__attribute__((alias(foo))) and the hardening flags

[Jerry James]

I've got a puzzling build failure today and could use some direction
on what to do.  The build is here:
https://koji.fedoraproject.org/koji/taskinfo?taskID=9204498.

The cddlib package can be built both with and without GMP support.
Most applications can work with either version, so we want to build
them against a GMP-enabled cddlib, for efficiency.  However, polymake
wants to link against both GMP-enabled and GMP-disabled versions of
cddlib.  To support this, without using polymake's bundled version of
cddlib, we long ago built both versions of the library, named
libcdd.so.0.0.0 and libcddgmp.so.0.0.0.  Since they contain identical
symbols, the bundled polylmake version renames all of the symbols in
the GMP-enabled version to have "_gmp" suffixes.  We did likewise, but
to support applications that only want the GMP-enabled version and
expect the original unaltered symbol names, we made declarations of
the form "foo __attribute__((alias(foo_gmp)))" for each external
symbol foo.  That lets polymake link with both versions as it expects,
and other applications don't have to be modified to use the new symbol
names.

Now, cddlib was rebuilt just before alpha freeze, so it has been built
with the hardening flags.  This morning, I tried to rebuild gfan after
adding in $RPM_LD_FLAGS, so that it too would be built hardened.  The
link step fails on x86_64 with this message:

/bin/ld: ./lp_cdd.o: relocation R_X86_64_PC32 against undefined symbol
`dd_purezero' can not be used when making a shared object; recompile
with -fPIC
/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status

I am puzzled by this.  First, the link is attempting to create a
binary, not a shared object.  Second, every object in cddlib was built
with -fPIC.  Every object in gfan was built with
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1, which should make them
be built with -fpie, right?  I also tried building gfan with -fPIE,
but that didn't help.  Third, removing
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld from the link line
results in a successful link.  Fourth, examining libcddgmp.so.0.0.0
(the cddlib library in question) with readelf shows this in the
relocation section:

000000244f90  027a00000006 R_X86_64_GLOB_DAT 0000000000246100
dd_purezero_gmp + 0

And this in the .dynsym section:

   109: 0000000000246100     0 OBJECT  GLOBAL DEFAULT   23 dd_purezero
   634: 0000000000246100    32 OBJECT  GLOBAL DEFAULT   23 dd_purezero_gmp

So dd_purezero is not, in fact, an undefined symbol.  It is an alias
to dd_purezero_gmp, which is defined and has the proper relocation
type.  So it looks like -Wl,-z,now is doing something to defeat the
alias mechanism.  Is that right?  If so, do I have any other option
besides disabling hardening for gfan?  Is there some way to get
aliases to play well with the hardening flags?

Thanks,
-- 
Jerry James
http://www.jamezone.org/