Jeffrey Walton wrote: > Hi Suzuki, > >> So I wonder why you want autoconf >> to "fix" the result caused by your CFLAGS > I was trying to set CFLAGS, CPPFLAGS, etc though `configure`. Its a > supported option, and Autoconf produced the configure file. Where else > would you suggest I look? In your environment, gcc "your set of CFLAGS" -o hello.exe hello.c can generate the executable successfully? >> Anyway, you didn't clarified how such special flags are required, >> and the coverages of the objects to be compiled with the special >> flags, so nobody will be able to the answer to be used immediately. > I was not aware hardeneing was considered "special flags" and we had > to justify their usage :) Security conscious folks usually look at it > the other way: we look at a typical project's configuration, and ask > why they are not being used. Anyway, the flags have actually been > around for some time, but most folks don't use them. -1 to those folks > for ignoring awesome platform security measures. > > Projects use `configure` to configure all binaries output in a project > - regardless of the binary type (executable or shared object). Though > there may be multiple executables and shared objects, there is only > one configure. So I need something that provides what I > want/desire/require at the single configure point. > > I want hardened executables and shared objects. That includes ASLR, > which means -fPIE -pie for executables; -fPIC and -shared for shared > objects. According to the dialog from the GCC feature request, -fPIC > and -shared should be used as it appears to be a "superset" of -fPIE > -pie. > > Jeff > > On Tue, Aug 21, 2012 at 9:59 PM, suzuki toshiya > <mpsuzuki@xxxxxxxxxxxxxxxxx> wrote: >> I think your set of CFLAGS makes GCC disabled to make a simple >> executables like "hello world". So I wonder why you want autoconf >> to "fix" the result caused by your CFLAGS. For generic CFLAGS, >> you must set CFLAGS that the compiler can make an executable >> successfully. You gave CFLAGS that the compiler cannot make >> an executable. >> >> Also I've checked the discussion on GCC bugzilla; Andrew Pinski >> mentioned automake, but I don't think he recommends a method using >> "CFLAGS=blahblahblah ./configure". I guess he recommends to write >> configure.am & Makefile.am to insert non-generic & special flags >> in the compiling for shared object. >> >> Anyway, you didn't clarified how such special flags are required, >> and the coverages of the objects to be compiled with the special >> flags, so nobody will be able to the answer to be used immediately. >> >> Regards, >> mpsuzuki >> >> Jeffrey Walton wrote: >>> Hi All, >>> >>> Any ideas on how to fix this? I was using -fPIC/-shared due to >>> limitations in Make and LDFLAGS. According to [1], we can use >>> -fPIC/-shared all the time. >>> >>> $ ./configure CFLAGS="-Wall -Wextra -Wconversion -fPIC >>> -Wno-unused-parameter -Wformat=2 -Wformat-security >>> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >>> -Wl,-z,relro -Wl,-z,now" >>> checking build system type... x86_64-unknown-linux-gnu >>> checking host system type... x86_64-unknown-linux-gnu >>> checking target system type... x86_64-unknown-linux-gnu >>> checking for gcc... gcc >>> checking whether the C compiler works... no >>> configure: error: in `/home/jeffrey/Desktop/sipwitch-1.3.1': >>> configure: error: C compiler cannot create executables >>> See `config.log' for more details >>> >>> Jeff >>> >>> [1] "Request: Add -aslr switch that invokes -fPIE/-pie or >>> -fPIC/-shared as appropriate," >>> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52885 >>> >>> ***** >>> >>> This file contains any messages produced by compilers while >>> running configure, to aid debugging if configure makes a mistake. >>> >>> It was created by configure, which was >>> generated by GNU Autoconf 2.68. Invocation command line was >>> >>> $ ./configure CFLAGS=-Wall -Wextra -Wconversion -fPIC >>> -Wno-unused-parameter -Wformat=2 -Wformat-security >>> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >>> -Wl,-z,relro -Wl,-z,now >>> >>> ## --------- ## >>> ## Platform. ## >>> ## --------- ## >>> >>> hostname = mint-12-x64 >>> uname -m = x86_64 >>> uname -r = 3.0.0-12-generic >>> uname -s = Linux >>> uname -v = #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 >>> >>> /usr/bin/uname -p = unknown >>> /bin/uname -X = unknown >>> >>> /bin/arch = unknown >>> /usr/bin/arch -k = unknown >>> /usr/convex/getsysinfo = unknown >>> /usr/bin/hostinfo = unknown >>> /bin/machine = unknown >>> /usr/bin/oslevel = unknown >>> /bin/universe = unknown >>> >>> PATH: /usr/lib/lightdm/lightdm >>> PATH: /usr/local/sbin >>> PATH: /usr/local/bin >>> PATH: /usr/sbin >>> PATH: /usr/bin >>> PATH: /sbin >>> PATH: /bin >>> PATH: /usr/games >>> >>> >>> ## ----------- ## >>> ## Core tests. ## >>> ## ----------- ## >>> >>> configure:2456: checking build system type >>> configure:2470: result: x86_64-unknown-linux-gnu >>> configure:2490: checking host system type >>> configure:2503: result: x86_64-unknown-linux-gnu >>> configure:2523: checking target system type >>> configure:2536: result: x86_64-unknown-linux-gnu >>> configure:2611: checking for gcc >>> configure:2627: found /usr/bin/gcc >>> configure:2638: result: gcc >>> configure:2867: checking for C compiler version >>> configure:2876: gcc --version >&5 >>> gcc (Ubuntu/Linaro 4.6.1-9ubuntu3) 4.6.1 >>> Copyright (C) 2011 Free Software Foundation, Inc. >>> This is free software; see the source for copying conditions. There is NO >>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. >>> >>> configure:2887: $? = 0 >>> configure:2876: gcc -v >&5 >>> Using built-in specs. >>> COLLECT_GCC=gcc >>> COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.6.1/lto-wrapper >>> Target: x86_64-linux-gnu >>> Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro >>> 4.6.1-9ubuntu3' >>> --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs >>> --enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr >>> --program-suffix=-4.6 --enable-shared --enable-linker-build-id >>> --with-system-zlib --libexecdir=/usr/lib --without-included-gettext >>> --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6 >>> --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu >>> --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin >>> --enable-objc-gc --disable-werror --with-arch-32=i686 >>> --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu >>> --host=x86_64-linux-gnu --target=x86_64-linux-gnu >>> Thread model: posix >>> gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3) >>> configure:2887: $? = 0 >>> configure:2876: gcc -V >&5 >>> gcc: error: unrecognized option '-V' >>> gcc: fatal error: no input files >>> compilation terminated. >>> configure:2887: $? = 4 >>> configure:2876: gcc -qversion >&5 >>> gcc: error: unrecognized option '-qversion' >>> gcc: fatal error: no input files >>> compilation terminated. >>> configure:2887: $? = 4 >>> configure:2907: checking whether the C compiler works >>> configure:2929: gcc -Wall -Wextra -Wconversion -fPIC >>> -Wno-unused-parameter -Wformat=2 -Wformat-security >>> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >>> -Wl,-z,relro -Wl,-z,now conftest.c >&5 >>> /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.6.1/../../../x86_64-linux-gnu/crt1.o: >>> relocation R_X86_64_32S against `__libc_csu_fini' can not be used when >>> making a shared object; recompile with -fPIC >>> /usr/lib/gcc/x86_64-linux-gnu/4.6.1/../../../x86_64-linux-gnu/crt1.o: >>> could not read symbols: Bad value >>> collect2: ld returned 1 exit status >>> configure:2933: $? = 1 >>> configure:2971: result: no >>> configure: failed program was: >>> | /* confdefs.h */ >>> | #define PACKAGE_NAME "" >>> | #define PACKAGE_TARNAME "" >>> | #define PACKAGE_VERSION "" >>> | #define PACKAGE_STRING "" >>> | #define PACKAGE_BUGREPORT "" >>> | #define PACKAGE_URL "" >>> | /* end confdefs.h. */ >>> | >>> | int >>> | main () >>> | { >>> | >>> | ; >>> | return 0; >>> | } >>> configure:2976: error: in `/home/jeffrey/Desktop/sipwitch-1.3.1': >>> configure:2978: error: C compiler cannot create executables >>> See `config.log' for more details >>> >>> ## ---------------- ## >>> ## Cache variables. ## >>> ## ---------------- ## >>> >>> ac_cv_build=x86_64-unknown-linux-gnu >>> ac_cv_env_CCC_set= >>> ac_cv_env_CCC_value= >>> ac_cv_env_CC_set= >>> ac_cv_env_CC_value= >>> ac_cv_env_CFLAGS_set=set >>> ac_cv_env_CFLAGS_value='-Wall -Wextra -Wconversion -fPIC >>> -Wno-unused-parameter -Wformat=2 -Wformat-security >>> -fstack-protector-all -Wstrict-overflow -Wl,-shared -Wl,-z,noexecstack >>> -Wl,-z,relro -Wl,-z,now' >>> ac_cv_env_CPPFLAGS_set= >>> ac_cv_env_CPPFLAGS_value= >>> ac_cv_env_CPP_set= >>> ac_cv_env_CPP_value= >>> ac_cv_env_CXXCPP_set= >>> ac_cv_env_CXXCPP_value= >>> ac_cv_env_CXXFLAGS_set= >>> ac_cv_env_CXXFLAGS_value= >>> ac_cv_env_CXX_set= >>> ac_cv_env_CXX_value= >>> ac_cv_env_EXOSIP2_CFLAGS_set= >>> ac_cv_env_EXOSIP2_CFLAGS_value= >>> ac_cv_env_EXOSIP2_LIBS_set= >>> ac_cv_env_EXOSIP2_LIBS_value= >>> ac_cv_env_LDFLAGS_set= >>> ac_cv_env_LDFLAGS_value= >>> ac_cv_env_LIBOSIP2_CFLAGS_set= >>> ac_cv_env_LIBOSIP2_CFLAGS_value= >>> ac_cv_env_LIBOSIP2_LIBS_set= >>> ac_cv_env_LIBOSIP2_LIBS_value= >>> ac_cv_env_LIBS_set= >>> ac_cv_env_LIBS_value= >>> ac_cv_env_PKG_CONFIG_LIBDIR_set= >>> ac_cv_env_PKG_CONFIG_LIBDIR_value= >>> ac_cv_env_PKG_CONFIG_PATH_set= >>> ac_cv_env_PKG_CONFIG_PATH_value= >>> ac_cv_env_PKG_CONFIG_set= >>> ac_cv_env_PKG_CONFIG_value= >>> ac_cv_env_QT_CFLAGS_set= >>> ac_cv_env_QT_CFLAGS_value= >>> ac_cv_env_QT_LIBS_set= >>> ac_cv_env_QT_LIBS_value= >>> ac_cv_env_UCOMMON_CFLAGS_set= >>> ac_cv_env_UCOMMON_CFLAGS_value= >>> ac_cv_env_UCOMMON_LIBS_set= >>> ac_cv_env_UCOMMON_LIBS_value= >>> ac_cv_env_ZEROCONF_CFLAGS_set= >>> ac_cv_env_ZEROCONF_CFLAGS_value= >>> ac_cv_env_ZEROCONF_LIBS_set= >>> ac_cv_env_ZEROCONF_LIBS_value= >>> ac_cv_env_build_alias_set= >>> ac_cv_env_build_alias_value= >>> ac_cv_env_host_alias_set= >>> ac_cv_env_host_alias_value= >>> ac_cv_env_target_alias_set= >>> ac_cv_env_target_alias_value= >>> ac_cv_host=x86_64-unknown-linux-gnu >>> ac_cv_prog_ac_ct_CC=gcc >>> ac_cv_target=x86_64-unknown-linux-gnu >>> >>> ## ----------------- ## >>> ## Output variables. ## >>> ## ----------------- ## >>> >>> ACLOCAL='' >>> AMDEPBACKSLASH='' >>> AMDEP_FALSE='' >>> AMDEP_TRUE='' >>> AMTAR='' >>> AR='' >>> AS='' >>> AUTOCONF='' >>> AUTOHEADER='' >>> AUTOMAKE='' >>> AWK='' >>> CC='gcc' >>> CCDEPMODE='' >>> CFLAGS='-Wall -Wextra -Wconversion -fPIC -Wno-unused-parameter >>> -Wformat=2 -Wformat-security -fstack-protector-all -Wstrict-overflow >>> -Wl,-shared -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now' >>> CPP='' >>> CPPFLAGS='' >>> CXX='' >>> CXXCPP='' >>> CXXDEPMODE='' >>> CXXFLAGS='' >>> CYGPATH_W='' >>> DAEMON_LIBS='' >>> DEFS='' >>> DEPDIR='' >>> DLLTOOL='' >>> DLOPEN='' >>> DSYMUTIL='' >>> DUMPBIN='' >>> ECHO_C='' >>> ECHO_N='-n' >>> ECHO_T='' >>> EGREP='' >>> EXEEXT='' >>> EXOSIP2_CFLAGS='' >>> EXOSIP2_LIBS='' >>> EXPORT_FLAGS='' >>> EXPORT_LIBS='' >>> FGREP='' >>> GREP='' >>> INCLUDE_FLAGS='' >>> INITRDDIR='' >>> INSTALL_DATA='' >>> INSTALL_PROGRAM='' >>> INSTALL_SCRIPT='' >>> INSTALL_STRIP_PROGRAM='' >>> LD='' >>> LDFLAGS='' >>> LIBOBJS='' >>> LIBOSIP2_CFLAGS='' >>> LIBOSIP2_LIBS='' >>> LIBS='' >>> LIBTOOL='' >>> LIPO='' >>> LN_S='' >>> LTLIBOBJS='' >>> LT_VERSION='1:6:0' >>> MAKEINFO='' >>> MANIFEST_TOOL='' >>> MKDIR_P='' >>> MOC='' >>> MODFLAGS='' >>> NETWORK_DOWN='' >>> NETWORK_RELOAD='' >>> NETWORK_UP='' >>> NM='' >>> NMEDIT='' >>> OBJDUMP='' >>> OBJEXT='' >>> OTOOL64='' >>> OTOOL='' >>> PACKAGE='' >>> PACKAGE_BUGREPORT='' >>> PACKAGE_NAME='' >>> PACKAGE_STRING='' >>> PACKAGE_TARNAME='' >>> PACKAGE_URL='' >>> PACKAGE_VERSION='' >>> PATH_SEPARATOR=':' >>> PKG_CONFIG='' >>> PKG_CONFIG_LIBDIR='' >>> PKG_CONFIG_PATH='' >>> QTAPPS='' >>> QT_CFLAGS='' >>> QT_LIBS='' >>> RANLIB='' >>> RCC='' >>> SED='' >>> SET_MAKE='' >>> SHELL='/bin/bash' >>> SIPWITCH_EXOSIP2='' >>> SIPWITCH_FLAGS='' >>> SIPWITCH_LIBS='' >>> STATIC_MODULES_FALSE='' >>> STATIC_MODULES_TRUE='' >>> STRIP='' >>> UCOMMON='' >>> UCOMMON_CFLAGS='' >>> UCOMMON_CLINK='' >>> UCOMMON_LIBS='' >>> UCOMMON_LINK='' >>> UCOMMON_MODEL='' >>> UCOMMON_REQUIRES='5.2.0' >>> UIC='' >>> USECURE_LINK='' >>> VERSION='1.3.1' >>> ZEROCONF_CFLAGS='' >>> ZEROCONF_FALSE='' >>> ZEROCONF_LIBS='' >>> ZEROCONF_TRUE='' >>> ac_ct_AR='' >>> ac_ct_CC='gcc' >>> ac_ct_CXX='' >>> ac_ct_DUMPBIN='' >>> am__EXEEXT_FALSE='' >>> am__EXEEXT_TRUE='' >>> am__fastdepCC_FALSE='' >>> am__fastdepCC_TRUE='' >>> am__fastdepCXX_FALSE='' >>> am__fastdepCXX_TRUE='' >>> am__include='' >>> am__isrc='' >>> am__leading_dot='' >>> am__nodep='' >>> am__quote='' >>> am__tar='' >>> am__untar='' >>> bindir='${exec_prefix}/bin' >>> build='x86_64-unknown-linux-gnu' >>> build_alias='' >>> build_cpu='x86_64' >>> build_os='linux-gnu' >>> build_vendor='unknown' >>> cgibindir='' >>> datadir='${datarootdir}' >>> datarootdir='${prefix}/share' >>> default_cfgpath='' >>> default_incpath='' >>> default_libexec='' >>> default_libpath='' >>> default_varpath='' >>> docdir='${datarootdir}/doc/${PACKAGE}' >>> dvidir='${docdir}' >>> exec_prefix='NONE' >>> host='x86_64-unknown-linux-gnu' >>> host_alias='' >>> host_cpu='x86_64' >>> host_os='linux-gnu' >>> host_vendor='unknown' >>> htmldir='${docdir}' >>> includedir='${prefix}/include' >>> infodir='${datarootdir}/info' >>> install_sh='' >>> libdir='${exec_prefix}/lib' >>> libexecdir='${exec_prefix}/libexec' >>> localedir='${datarootdir}/locale' >>> localstatedir='${prefix}/var' >>> mandir='${datarootdir}/man' >>> mkdir_p='' >>> oldincludedir='/usr/include' >>> pdfdir='${docdir}' >>> plugindir='' >>> prefix='NONE' >>> prefix_libdir='' >>> program_transform_name='s,x,x,' >>> psdir='${docdir}' >>> sbindir='${exec_prefix}/sbin' >>> sharedstatedir='${prefix}/com' >>> sysconfdir='${prefix}/etc' >>> target='x86_64-unknown-linux-gnu' >>> target_alias='' >>> target_cpu='x86_64' >>> target_os='linux-gnu' >>> target_vendor='unknown' >>> translatedir='' >>> translations='' >>> >>> ## ----------- ## >>> ## confdefs.h. ## >>> ## ----------- ## >>> >>> /* confdefs.h */ >>> #define PACKAGE_NAME "" >>> #define PACKAGE_TARNAME "" >>> #define PACKAGE_VERSION "" >>> #define PACKAGE_STRING "" >>> #define PACKAGE_BUGREPORT "" >>> #define PACKAGE_URL "" >>> >>> configure: exit 77 >>> >>> _______________________________________________ >>> Autoconf mailing list >>> Autoconf@xxxxxxx >>> https://lists.gnu.org/mailman/listinfo/autoconf >> >> _______________________________________________ >> Autoconf mailing list >> Autoconf@xxxxxxx >> https://lists.gnu.org/mailman/listinfo/autoconf _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
