Hi Suzuki, > So I wonder why you want autoconf > to "fix" the result caused by your CFLAGS I was trying to set CFLAGS, CPPFLAGS, etc though `configure`. Its a supported option, and Autoconf produced the configure file. Where else would you suggest I look? > Anyway, you didn't clarified how such special flags are required, > and the coverages of the objects to be compiled with the special > flags, so nobody will be able to the answer to be used immediately. I was not aware hardeneing was considered "special flags" and we had to justify their usage :) Security conscious folks usually look at it the other way: we look at a typical project's configuration, and ask why they are not being used. Anyway, the flags have actually been around for some time, but most folks don't use them. -1 to those folks for ignoring awesome platform security measures. Projects use `configure` to configure all binaries output in a project - regardless of the binary type (executable or shared object). Though there may be multiple executables and shared objects, there is only one configure. So I need something that provides what I want/desire/require at the single configure point. I want hardened executables and shared objects. That includes ASLR, which means -fPIE -pie for executables; -fPIC and -shared for shared objects. According to the dialog from the GCC feature request, -fPIC and -shared should be used as it appears to be a "superset" of -fPIE -pie. Jeff On Tue, Aug 21, 2012 at 9:59 PM, suzuki toshiya <mpsuzuki@xxxxxxxxxxxxxxxxx> wrote: > I think your set of CFLAGS makes GCC disabled to make a simple > executables like "hello world". So I wonder why you want autoconf > to "fix" the result caused by your CFLAGS. For generic CFLAGS, > you must set CFLAGS that the compiler can make an executable > successfully. You gave CFLAGS that the compiler cannot make > an executable. > > Also I've checked the discussion on GCC bugzilla; Andrew Pinski > mentioned automake, but I don't think he recommends a method using > "CFLAGS=blahblahblah ./configure". I guess he recommends to write > configure.am & Makefile.am to insert non-generic & special flags > in the compiling for shared object. > > Anyway, you didn't clarified how such special flags are required, > and the coverages of the objects to be compiled with the special > flags, so nobody will be able to the answer to be used immediately. > > Regards, > mpsuzuki > > Jeffrey Walton wrote: >> Hi All, >> >> Any ideas on how to fix this? I was using -fPIC/-shared due to >> limitations in Make and LDFLAGS. According to [1], we can use >> -fPIC/-shared all the time. >> >> $ ./configure CFLAGS="-Wall -Wextra -Wconversion -fPIC >> -Wno-unused-parameter -Wformat=2 -Wformat-security >> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >> -Wl,-z,relro -Wl,-z,now" >> checking build system type... x86_64-unknown-linux-gnu >> checking host system type... x86_64-unknown-linux-gnu >> checking target system type... x86_64-unknown-linux-gnu >> checking for gcc... gcc >> checking whether the C compiler works... no >> configure: error: in `/home/jeffrey/Desktop/sipwitch-1.3.1': >> configure: error: C compiler cannot create executables >> See `config.log' for more details >> >> Jeff >> >> [1] "Request: Add -aslr switch that invokes -fPIE/-pie or >> -fPIC/-shared as appropriate," >> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52885 >> >> ***** >> >> This file contains any messages produced by compilers while >> running configure, to aid debugging if configure makes a mistake. >> >> It was created by configure, which was >> generated by GNU Autoconf 2.68. Invocation command line was >> >> $ ./configure CFLAGS=-Wall -Wextra -Wconversion -fPIC >> -Wno-unused-parameter -Wformat=2 -Wformat-security >> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >> -Wl,-z,relro -Wl,-z,now >> >> ## --------- ## >> ## Platform. ## >> ## --------- ## >> >> hostname = mint-12-x64 >> uname -m = x86_64 >> uname -r = 3.0.0-12-generic >> uname -s = Linux >> uname -v = #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 >> >> /usr/bin/uname -p = unknown >> /bin/uname -X = unknown >> >> /bin/arch = unknown >> /usr/bin/arch -k = unknown >> /usr/convex/getsysinfo = unknown >> /usr/bin/hostinfo = unknown >> /bin/machine = unknown >> /usr/bin/oslevel = unknown >> /bin/universe = unknown >> >> PATH: /usr/lib/lightdm/lightdm >> PATH: /usr/local/sbin >> PATH: /usr/local/bin >> PATH: /usr/sbin >> PATH: /usr/bin >> PATH: /sbin >> PATH: /bin >> PATH: /usr/games >> >> >> ## ----------- ## >> ## Core tests. ## >> ## ----------- ## >> >> configure:2456: checking build system type >> configure:2470: result: x86_64-unknown-linux-gnu >> configure:2490: checking host system type >> configure:2503: result: x86_64-unknown-linux-gnu >> configure:2523: checking target system type >> configure:2536: result: x86_64-unknown-linux-gnu >> configure:2611: checking for gcc >> configure:2627: found /usr/bin/gcc >> configure:2638: result: gcc >> configure:2867: checking for C compiler version >> configure:2876: gcc --version >&5 >> gcc (Ubuntu/Linaro 4.6.1-9ubuntu3) 4.6.1 >> Copyright (C) 2011 Free Software Foundation, Inc. >> This is free software; see the source for copying conditions. There is NO >> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. >> >> configure:2887: $? = 0 >> configure:2876: gcc -v >&5 >> Using built-in specs. >> COLLECT_GCC=gcc >> COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.6.1/lto-wrapper >> Target: x86_64-linux-gnu >> Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro >> 4.6.1-9ubuntu3' >> --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs >> --enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr >> --program-suffix=-4.6 --enable-shared --enable-linker-build-id >> --with-system-zlib --libexecdir=/usr/lib --without-included-gettext >> --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6 >> --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu >> --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin >> --enable-objc-gc --disable-werror --with-arch-32=i686 >> --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu >> --host=x86_64-linux-gnu --target=x86_64-linux-gnu >> Thread model: posix >> gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3) >> configure:2887: $? = 0 >> configure:2876: gcc -V >&5 >> gcc: error: unrecognized option '-V' >> gcc: fatal error: no input files >> compilation terminated. >> configure:2887: $? = 4 >> configure:2876: gcc -qversion >&5 >> gcc: error: unrecognized option '-qversion' >> gcc: fatal error: no input files >> compilation terminated. >> configure:2887: $? = 4 >> configure:2907: checking whether the C compiler works >> configure:2929: gcc -Wall -Wextra -Wconversion -fPIC >> -Wno-unused-parameter -Wformat=2 -Wformat-security >> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >> -Wl,-z,relro -Wl,-z,now conftest.c >&5 >> /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.6.1/../../../x86_64-linux-gnu/crt1.o: >> relocation R_X86_64_32S against `__libc_csu_fini' can not be used when >> making a shared object; recompile with -fPIC >> /usr/lib/gcc/x86_64-linux-gnu/4.6.1/../../../x86_64-linux-gnu/crt1.o: >> could not read symbols: Bad value >> collect2: ld returned 1 exit status >> configure:2933: $? = 1 >> configure:2971: result: no >> configure: failed program was: >> | /* confdefs.h */ >> | #define PACKAGE_NAME "" >> | #define PACKAGE_TARNAME "" >> | #define PACKAGE_VERSION "" >> | #define PACKAGE_STRING "" >> | #define PACKAGE_BUGREPORT "" >> | #define PACKAGE_URL "" >> | /* end confdefs.h. */ >> | >> | int >> | main () >> | { >> | >> | ; >> | return 0; >> | } >> configure:2976: error: in `/home/jeffrey/Desktop/sipwitch-1.3.1': >> configure:2978: error: C compiler cannot create executables >> See `config.log' for more details >> >> ## ---------------- ## >> ## Cache variables. ## >> ## ---------------- ## >> >> ac_cv_build=x86_64-unknown-linux-gnu >> ac_cv_env_CCC_set= >> ac_cv_env_CCC_value= >> ac_cv_env_CC_set= >> ac_cv_env_CC_value= >> ac_cv_env_CFLAGS_set=set >> ac_cv_env_CFLAGS_value='-Wall -Wextra -Wconversion -fPIC >> -Wno-unused-parameter -Wformat=2 -Wformat-security >> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >> -Wl,-z,relro -Wl,-z,now' >> ac_cv_env_CPPFLAGS_set= >> ac_cv_env_CPPFLAGS_value= >> ac_cv_env_CPP_set= >> ac_cv_env_CPP_value= >> ac_cv_env_CXXCPP_set= >> ac_cv_env_CXXCPP_value= >> ac_cv_env_CXXFLAGS_set= >> ac_cv_env_CXXFLAGS_value= >> ac_cv_env_CXX_set= >> ac_cv_env_CXX_value= >> ac_cv_env_EXOSIP2_CFLAGS_set= >> ac_cv_env_EXOSIP2_CFLAGS_value= >> ac_cv_env_EXOSIP2_LIBS_set= >> ac_cv_env_EXOSIP2_LIBS_value= >> ac_cv_env_LDFLAGS_set= >> ac_cv_env_LDFLAGS_value= >> ac_cv_env_LIBOSIP2_CFLAGS_set= >> ac_cv_env_LIBOSIP2_CFLAGS_value= >> ac_cv_env_LIBOSIP2_LIBS_set= >> ac_cv_env_LIBOSIP2_LIBS_value= >> ac_cv_env_LIBS_set= >> ac_cv_env_LIBS_value= >> ac_cv_env_PKG_CONFIG_LIBDIR_set= >> ac_cv_env_PKG_CONFIG_LIBDIR_value= >> ac_cv_env_PKG_CONFIG_PATH_set= >> ac_cv_env_PKG_CONFIG_PATH_value= >> ac_cv_env_PKG_CONFIG_set= >> ac_cv_env_PKG_CONFIG_value= >> ac_cv_env_QT_CFLAGS_set= >> ac_cv_env_QT_CFLAGS_value= >> ac_cv_env_QT_LIBS_set= >> ac_cv_env_QT_LIBS_value= >> ac_cv_env_UCOMMON_CFLAGS_set= >> ac_cv_env_UCOMMON_CFLAGS_value= >> ac_cv_env_UCOMMON_LIBS_set= >> ac_cv_env_UCOMMON_LIBS_value= >> ac_cv_env_ZEROCONF_CFLAGS_set= >> ac_cv_env_ZEROCONF_CFLAGS_value= >> ac_cv_env_ZEROCONF_LIBS_set= >> ac_cv_env_ZEROCONF_LIBS_value= >> ac_cv_env_build_alias_set= >> ac_cv_env_build_alias_value= >> ac_cv_env_host_alias_set= >> ac_cv_env_host_alias_value= >> ac_cv_env_target_alias_set= >> ac_cv_env_target_alias_value= >> ac_cv_host=x86_64-unknown-linux-gnu >> ac_cv_prog_ac_ct_CC=gcc >> ac_cv_target=x86_64-unknown-linux-gnu >> >> ## ----------------- ## >> ## Output variables. ## >> ## ----------------- ## >> >> ACLOCAL='' >> AMDEPBACKSLASH='' >> AMDEP_FALSE='' >> AMDEP_TRUE='' >> AMTAR='' >> AR='' >> AS='' >> AUTOCONF='' >> AUTOHEADER='' >> AUTOMAKE='' >> AWK='' >> CC='gcc' >> CCDEPMODE='' >> CFLAGS='-Wall -Wextra -Wconversion -fPIC -Wno-unused-parameter >> -Wformat=2 -Wformat-security -fstack-protector-all -Wstrict-overflow >> -Wl,-shared -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now' >> CPP='' >> CPPFLAGS='' >> CXX='' >> CXXCPP='' >> CXXDEPMODE='' >> CXXFLAGS='' >> CYGPATH_W='' >> DAEMON_LIBS='' >> DEFS='' >> DEPDIR='' >> DLLTOOL='' >> DLOPEN='' >> DSYMUTIL='' >> DUMPBIN='' >> ECHO_C='' >> ECHO_N='-n' >> ECHO_T='' >> EGREP='' >> EXEEXT='' >> EXOSIP2_CFLAGS='' >> EXOSIP2_LIBS='' >> EXPORT_FLAGS='' >> EXPORT_LIBS='' >> FGREP='' >> GREP='' >> INCLUDE_FLAGS='' >> INITRDDIR='' >> INSTALL_DATA='' >> INSTALL_PROGRAM='' >> INSTALL_SCRIPT='' >> INSTALL_STRIP_PROGRAM='' >> LD='' >> LDFLAGS='' >> LIBOBJS='' >> LIBOSIP2_CFLAGS='' >> LIBOSIP2_LIBS='' >> LIBS='' >> LIBTOOL='' >> LIPO='' >> LN_S='' >> LTLIBOBJS='' >> LT_VERSION='1:6:0' >> MAKEINFO='' >> MANIFEST_TOOL='' >> MKDIR_P='' >> MOC='' >> MODFLAGS='' >> NETWORK_DOWN='' >> NETWORK_RELOAD='' >> NETWORK_UP='' >> NM='' >> NMEDIT='' >> OBJDUMP='' >> OBJEXT='' >> OTOOL64='' >> OTOOL='' >> PACKAGE='' >> PACKAGE_BUGREPORT='' >> PACKAGE_NAME='' >> PACKAGE_STRING='' >> PACKAGE_TARNAME='' >> PACKAGE_URL='' >> PACKAGE_VERSION='' >> PATH_SEPARATOR=':' >> PKG_CONFIG='' >> PKG_CONFIG_LIBDIR='' >> PKG_CONFIG_PATH='' >> QTAPPS='' >> QT_CFLAGS='' >> QT_LIBS='' >> RANLIB='' >> RCC='' >> SED='' >> SET_MAKE='' >> SHELL='/bin/bash' >> SIPWITCH_EXOSIP2='' >> SIPWITCH_FLAGS='' >> SIPWITCH_LIBS='' >> STATIC_MODULES_FALSE='' >> STATIC_MODULES_TRUE='' >> STRIP='' >> UCOMMON='' >> UCOMMON_CFLAGS='' >> UCOMMON_CLINK='' >> UCOMMON_LIBS='' >> UCOMMON_LINK='' >> UCOMMON_MODEL='' >> UCOMMON_REQUIRES='5.2.0' >> UIC='' >> USECURE_LINK='' >> VERSION='1.3.1' >> ZEROCONF_CFLAGS='' >> ZEROCONF_FALSE='' >> ZEROCONF_LIBS='' >> ZEROCONF_TRUE='' >> ac_ct_AR='' >> ac_ct_CC='gcc' >> ac_ct_CXX='' >> ac_ct_DUMPBIN='' >> am__EXEEXT_FALSE='' >> am__EXEEXT_TRUE='' >> am__fastdepCC_FALSE='' >> am__fastdepCC_TRUE='' >> am__fastdepCXX_FALSE='' >> am__fastdepCXX_TRUE='' >> am__include='' >> am__isrc='' >> am__leading_dot='' >> am__nodep='' >> am__quote='' >> am__tar='' >> am__untar='' >> bindir='${exec_prefix}/bin' >> build='x86_64-unknown-linux-gnu' >> build_alias='' >> build_cpu='x86_64' >> build_os='linux-gnu' >> build_vendor='unknown' >> cgibindir='' >> datadir='${datarootdir}' >> datarootdir='${prefix}/share' >> default_cfgpath='' >> default_incpath='' >> default_libexec='' >> default_libpath='' >> default_varpath='' >> docdir='${datarootdir}/doc/${PACKAGE}' >> dvidir='${docdir}' >> exec_prefix='NONE' >> host='x86_64-unknown-linux-gnu' >> host_alias='' >> host_cpu='x86_64' >> host_os='linux-gnu' >> host_vendor='unknown' >> htmldir='${docdir}' >> includedir='${prefix}/include' >> infodir='${datarootdir}/info' >> install_sh='' >> libdir='${exec_prefix}/lib' >> libexecdir='${exec_prefix}/libexec' >> localedir='${datarootdir}/locale' >> localstatedir='${prefix}/var' >> mandir='${datarootdir}/man' >> mkdir_p='' >> oldincludedir='/usr/include' >> pdfdir='${docdir}' >> plugindir='' >> prefix='NONE' >> prefix_libdir='' >> program_transform_name='s,x,x,' >> psdir='${docdir}' >> sbindir='${exec_prefix}/sbin' >> sharedstatedir='${prefix}/com' >> sysconfdir='${prefix}/etc' >> target='x86_64-unknown-linux-gnu' >> target_alias='' >> target_cpu='x86_64' >> target_os='linux-gnu' >> target_vendor='unknown' >> translatedir='' >> translations='' >> >> ## ----------- ## >> ## confdefs.h. ## >> ## ----------- ## >> >> /* confdefs.h */ >> #define PACKAGE_NAME "" >> #define PACKAGE_TARNAME "" >> #define PACKAGE_VERSION "" >> #define PACKAGE_STRING "" >> #define PACKAGE_BUGREPORT "" >> #define PACKAGE_URL "" >> >> configure: exit 77 >> >> _______________________________________________ >> Autoconf mailing list >> Autoconf@xxxxxxx >> https://lists.gnu.org/mailman/listinfo/autoconf > > > _______________________________________________ > Autoconf mailing list > Autoconf@xxxxxxx > https://lists.gnu.org/mailman/listinfo/autoconf _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
