Hello community,
here is the log from the commit of package trustedgrub2 for openSUSE:Factory
checked in at 2017-04-11 09:41:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trustedgrub2 (Old)
and /work/SRC/openSUSE:Factory/.trustedgrub2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trustedgrub2"
Tue Apr 11 09:41:24 2017 rev:3 rq:485025 version:1.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/trustedgrub2/trustedgrub2.changes
2017-02-20 13:15:20.706348547 +0100
+++ /work/SRC/openSUSE:Factory/.trustedgrub2.new/trustedgrub2.changes
2017-04-11 09:41:26.752588160 +0200
@@ -1,0 +2,7 @@
+Tue Apr 4 05:42:34 UTC 2017 - meiss...@suse.com
+
+- disable PIE building, does not make sense for bootloader.
+ * trustedgrub2-no-pie.patch
+ * trustedgrub2-no-pie2.patch
+
+-------------------------------------------------------------------
New:
----
trustedgrub2-no-pie.patch
trustedgrub2-no-pie2.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ trustedgrub2.spec ++++++
--- /var/tmp/diff_new_pack.zmbfoF/_old 2017-04-11 09:41:28.004411323 +0200
+++ /var/tmp/diff_new_pack.zmbfoF/_new 2017-04-11 09:41:28.008410759 +0200
@@ -30,6 +30,10 @@
Patch2: grub2-linguas.sh-no-rsync.patch
Patch3: 0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch
Patch4: 0002-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch
+# from upstream a3e9da054d00260f274cfd9d1b9611c32ecd437c
+Patch5: trustedgrub2-no-pie.patch
+# from upstream b53f595b3ed989335d7cd1618a5502270cdb26de
+Patch6: trustedgrub2-no-pie2.patch
# Btrfs snapshot booting related patches
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
@@ -84,6 +88,8 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
++++++ trustedgrub2-no-pie.patch ++++++
commit a3e9da054d00260f274cfd9d1b9611c32ecd437c
Author: Magnus Granberg <zo...@gentoo.org>
Date: Wed Dec 14 20:44:41 2016 +0300
configure: add check for -no-pie if the compiler default to -fPIE
When Grub is compile with gcc 6.1 that have --enable-defult-pie set.
It fail with.
-ffreestanding -m32 -Wl,-melf_i386 -Wl,--build-id=none -nostdlib -Wl,-N
-Wl,-r,-d -
o trig.module trig_module-trigtables.o
grep 'MARKER' gcry_whirlpool.marker.new > gcry_whirlpool.marker; rm -f
gcry_whirlpool.marker.new
/usr/lib/gcc/x86_64-pc-linux-gnu/6.1.0/../../../../x86_64-pc-linux-gnu/bin/ld:
-r and -
shared may not be used together
collect2: error: ld returned 1 exit status
Makefile:26993: recipe for target 'trig.module' failed
Check that compiler supports -no-pie and add it to linker flags.
Index: trustedgrub2-1.4.0/acinclude.m4
===================================================================
--- trustedgrub2-1.4.0.orig/acinclude.m4
+++ trustedgrub2-1.4.0/acinclude.m4
@@ -390,6 +390,24 @@ else
[fi]
])
+dnl Check if the Linker supports `-no-pie'.
+AC_DEFUN([grub_CHECK_NO_PIE],
+[AC_MSG_CHECKING([whether linker accepts -no-pie])
+AC_CACHE_VAL(grub_cv_cc_ld_no_pie,
+[save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS -no-pie"
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [grub_cv_cc_ld_no_pie=yes],
+ [grub_cv_cc_ld_no_pie=no])
+LDFLAGS="$save_LDFLAGS"
+])
+AC_MSG_RESULT([$grub_cv_cc_ld_no_pie])
+nopie_possible=no
+if test "x$grub_cv_cc_ld_no_pie" = xyes ; then
+ nopie_possible=yes
+fi
+])
+
dnl Check if the C compiler supports `-fPIC'.
AC_DEFUN([grub_CHECK_PIC],[
[# Position independent executable.
Index: trustedgrub2-1.4.0/configure.ac
===================================================================
--- trustedgrub2-1.4.0.orig/configure.ac
+++ trustedgrub2-1.4.0/configure.ac
@@ -1162,13 +1162,18 @@ CFLAGS="$TARGET_CFLAGS"
# Position independent executable.
grub_CHECK_PIE
+grub_CHECK_NO_PIE
[# Need that, because some distributions ship compilers that include
-# `-fPIE' in the default specs.
+# `-fPIE' or '-fpie' and '-pie' in the default specs.
if [ x"$pie_possible" = xyes ]; then
- TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE"
+ TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -fno-pie"
+fi
+if [ x"$nopie_possible" = xyes ] && [ x"$pie_possible" = xyes ]; then
+ TARGET_LDFLAGS="$TARGET_LDFLAGS -no-pie"
fi]
CFLAGS="$TARGET_CFLAGS"
+LDFLAGS="$TARGET_LDFLAGS"
# Position independent executable.
grub_CHECK_PIC
++++++ trustedgrub2-no-pie2.patch ++++++
commit b53f595b3ed989335d7cd1618a5502270cdb26de
Author: Vladimir Serbinenko <phco...@gmail.com>
Date: Mon Jan 30 14:38:50 2017 +0100
Fix -nopie/-nopie check.
We don't use lgcc_s but missing lgcc_s or another library cause test to
fail.
So use -nostdlib.
We need to use -Werror to avoid warning-generated case to be accepted.
Clang uses -nopie rather than -no-pie. Check both and use whichever one
works.
Additionally android clang passes -pie to the linker even though it doesn't
define __PIE__. So if compilation without no-pie logic fails add
-nopie/-no-pie
even if __PIE__ is not defined.
diff --git a/acinclude.m4 b/acinclude.m4
index 7884c1bb5..78cdf6e1d 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -390,12 +390,29 @@ else
[fi]
])
+AC_DEFUN([grub_CHECK_LINK_PIE],[
+[# Position independent executable.
+link_nopie_needed=no]
+AC_MSG_CHECKING([whether linker needs disabling of PIE to work])
+AC_LANG_CONFTEST([AC_LANG_SOURCE([[]])])
+
+[if eval "$ac_compile -Wl,-r,-d -nostdlib -Werror -o conftest.o" 2> /dev/null;
then]
+ AC_MSG_RESULT([no])
+ [# Should we clear up other files as well, having called `AC_LANG_CONFTEST'?
+ rm -f conftest.o
+else
+ link_nopie_needed=yes]
+ AC_MSG_RESULT([yes])
+[fi]
+])
+
+
dnl Check if the Linker supports `-no-pie'.
AC_DEFUN([grub_CHECK_NO_PIE],
[AC_MSG_CHECKING([whether linker accepts -no-pie])
AC_CACHE_VAL(grub_cv_cc_ld_no_pie,
[save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -no-pie"
+LDFLAGS="$LDFLAGS -no-pie -nostdlib -Werror"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_cc_ld_no_pie=yes],
[grub_cv_cc_ld_no_pie=no])
@@ -408,6 +425,23 @@ if test "x$grub_cv_cc_ld_no_pie" = xyes ; then
fi
])
+AC_DEFUN([grub_CHECK_NO_PIE_ONEWORD],
+[AC_MSG_CHECKING([whether linker accepts -nopie])
+AC_CACHE_VAL(grub_cv_cc_ld_no_pie_oneword,
+[save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS -nopie -nostdlib -Werror"
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [grub_cv_cc_ld_no_pie_oneword=yes],
+ [grub_cv_cc_ld_no_pie_oneword=no])
+LDFLAGS="$save_LDFLAGS"
+])
+AC_MSG_RESULT([$grub_cv_cc_ld_no_pie_oneword])
+nopie_oneword_possible=no
+if test "x$grub_cv_cc_ld_no_pie_oneword" = xyes ; then
+ nopie_oneword_possible=yes
+fi
+])
+
dnl Check if the C compiler supports `-fPIC'.
AC_DEFUN([grub_CHECK_PIC],[
[# Position independent executable.
diff --git a/configure.ac b/configure.ac
index 33146b41a..8f527544b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1202,13 +1202,21 @@ CFLAGS="$TARGET_CFLAGS"
# Position independent executable.
grub_CHECK_PIE
grub_CHECK_NO_PIE
+grub_CHECK_NO_PIE_ONEWORD
+grub_CHECK_LINK_PIE
[# Need that, because some distributions ship compilers that include
# `-fPIE' or '-fpie' and '-pie' in the default specs.
if [ x"$pie_possible" = xyes ]; then
TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -fno-pie"
fi
-if [ x"$nopie_possible" = xyes ] && [ x"$pie_possible" = xyes ]; then
- TARGET_LDFLAGS="$TARGET_LDFLAGS -no-pie"
+
+if [ x"$link_nopie_needed" = xyes ] || [ x"$pie_possible" = xyes ]; then
+ if [ x"$nopie_possible" = xyes ]; then
+ TARGET_LDFLAGS="$TARGET_LDFLAGS -no-pie"
+ fi
+ if [ x"$nopie_oneword_possible" = xyes ]; then
+ TARGET_LDFLAGS="$TARGET_LDFLAGS -nopie"
+ fi
fi]
CFLAGS="$TARGET_CFLAGS"
