Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] elfutils error thread support required (hardened)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
xo ip
n00b
n00b


Joined: 06 Nov 2024
Posts: 3

PostPosted: Wed Nov 06, 2024 3:17 pm    Post subject: [SOLVED] elfutils error thread support required (hardened) Reply with quote

hello gentoo community,

i'm using stage3-amd64-musl-llvm-20241027T164832Z.tar.xz for installation and update it today, add manual the following to make.conf (enable hardening flags):

Code:
WARNING_FLAGS="-Werror=odr -Werror=strict-aliasing"
HARDENING_CFLAGS="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -fcf-protection=full -D_FORTIFY_SOURCE=2"
HARDENING_LDFLAGS="-Wl,-z,relro,-z,now -pie"

COMMON_FLAGS="-march=native -O2 -pipe -flto=thin ${WARNING_FLAGS}"
CFLAGS="${COMMON_FLAGS} ${HARDENING_CFLAGS}"
CXXFLAGS="${COMMON_FLAGS} ${HARDENING_CFLAGS}"
LDFLAGS="${LDFLAGS} -Wl,-O2 -Wl,--as-needed ${HARDENING_LDFLAGS}"


Then i recompile the whole system with:
Code:
emerge -e --ask --update --newuse --with-bdeps=y --quiet --deep @world


One program failed: dev-libs/elfutils with the following error:
Code:
configure: error: __thread support required


I then try nopie and nossp to /etc/portage/package.env from here: https://wiki.gentoo.org/wiki/Hardened_Gentoo for just elfutils.

But it's still failed but when i remove all the ${WARNING_FLAGS} ${HARDENING_CFLAGS} ${HARDENING_LDFLAGS} from make.conf like just use:
Code:
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
LDFLAGS="${LDFLAGS} -Wl,-O2 -Wl,--as-needed"
it works.

So what i have to add to another /etc/portage/env/unknown to make it just work for dev-libs/elfutils ?


Last edited by xo ip on Wed Nov 06, 2024 5:43 pm; edited 2 times in total
Back to top
View user's profile Send private message
xo ip
n00b
n00b


Joined: 06 Nov 2024
Posts: 3

PostPosted: Wed Nov 06, 2024 3:54 pm    Post subject: Reply with quote

-no-pie don't work via /etc/portage/env but removing -fPIE from HARDENING_CFLAGS works. weird.

The wiki entry is wrong ! it should be -fno-PIE and not -no-pie https://wiki.gentoo.org/wiki/Hardened_Gentoo
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 1947

PostPosted: Wed Nov 06, 2024 6:28 pm    Post subject: Reply with quote

Your answer doesn't seem to explain what happened here, because the default is PIE anyway - as are the other hardening flags (so no need for you to be setting it), and the only error you pointed out was something you tried to work around it?
Back to top
View user's profile Send private message
xo ip
n00b
n00b


Joined: 06 Nov 2024
Posts: 3

PostPosted: Wed Nov 06, 2024 11:04 pm    Post subject: Reply with quote

hello sam_,

thank you for taking time and answering i hope i can explain it a bit more:

Make.conf
Code:
CC="clang"
CPP="clang-cpp" # necessary for xorg-server and possibly other packages
CXX="clang++"
AR="llvm-ar"
NM="llvm-nm"
RANLIB="llvm-ranlib"
WARNING_FLAGS="-Werror=odr -Werror=strict-aliasing"
HARDENING_CFLAGS="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -fcf-protection=full -D_FORTIFY_SOURCE=2"
HARDENING_LDFLAGS="-Wl,-z,relro,-z,now -pie"
COMMON_FLAGS="-march=native -O2 -pipe -flto=thin ${WARNING_FLAGS}"
CFLAGS="${COMMON_FLAGS} ${HARDENING_CFLAGS}"
CXXFLAGS="${COMMON_FLAGS} ${HARDENING_CFLAGS}"
LDFLAGS="${LDFLAGS} -Wl,-O2 -Wl,--as-needed ${HARDENING_LDFLAGS}"
FEATURE="cgroup ipc-sandbox network-sandbox noman nodoc noinfo"


I can only compile dev-libs/elfutils when i add nopie (/etc/portage/env/nopie) to /etc/portage/package.env elfutils.

/etc/portage/env/nopie
Code:
CFLAGS="${CFLAGS} -fno-PIE"
CXXFLAGS="${CXXFLAGS} -fno-PIE"
LDFLAGS="${LDFLAGS} -fno-PIE"


If compile without nopie i get the following error:

Code:
>>> Emerging (1 of 1) dev-libs/elfutils-0.191-r2::gentoo
 * elfutils-0.191.tar.bz2 BLAKE2B SHA512 size ;-) ...                                                                                              [ ok ]
>>> Unpacking source...
>>> Unpacking elfutils-0.191.tar.bz2 to /var/tmp/portage/dev-libs/elfutils-0.191-r2/work
>>> Source unpacked in /var/tmp/portage/dev-libs/elfutils-0.191-r2/work
>>> Preparing source in /var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191 ...
 * Applying elfutils-0.189-musl-aarch64-regs.patch ...                                                                                             [ ok ]
 * Applying elfutils-0.191-musl-macros.patch ...                                                                                                   [ ok ]
 * Applying elfutils-0.191-avoid-overriding-libcxx-system-header.patch ...                                                                         [ ok ]
 * Running eautoreconf in '/var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191' ...
 * Running 'autopoint --force' ...                                                                                                                 [ ok ]
 * Running 'aclocal -I m4 --system-acdir=/var/tmp/portage/dev-libs/elfutils-0.191-r2/temp/aclocal' ...                                             [ ok ]
 * Running 'autoconf --force' ...                                                                                                                  [ ok ]
 * Running 'autoheader --force' ...                                                                                                                [ ok ]
 * Running 'automake --add-missing --copy --force-missing' ...                                                                                     [ ok ]
 * Running elibtoolize in: elfutils-0.191/
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191 ...
 * abi_x86_64.amd64: running multilib-minimal_abi_src_configure
 * econf: updating elfutils-0.191/config/config.guess with /usr/share/gnuconfig/config.guess
 * econf: updating elfutils-0.191/config/config.sub with /usr/share/gnuconfig/config.sub
 * econf: updating elfutils-0.191/config.guess with /usr/share/gnuconfig/config.guess
 * econf: updating elfutils-0.191/config.sub with /usr/share/gnuconfig/config.sub
/var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191/configure --prefix=/usr --build=x86_64-pc-linux-musl --host=x86_64-pc-linux-musl --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --datarootdir=/usr/share --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/elfutils-0.191-r2 --htmldir=/usr/share/doc/elfutils-0.191-r2/html --libdir=/usr/lib --enable-nls --disable-debuginfod --disable-libdebuginfod --disable-valgrind-annotations --disable-thread-safety --disable-valgrind --program-prefix=eu- --with-zlib --with-bzlib --without-lzma --with-zstd
checking for a BSD-compatible install... /usr/lib/portage/python3.12/ebuild-helpers/xattr/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-pc-linux-musl
checking host system type... x86_64-pc-linux-musl
checking for x86_64-pc-linux-musl-gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether clang accepts -g... yes
checking for clang option to enable C11 features... none needed
checking whether clang understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of clang... none
checking whether the compiler supports GNU C++... yes
checking whether clang++ accepts -g... yes
checking for clang++ option to enable C++11 features... none needed
checking dependency style of clang++... none
checking for x86_64-pc-linux-musl-ranlib... llvm-ranlib
checking for bison... bison -y
checking for flex... flex
checking for lex output file root... lex.yy
checking for lex library... none needed
checking whether yytext is a pointer... yes
checking for x86_64-pc-linux-musl-ar... llvm-ar
checking the archiver (llvm-ar) interface... ar
checking for x86_64-pc-linux-musl-readelf... llvm-readelf
checking for x86_64-pc-linux-musl-nm... llvm-nm
checking whether gcc supports __attribute__((visibility()))... yes
checking whether gcc supports __attribute__((gcc_struct))... no
checking whether gcc supports -fPIC... yes
checking whether gcc supports -fPIE... yes
checking whether gcc supports -Wl,-z,defs... yes
checking whether the compiler generates build-ids... no
configure: WARNING: compiler doesn't generate build-id by default
checking whether gcc supports -Wl,-z,relro... yes
checking for __thread support... no
configure: error: __thread support required

!!! Please attach the following file when seeking support:
!!! /var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191-abi_x86_64.amd64/config.log
 * ERROR: dev-libs/elfutils-0.191-r2::gentoo failed (configure phase):
 *   econf failed
 *
 * Call stack:
 *               ebuild.sh, line  136:  Called src_configure
 *             environment, line 2507:  Called multilib-minimal_src_configure
 *             environment, line 1853:  Called multilib_foreach_abi 'multilib-minimal_abi_src_configure'
 *             environment, line 2103:  Called multibuild_foreach_variant '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure'
 *             environment, line 1808:  Called _multibuild_run '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure'
 *             environment, line 1806:  Called _multilib_multibuild_wrapper 'multilib-minimal_abi_src_configure'
 *             environment, line  575:  Called multilib-minimal_abi_src_configure
 *             environment, line 1847:  Called multilib_src_configure
 *             environment, line 2328:  Called econf '--enable-nls' '--disable-debuginfod' '--disable-libdebuginfod' '--disable-valgrind-annotations' '--disable-thread-safety' '--disable-valgrind' '--program-prefix=eu-' '--with-zlib' '--with-bzlib' '--without-lzma' '--with-zstd'
 *        phase-helpers.sh, line  647:  Called __helpers_die 'econf failed'
 *   isolated-functions.sh, line  112:  Called die
 * The specific snippet of code:
 *         die "$@"
 *
 * If you need support, post the output of `emerge --info '=dev-libs/elfutils-0.191-r2::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=dev-libs/elfutils-0.191-r2::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/dev-libs/elfutils-0.191-r2/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/dev-libs/elfutils-0.191-r2/temp/environment'.
 * Working directory: '/var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191-abi_x86_64.amd64'
 * S: '/var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191'

>>> Failed to emerge dev-libs/elfutils-0.191-r2, Log file:

>>>  '/var/tmp/portage/dev-libs/elfutils-0.191-r2/temp/build.log'

 * Messages for package dev-libs/elfutils-0.191-r2:

 * ERROR: dev-libs/elfutils-0.191-r2::gentoo failed (configure phase):
 *   econf failed
 *
 * Call stack:
 *               ebuild.sh, line  136:  Called src_configure
 *             environment, line 2507:  Called multilib-minimal_src_configure
 *             environment, line 1853:  Called multilib_foreach_abi 'multilib-minimal_abi_src_configure'
 *             environment, line 2103:  Called multibuild_foreach_variant '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure'
 *             environment, line 1808:  Called _multibuild_run '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure'
 *             environment, line 1806:  Called _multilib_multibuild_wrapper 'multilib-minimal_abi_src_configure'
 *             environment, line  575:  Called multilib-minimal_abi_src_configure
 *             environment, line 1847:  Called multilib_src_configure
 *             environment, line 2328:  Called econf '--enable-nls' '--disable-debuginfod' '--disable-libdebuginfod' '--disable-valgrind-annotations' '--disable-thread-safety' '--disable-valgrind' '--program-prefix=eu-' '--with-zlib' '--with-bzlib' '--without-lzma' '--with-zstd'
 *        phase-helpers.sh, line  647:  Called __helpers_die 'econf failed'
 *   isolated-functions.sh, line  112:  Called die
 * The specific snippet of code:
 *         die "$@"
 *
 * If you need support, post the output of `emerge --info '=dev-libs/elfutils-0.191-r2::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=dev-libs/elfutils-0.191-r2::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/dev-libs/elfutils-0.191-r2/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/dev-libs/elfutils-0.191-r2/temp/environment'.
 * Working directory: '/var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191-abi_x86_64.amd64'
 * S: '/var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191'



That i don't have to add hardening flag manual is new to me because if i don't add these flags in compiler log there a missing.

Example tmux here is a compiler output line without the hardend flags vars in make.conf.

Code:
clang -std=gnu99    -march=native -O2 -pipe -flto=thin -Werror=odr -Werror=strict-aliasing  -Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,--as-needed -Wl,-O2 -Wl,--as-needed -o tmux alerts.o arguments.o attributes.o cfg.o client.o cmd-attach-session.o cmd-bind-key.o cmd-break-pane.o cmd-capture-pane.o cmd-choose-tree.o cmd-command-prompt.o cmd-confirm-before.o cmd-copy-mode.o cmd-detach-client.o cmd-display-menu.o cmd-display-message.o cmd-display-panes.o cmd-find-window.o cmd-find.o cmd-if-shell.o cmd-join-pane.o cmd-kill-pane.o cmd-kill-server.o cmd-kill-session.o cmd-kill-window.o cmd-list-buffers.o cmd-list-clients.o cmd-list-keys.o cmd-list-panes.o cmd-list-sessions.o cmd-list-windows.o cmd-load-buffer.o cmd-lock-server.o cmd-move-window.o cmd-new-session.o cmd-new-window.o cmd-parse.o cmd-paste-buffer.o cmd-pipe-pane.o cmd-queue.o cmd-refresh-client.o cmd-rename-session.o cmd-rename-window.o cmd-resize-pane.o cmd-resize-window.o cmd-respawn-pane.o cmd-respawn-window.o cmd-rotate-window.o cmd-run-shell.o cmd-save-buffer.o cmd-select-layout.o cmd-select-pane.o cmd-select-window.o cmd-send-keys.o cmd-server-access.o cmd-set-buffer.o cmd-set-environment.o cmd-set-option.o cmd-show-environment.o cmd-show-messages.o cmd-show-options.o cmd-show-prompt-history.o cmd-source-file.o cmd-split-window.o cmd-swap-pane.o cmd-swap-window.o cmd-switch-client.o cmd-unbind-key.o cmd-wait-for.o cmd.o colour.o control-notify.o control.o environ.o file.o format.o format-draw.o grid-reader.o grid-view.o grid.o hyperlinks.o input-keys.o input.o job.o key-bindings.o key-string.o layout-custom.o layout-set.o layout.o log.o menu.o mode-tree.o names.o notify.o options-table.o options.o paste.o popup.o proc.o regsub.o resize.o screen-redraw.o screen-write.o screen.o server-acl.o server-client.o server-fn.o server.o session.o spawn.o status.o style.o tmux.o tty-acs.o tty-features.o tty-keys.o tty-term.o tty.o utf8-combined.o utf8.o window-buffer.o window-client.o window-clock.o window-copy.o window-customize.o window-tree.o window.o xmalloc.o  osdep-linux.o    compat/closefrom.o compat/freezero.o compat/getdtablecount.o compat/getpeereid.o compat/getprogname.o compat/htonll.o compat/ntohll.o compat/setproctitle.o compat/strtonum.o compat/recallocarray.o compat/getopt.o compat/base64.o compat/imsg.o compat/imsg-buffer.o compat/vis.o compat/unvis.o compat/fdforkpty.o -lxnet -ltinfo -levent_core -lm


And this it the output with hardened flags:

Code:
clang -std=gnu99    -march=native -O2 -pipe -flto=thin -Werror=odr -Werror=strict-aliasing -fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -fcf-protection=full -D_FORTIFY_SOURCE=2  -Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,--as-needed -Wl,-O2 -Wl,--as-needed -Wl,-z,relro,-z,now -pie -o tmux alerts.o arguments.o attributes.o cfg.o client.o cmd-attach-session.o cmd-bind-key.o cmd-break-pane.o cmd-capture-pane.o cmd-choose-tree.o cmd-command-prompt.o cmd-confirm-before.o cmd-copy-mode.o cmd-detach-client.o cmd-display-menu.o cmd-display-message.o cmd-display-panes.o cmd-find-window.o cmd-find.o cmd-if-shell.o cmd-join-pane.o cmd-kill-pane.o cmd-kill-server.o cmd-kill-session.o cmd-kill-window.o cmd-list-buffers.o cmd-list-clients.o cmd-list-keys.o cmd-list-panes.o cmd-list-sessions.o cmd-list-windows.o cmd-load-buffer.o cmd-lock-server.o cmd-move-window.o cmd-new-session.o cmd-new-window.o cmd-parse.o cmd-paste-buffer.o cmd-pipe-pane.o cmd-queue.o cmd-refresh-client.o cmd-rename-session.o cmd-rename-window.o cmd-resize-pane.o cmd-resize-window.o cmd-respawn-pane.o cmd-respawn-window.o cmd-rotate-window.o cmd-run-shell.o cmd-save-buffer.o cmd-select-layout.o cmd-select-pane.o cmd-select-window.o cmd-send-keys.o cmd-server-access.o cmd-set-buffer.o cmd-set-environment.o cmd-set-option.o cmd-show-environment.o cmd-show-messages.o cmd-show-options.o cmd-show-prompt-history.o cmd-source-file.o cmd-split-window.o cmd-swap-pane.o cmd-swap-window.o cmd-switch-client.o cmd-unbind-key.o cmd-wait-for.o cmd.o colour.o control-notify.o control.o environ.o file.o format.o format-draw.o grid-reader.o grid-view.o grid.o hyperlinks.o input-keys.o input.o job.o key-bindings.o key-string.o layout-custom.o layout-set.o layout.o log.o menu.o mode-tree.o names.o notify.o options-table.o options.o paste.o popup.o proc.o regsub.o resize.o screen-redraw.o screen-write.o screen.o server-acl.o server-client.o server-fn.o server.o session.o spawn.o status.o style.o tmux.o tty-acs.o tty-features.o tty-keys.o tty-term.o tty.o utf8-combined.o utf8.o window-buffer.o window-client.o window-clock.o window-copy.o window-customize.o window-tree.o window.o xmalloc.o  osdep-linux.o    compat/closefrom.o compat/freezero.o compat/getdtablecount.o compat/getpeereid.o compat/getprogname.o compat/htonll.o compat/ntohll.o compat/setproctitle.o compat/strtonum.o compat/recallocarray.o compat/getopt.o compat/base64.o compat/imsg.o compat/imsg-buffer.o compat/vis.o compat/unvis.o compat/fdforkpty.o -lxnet -ltinfo -levent_core -lm
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1681
Location: South America

PostPosted: Wed Nov 06, 2024 11:35 pm    Post subject: Reply with quote

xo ip wrote:
Code:
>>> Configuring source in /var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191 ...
...
checking for __thread support... no
configure: error: __thread support required

!!! Please attach the following file when seeking support:
!!! /var/tmp/portage/dev-libs/elfutils-0.191-r2/work/elfutils-0.191-abi_x86_64.amd64/config.log

Check in that file what happened with the configure script's test of __thread support.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum