Re: Bug#531942: FTBFS on mipsel due to missing -fPIC
On Mon, Jun 22, 2009 at 07:05:05AM +0200, Aurelien Jarno wrote:
> On Sat, Jun 13, 2009 at 11:59:10AM +0200, Luk Claes wrote:
> > Colin Watson wrote:
> > > On Fri, Jun 05, 2009 at 10:34:36PM +0200, Luk Claes wrote:
> > >> Colin Watson wrote:
> > >>> On Fri, Jun 05, 2009 at 08:11:43AM +0200, Luk Claes wrote:
> > >>>> mips and mipsel do now also need the -fPIC compilation flag to make
> > >>>> sure shared objects only contain position independent code.
> > >>> It surprises me that -fPIE doesn't imply this. Anyway, I've committed a
> > >>> fix, thanks.
> > >> Apparently this does not fix it :-(
> > >>
> > >> Maybe it's a mips* specific binutils issue?
> > >
> > > The build log
> > > (https://buildd.debian.org/fetch.cgi?pkg=openssh;ver=1%3A5.1p1-6;arch=mips;stamp=1244203115)
> > > says (reordering slightly to eliminate 'make -j' confusion):
> > >
> > > gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o -L. -Lopenbsd-compat/ -fPIC -fPIE -pie -lssh -lopenbsd-compat -lwrap -lpam -ldl -lselinux -lresolv -lcrypto -lutil -lz -lnsl -lcrypt -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -std=gnu99 -O2 -fPIC -fPIE -DLOGIN_PROGRAM="/bin/login" -DLOGIN_NO_ENDOPT -DSSH_EXTRAVERSION="Debian-6" -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
> > > /usr/bin/ld: non-dynamic relocations refer to dynamic symbol deny_severity
> > > /usr/bin/ld: failed to set dynamic section sizes: Bad value
> > > collect2: ld returned 1 exit status
> > > make: *** [sshd] Error 1
> > >
> > > deny_severity is a symbol defined in sshd.c, but it's there for the
> > > benefit of libwrap. If I'm reading the warning correctly, it's
> > > complaining that libwrap is "non-dynamic".
> > >
> > > libwrap is currently built with -fpic. Perhaps it needs to be built with
> > > -fPIC instead? Luk, would it be possible for you to try this out
> > > experimentally and see if it makes a difference?
> > I'm going to Cc the mips list as I have currently no mips or mipsel
> > machine ready to install a recompiled libwrap0-dev (and libwrap0) from
> > tcp-wrappers (with -FPIC in debian/patches/13_shlib_weaksym instead of
> > -fpic) as build dependency of openssh.
> > So can anyone rebuild tcp-wrappers on mips or mipsel as described above
> > and use that to compile openssh to test if it builds successfully?
> On mips, -fpic and -fPIC should be the same, and this is confirmed by
> tests this does not change the result.
> The problem actually has nothing to do with -fpic, it is due to the fact
> that deny_severity is exported by libwrap0, while being redeclared in
> in sshd.c. In <tcpd.h> it is defined as (debian specific change)
> | #ifdef HAVE_WEAKSYMS
> | extern int allow_severity __attribute__ ((weak)); /* for connection logging */
> | extern int deny_severity __attribute__ ((weak)); /* for connection logging */
> | #else
> | extern int allow_severity; /* for connection logging */
> | extern int deny_severity; /* for connection logging */
> | #endif
> When <tcpd.h> is included from inside of tcp-wrappers, HAVE_WEAKSYMS is
> not defined. When included from sshd.c it is not, so the non-weak
> declaration of allow_severity and deny_severity is used.
> A quick workaround is to #define HAVE_WEAKSYMS before including
Actually this is wrong as it defines allow_severity and deny_severity as
weak symbols in sshd.c, which is wrong. The problem is in tcp-wrappers
which does not define them as weak for some unknown reason (not specific
Aurelien Jarno GPG: 1024D/F1BCDB73