Description of problem: Building a package of an Ada program fails in Rawhide since _hardened_build was defined globally. It seems like the modification of compiler options that _hardened_build enables doesn't work for Ada like it does for C. Version-Release number of selected component (if applicable): 28-1.fc23 How reproducible: It seems deterministic to me. Steps to Reproduce: 1. Check out commit 2044cbbe536d65b859480527c24e9b448137797a of the package mine_detector. 2. Build it in Rawhide. Actual results: https://kojipkgs.fedoraproject.org/work/tasks/6796/9106796/build.log "-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" is used in the compilation, and then "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" is used in the linking, but ld complains "relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC". My best interpretation is that cc1_options affects cc1, the C frontend, but not gnat1, the Ada frontend, so that -fPIE isn't used when Ada is compiled. Then redhat-hardened-ld causes -pie to be passed to ld, and that doesn't work with code that was compiled without -fPIE. Additional info: This is my workaround for now: http://pkgs.fedoraproject.org/cgit/mine_detector.git/commit/?id=4786c731aae930efca57c1782d56f69dfba5279c The best solution would be to figure out how to make redhat-hardened-cc1 have the same effect for all languages that GCC can compile. If that isn't possible, then the hardening options should be enabled only for those languages that they work for. (Although Ada is in theory immune to buffer overflows, enabling address space layout randomization would still be an improvement, firstly because Ada code can be linked to C code that can be defective, and secondly because some people seem to think that disabling the range checking is a good idea.)
I wonder if redhat-rpm-config is the proper component for this bug. But I can't make up my mind between "distribution" and "gcc-gnat".
Is cc1_options supposed to affect all language frontends, despite "cc1" in the name? Because otherwise I can't see how this would be a bug in GNAT. If GNAT doesn't have a similar feature, then I suppose someone could submit a feature request to GCC upstream, but until the feature would get implemented it would still be wrong to try to use a nonexistent feature.
Would it be possible to fix this using the gnat-srpm-macros?
gnat-srpm-macros is only for things that must be present even before BuildRequires fields are processed. If some Ada-specific file or macro is needed, and redhat-rpm-config is the wrong place for it, then it could be placed in fedora-gnat-project-common, but first I'd want to hear a good argument for why it shouldn't be in redhat-rpm-config. It would make sense to keep all the hardening trickery together in a package maintained by someone who knows the ins and outs of GCC well enough to make it work well, and that person isn't me. Discussing *where* to fix it is premature though. First we need to find out *how* to fix it. Changing "cc1_options" to "gnat1_options" did not seem to work when I tried it. The description of "distribution" mentions "bugs in the mechanics of how the distribution is built", which sounds like it might fit, so I'm setting it to "distribution" for now.
The problem afaict is that we're not (consistently) building PIC objects. For the C family languages we try to see if the object is destined for an executable or a shared library and pick -fPIC or -fPIE as appropriate. I don't know what the idiomatic way to do that is for gnat, but jamming -fPIC on the end of %Ada_optflags in macros.gnat seems to make a hardened build of mine_detector compile just fine.
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
This bug appears to have been reported against 'rawhide' during the Fedora 30 development cycle. Changing version to '30'.
This message is a reminder that Fedora 30 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 30 on 2020-05-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '30'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 30 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle. Changing version to 33.