-
-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stdenv: lib{gmp,mpc,mpfr,isl}-stage3: isPower64 -> no -fstack-protector #181802
Conversation
Stage3 of the stdenv bootstrap attempts to link libraries compiled for static linkage (i.e. `*.a`) into a dynamically-linked executable. On powerpc64le this is not supported if the library compiled for static linkage was built using `-fstack-protector`, because that option requires `-lssp` for dynamically-linked executables but uses a different library (`-lssp_nonshared`) for statically-linked executables. As a workaround, we simply disable `-fstack-protector` in the statically-linked `lib{gmp,mpc,mpfr,isl}-stage3` derivations. These are not visible from outside of `stdenv`.
Do you know why I think gcc's |
It isn't Nothing else in nixpkgs needs this workaround because nothing else in nixpkgs tries to do that. I'm not convinced that we should even expect it to work. I can currently build my entire workstation environment out of nixpkgs on powerpc64le except for the web browsers (qutebrowser, firefox, ungoogled-chromium) and Rust packages that use ring -- only stdenv's gcc experiences this problem. I'd love to embark on a de-Frankensteinification of the way we build stdenv's gcc, but getting nontrivial changes to the bootstrap stages merged takes multiple months. I've come to understand that I have a limited budget of attention from people who are confident enough to merge those kinds of things, and I have to be careful how I spend that budget. Disabling a hardening flag, on one platform only, is low-risk for reviewers. Here's the link failure if you're curious: #168983 (comment) |
|
Then what do you think is the cause of the link failure? |
I think it's a sign of I suspect it's only a matter of building Does current |
If I'm looking at the I think it means |
Meanwhile reproduced the same build failure:
And indeed it's a bootstrap-tools'
We can poke at it directly:
The problem here is presence of
I'll check what cross-build yields first: |
Confirmed it's an instance of #113977 :
Looking at why that check fails. |
A side-effect of missing glibc version detection:
It's supposed to be a simple But something fails. I'll keep digging. |
Thanks for digging into this; please don't be put off by my short reply below -- I have to leave the office in a few minutes so I'm going to reply to the low-hanging fruit and write a more detailed response later.
That would be the bootstrap-tools compiler. Here is the Hydra build that created it. You can replicate that build with
The special
Correct. With current nixpkgs master on a powerpc64le machine,
The bootstrap-files gcc is definitely cross-compiled for all non-{x86_64,arm64}
I've noticed that relocs for
Hey, that's a great find! But FWIW the PR that closes that bug, #141448, does exactly the same thing that this PR does -- disable
Interesting. I'll look into this, and #113977, in more detail either tonight or tomorrow. Nice find! |
Adding a bit of debugging I think this is the path
It comes from https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/configure.ac;h=446747311a6aec3c810ad6aa4190f7bd383b94f7;hb=HEAD#l2458 elif test "x$with_sysroot" = x; then
target_header_dir="${test_exec_prefix}/${target_noncanonical}/sys-include" Looking at other cases: if test "x$with_build_sysroot" != "x"; then
target_header_dir="${with_build_sysroot}${native_system_header_dir}"
elif test "x$with_sysroot" = x; then
target_header_dir="${test_exec_prefix}/${target_noncanonical}/sys-include"
elif test "x$with_sysroot" = xyes; then
target_header_dir="${test_exec_prefix}/${target_noncanonical}/sys-root${native_system_header_dir}"
else
target_header_dir="${with_sysroot}${native_system_header_dir}"
fi I think the best is to plug into last sysroot branch. Testing the following change locally: --- a/pkgs/development/compilers/gcc/common/configure-flags.nix
+++ b/pkgs/development/compilers/gcc/common/configure-flags.nix
@@ -111,9 +111,15 @@ let
"--with-mpc=${libmpc}"
]
++ lib.optional (libelf != null) "--with-libelf=${libelf}"
- ++ lib.optional (!(crossMingw && crossStageStatic))
+ ++ lib.optionals (!(crossMingw && crossStageStatic)) [
+ # "--with-sysroot=/": trick gcc into looking up target system headers in
+ # --with-native-system-header-dir dir:
+ # https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/configure.ac;h=446747311a6aec3c810ad6aa4190f7bd383b94f7;hb=HEAD#l2461
+ # Otherwise gcc tries to look it up in various prefixed
+ # targets relative to exec_prefix.
+ "--with-sysroot=/"
"--with-native-system-header-dir=${lib.getDev stdenv.cc.libc}/include"
-
+ ]
# Basic configuration
++ [
# Force target prefix. The behavior if `--target` and `--host` It also matches description of
|
Breaks. |
Looking at
|
The following hack allows building working --- a/pkgs/development/compilers/gcc/common/configure-flags.nix
+++ b/pkgs/development/compilers/gcc/common/configure-flags.nix
@@ -113,6 +113,8 @@ let
++ lib.optional (libelf != null) "--with-libelf=${libelf}"
++ lib.optional (!(crossMingw && crossStageStatic))
"--with-native-system-header-dir=${lib.getDev stdenv.cc.libc}/include"
+ ++ lib.optional (!(crossMingw && crossStageStatic) && buildPlatform != hostPlatform)
+ "--with-sysroot=/"
# Basic configuration
++ [ I suspect it might be a bit incorrect for some cases. I'll spend some time to understand the difference in |
Proposed the possible fix as #181943 |
When reviewing NixOS#181802 (comment) I noticed outdated code that attempted to override /usr/include. sed -i \ -e "s,glibc_header_dir=/usr/include,glibc_header_dir=$libc_dev/include", \ gcc/configure `glibc_header_dir` was removed from `gcc-4.6` and later in https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=6961669f48aa18168b2d7daa7e2235fbec7cb636 (Dec 2010, "(gcc_cv_ld_eh_frame_hdr): Only check GNU ld for --eh-frame-hdr."). Since then gcc got `--with-native-system-header-dir=` which `nixpkgs` uses for all packaged `gcc` versions. The change should be a no-op.
On top of it proposed a cleanup to remove outdated |
And proposed another drive-by cleanup around |
(Edit: I'm going to repost this comment in #181943) |
Closed in favor of #181943 |
When reviewing NixOS#181802 (comment) I noticed outdated code that attempted to override /usr/include. sed -i \ -e "s,glibc_header_dir=/usr/include,glibc_header_dir=$libc_dev/include", \ gcc/configure `glibc_header_dir` was removed from `gcc-4.6` and later in https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=6961669f48aa18168b2d7daa7e2235fbec7cb636 (Dec 2010, "(gcc_cv_ld_eh_frame_hdr): Only check GNU ld for --eh-frame-hdr."). Since then gcc got `--with-native-system-header-dir=` which `nixpkgs` uses for all packaged `gcc` versions. The change should be a no-op.
Description of changes
This is a more-focused version of the same change in #168983, which I am unable to reopen. I closed that PR too hastily; unfortunately it is still needed on powerpc64le.
Stage3 of the stdenv bootstrap attempts to link libraries compiled for static linkage (i.e.
*.a
) into a dynamically-linked executable. On powerpc64le this is not supported if the library compiled for static linkage was built using-fstack-protector
, because that option requires-lssp
(edit: or equivalent) for dynamically-linked executables but uses a different library (-lssp_nonshared
) for statically-linked executables.As a workaround, we simply disable
-fstack-protector
in the statically-linkedlib{gmp,mpc,mpfr,isl}-stage3
derivations. These are not visible from outside ofstdenv
.Things done
./result/bin/
)