc -I. -I/usr/include/python3.6m -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -mcet -fcf-protection -flto -fPIE -pthread -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -pie -Wl,-z,relro,-z,now -version-info 7:7:5 -no-undefined -export-symbols ./libunbound/ubsyms.def -o libunbound.la context.lo libunbound.lo libworker.lo ub_event_pluggable.lo dns.lo infra.lo rrset.lo dname.lo msgencode.lo as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo pythonmod.lo pythonmod_utils.lo ipsecmod.lo ipsecmod-whitelist.lo respip.lo netevent.lo listen_dnsport.lo outside_network.lo keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo str2wire.lo strlcat.lo strlcpy.lo arc4random.lo arc4random_uniform.lo explicit_bzero.lo arc4_lock.lo -rpath /usr/lib64 -lssl -levent -L/usr/lib64 -L/usr/lib64/python3.6 -L. -lpython3.6m -lcrypto There is present this: ... -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic ... How do you check annobin is present in the binary? Is it possible libtool filtererd it out? Is it possible filter of exported symbols filters it out? Have I missed flags are not present somewhere? [1] https://kojipkgs.fedoraproject.org//packages/unbound/1.6.8/6.fc28/data/logs/x86_64/build.log I think this is hitting bug #1548821, because -flto is used here as well. (In reply to Petr Menšík from comment #7) > How do you check annobin is present in the binary? Is it possible libtool > filtererd it out? Is it possible filter of exported symbols filters it out? > Have I missed flags are not present somewhere? “eu-readelf -S /usr/lib64/libunbound.so.2.5.7” is supposed to show a .gnu.build.attributes section, and “readelf -n” should decode those notes. But there is simply no data there. I agree that it is likely that this is related to the use of LTO. I do not know if libtool is aware of LTO and will pass the CFLAGS down to the gcc compiler driver in link mode. LTO requires that the CFLAGS are injected for both the compiler and linker invocation, and I suspect that libtool filters out these flags for some unknown reason. Makefile rule expands: LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(staticexe) -version-info 7:7:5 -no-undefined # then this is used to create libunbound libunbound.la: $(LIBUNBOUND_OBJ_LINK) $(LINK_LIB) $(UBSYMS) -o $@ $(LIBUNBOUND_OBJ_LINK) -rpath $(libdir) $(SSLLIB) $(LIBS) I guess also CFLAGS is always there. After all redhat-hardened-cc1 is part of CFLAGS only, it is present also there. any news here? It seems remaining issues were fixed by rebased rebuild in unbound-libs-1.7.0-2.fc28.x86_64 Maybe the issue was lack of BuildRequires for gcc and make in spec file. It may had older version installed. It seems now it works as expected. $ readelf -n /usr/lib64/libunbound.so.2 ... Displaying notes found in: .gnu.build.attributes Owner Data size Description GA$<version>3p5 0x00000010 OPEN Applies to region from 0x14c70 to 0x15910 GA$<tool>gcc 8.0.1 2 0x00000000 OPEN Applies to region from 0x14c70 to 0x15910 GA*GOW:0x000000000452a 0x00000000 OPEN Applies to region from 0x14c70 to 0x15910 GA*<stack prot>stron 0x00000000 OPEN Applies to region from 0x14c70 to 0x15910 GA+stack_clash:true 0x00000000 OPEN Applies to region from 0x14c70 to 0x15910 GA*cf_protection:0x008 0x00000000 OPEN Applies to region from 0x14c70 to 0x15910 GA+GLIBCXX_ASSERTION: 0x00000000 OPEN Applies to region from 0x14c70 to 0x15910 ... |