Hardened builds

Jerry James loganjerry at gmail.com
Wed Feb 25 00:44:18 UTC 2015


I've got a package that is currently failing to build in Rawhide.  It
has a home-brewed garbage collector inside, and it appears the GC is
confused about which objects are on the stack, and which are on the
heap.  I want to try building without the hardening flags to see if
that has something to do with the problem.  According to
https://fedorahosted.org/fesco/ticket/1384 the way to do this is to
put:

%global _hardened_build 0

at the top of the spec file.  But that doesn't work with a local mock
build.  I still see -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 in
the compiler flags and -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
in the linker flags.  So I tried adding the lines:

%global _hardened_cflags %{nil}
%global _hardened_ldflags %{nil}

just below the _hardened_build line.  Now mock explodes:

Traceback (most recent call last):
  File "/usr/sbin/mock", line 829, in <module>
    main()
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/sbin/mock", line 650, in main
    run_command(options, args, config_opts, commands, buildroot, state)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/sbin/mock", line 725, in run_command
    do_rebuild(config_opts, commands, buildroot, args)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/sbin/mock", line 496, in do_rebuild
    post=post_build, clean=clean)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/sbin/mock", line 440, in rebuild_generic
    commands.init(prebuild=not config_opts.get('short_circuit'))
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/lib/python2.7/site-packages/mockbuild/backend.py", line
122, in init
    self.buildroot.initialize(**kwargs)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/lib/python2.7/site-packages/mockbuild/buildroot.py", line
80, in initialize
    self._init(prebuild=prebuild, do_log=do_log)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/lib/python2.7/site-packages/mockbuild/buildroot.py", line
117, in _init
    self.plugins.call_hooks('preinit')
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/lib/python2.7/site-packages/mockbuild/plugin.py", line
65, in call_hooks
    hook(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/lib/python2.7/site-packages/mockbuild/plugins/ccache.py",
line 60, in _ccachePreInitHook
    self.buildroot.uid_manager.changeOwner(self.ccachePath, recursive=True)
  File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py",
line 84, in trace
    result = func(*args, **kw)
  File "/usr/lib/python2.7/site-packages/mockbuild/uid.py", line 84,
in changeOwner
    os.chown(os.path.join(root, f), uid, gid)
OSError: [Errno 2] No such file or directory:
'/var/cache/mock/fedora-rawhide-x86_64/ccache/u1000/9/stats.lock'

How is this really supposed to be done?  If I'm doing it the right
way, then the current method is broken.

Also, http://fedoraproject.org/wiki/Hardened_Packages seems to be
entirely useless at this point.  Perhaps it could be replaced with a
page that discusses the current state of the hardening flags.

Thank you,
-- 
Jerry James
http://www.jamezone.org/


More information about the devel mailing list