Hello community, here is the log from the commit of package trustedgrub2 for openSUSE:Factory checked in at 2017-04-11 09:41:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trustedgrub2 (Old) and /work/SRC/openSUSE:Factory/.trustedgrub2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trustedgrub2" Tue Apr 11 09:41:24 2017 rev:3 rq:485025 version:1.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trustedgrub2/trustedgrub2.changes 2017-02-20 13:15:20.706348547 +0100 +++ /work/SRC/openSUSE:Factory/.trustedgrub2.new/trustedgrub2.changes 2017-04-11 09:41:26.752588160 +0200 @@ -1,0 +2,7 @@ +Tue Apr 4 05:42:34 UTC 2017 - meiss...@suse.com + +- disable PIE building, does not make sense for bootloader. + * trustedgrub2-no-pie.patch + * trustedgrub2-no-pie2.patch + +------------------------------------------------------------------- New: ---- trustedgrub2-no-pie.patch trustedgrub2-no-pie2.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trustedgrub2.spec ++++++ --- /var/tmp/diff_new_pack.zmbfoF/_old 2017-04-11 09:41:28.004411323 +0200 +++ /var/tmp/diff_new_pack.zmbfoF/_new 2017-04-11 09:41:28.008410759 +0200 @@ -30,6 +30,10 @@ Patch2: grub2-linguas.sh-no-rsync.patch Patch3: 0001-build-Use-AC_HEADER_MAJOR-to-find-device-macros.patch Patch4: 0002-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch +# from upstream a3e9da054d00260f274cfd9d1b9611c32ecd437c +Patch5: trustedgrub2-no-pie.patch +# from upstream b53f595b3ed989335d7cd1618a5502270cdb26de +Patch6: trustedgrub2-no-pie2.patch # Btrfs snapshot booting related patches Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch Patch102: grub2-btrfs-02-export-subvolume-envvars.patch @@ -84,6 +88,8 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 ++++++ trustedgrub2-no-pie.patch ++++++ commit a3e9da054d00260f274cfd9d1b9611c32ecd437c Author: Magnus Granberg <zo...@gentoo.org> Date: Wed Dec 14 20:44:41 2016 +0300 configure: add check for -no-pie if the compiler default to -fPIE When Grub is compile with gcc 6.1 that have --enable-defult-pie set. It fail with. -ffreestanding -m32 -Wl,-melf_i386 -Wl,--build-id=none -nostdlib -Wl,-N -Wl,-r,-d - o trig.module trig_module-trigtables.o grep 'MARKER' gcry_whirlpool.marker.new > gcry_whirlpool.marker; rm -f gcry_whirlpool.marker.new /usr/lib/gcc/x86_64-pc-linux-gnu/6.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: -r and - shared may not be used together collect2: error: ld returned 1 exit status Makefile:26993: recipe for target 'trig.module' failed Check that compiler supports -no-pie and add it to linker flags. Index: trustedgrub2-1.4.0/acinclude.m4 =================================================================== --- trustedgrub2-1.4.0.orig/acinclude.m4 +++ trustedgrub2-1.4.0/acinclude.m4 @@ -390,6 +390,24 @@ else [fi] ]) +dnl Check if the Linker supports `-no-pie'. +AC_DEFUN([grub_CHECK_NO_PIE], +[AC_MSG_CHECKING([whether linker accepts -no-pie]) +AC_CACHE_VAL(grub_cv_cc_ld_no_pie, +[save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS -no-pie" +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], + [grub_cv_cc_ld_no_pie=yes], + [grub_cv_cc_ld_no_pie=no]) +LDFLAGS="$save_LDFLAGS" +]) +AC_MSG_RESULT([$grub_cv_cc_ld_no_pie]) +nopie_possible=no +if test "x$grub_cv_cc_ld_no_pie" = xyes ; then + nopie_possible=yes +fi +]) + dnl Check if the C compiler supports `-fPIC'. AC_DEFUN([grub_CHECK_PIC],[ [# Position independent executable. Index: trustedgrub2-1.4.0/configure.ac =================================================================== --- trustedgrub2-1.4.0.orig/configure.ac +++ trustedgrub2-1.4.0/configure.ac @@ -1162,13 +1162,18 @@ CFLAGS="$TARGET_CFLAGS" # Position independent executable. grub_CHECK_PIE +grub_CHECK_NO_PIE [# Need that, because some distributions ship compilers that include -# `-fPIE' in the default specs. +# `-fPIE' or '-fpie' and '-pie' in the default specs. if [ x"$pie_possible" = xyes ]; then - TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE" + TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -fno-pie" +fi +if [ x"$nopie_possible" = xyes ] && [ x"$pie_possible" = xyes ]; then + TARGET_LDFLAGS="$TARGET_LDFLAGS -no-pie" fi] CFLAGS="$TARGET_CFLAGS" +LDFLAGS="$TARGET_LDFLAGS" # Position independent executable. grub_CHECK_PIC ++++++ trustedgrub2-no-pie2.patch ++++++ commit b53f595b3ed989335d7cd1618a5502270cdb26de Author: Vladimir Serbinenko <phco...@gmail.com> Date: Mon Jan 30 14:38:50 2017 +0100 Fix -nopie/-nopie check. We don't use lgcc_s but missing lgcc_s or another library cause test to fail. So use -nostdlib. We need to use -Werror to avoid warning-generated case to be accepted. Clang uses -nopie rather than -no-pie. Check both and use whichever one works. Additionally android clang passes -pie to the linker even though it doesn't define __PIE__. So if compilation without no-pie logic fails add -nopie/-no-pie even if __PIE__ is not defined. diff --git a/acinclude.m4 b/acinclude.m4 index 7884c1bb5..78cdf6e1d 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -390,12 +390,29 @@ else [fi] ]) +AC_DEFUN([grub_CHECK_LINK_PIE],[ +[# Position independent executable. +link_nopie_needed=no] +AC_MSG_CHECKING([whether linker needs disabling of PIE to work]) +AC_LANG_CONFTEST([AC_LANG_SOURCE([[]])]) + +[if eval "$ac_compile -Wl,-r,-d -nostdlib -Werror -o conftest.o" 2> /dev/null; then] + AC_MSG_RESULT([no]) + [# Should we clear up other files as well, having called `AC_LANG_CONFTEST'? + rm -f conftest.o +else + link_nopie_needed=yes] + AC_MSG_RESULT([yes]) +[fi] +]) + + dnl Check if the Linker supports `-no-pie'. AC_DEFUN([grub_CHECK_NO_PIE], [AC_MSG_CHECKING([whether linker accepts -no-pie]) AC_CACHE_VAL(grub_cv_cc_ld_no_pie, [save_LDFLAGS="$LDFLAGS" -LDFLAGS="$LDFLAGS -no-pie" +LDFLAGS="$LDFLAGS -no-pie -nostdlib -Werror" AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [grub_cv_cc_ld_no_pie=yes], [grub_cv_cc_ld_no_pie=no]) @@ -408,6 +425,23 @@ if test "x$grub_cv_cc_ld_no_pie" = xyes ; then fi ]) +AC_DEFUN([grub_CHECK_NO_PIE_ONEWORD], +[AC_MSG_CHECKING([whether linker accepts -nopie]) +AC_CACHE_VAL(grub_cv_cc_ld_no_pie_oneword, +[save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS -nopie -nostdlib -Werror" +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], + [grub_cv_cc_ld_no_pie_oneword=yes], + [grub_cv_cc_ld_no_pie_oneword=no]) +LDFLAGS="$save_LDFLAGS" +]) +AC_MSG_RESULT([$grub_cv_cc_ld_no_pie_oneword]) +nopie_oneword_possible=no +if test "x$grub_cv_cc_ld_no_pie_oneword" = xyes ; then + nopie_oneword_possible=yes +fi +]) + dnl Check if the C compiler supports `-fPIC'. AC_DEFUN([grub_CHECK_PIC],[ [# Position independent executable. diff --git a/configure.ac b/configure.ac index 33146b41a..8f527544b 100644 --- a/configure.ac +++ b/configure.ac @@ -1202,13 +1202,21 @@ CFLAGS="$TARGET_CFLAGS" # Position independent executable. grub_CHECK_PIE grub_CHECK_NO_PIE +grub_CHECK_NO_PIE_ONEWORD +grub_CHECK_LINK_PIE [# Need that, because some distributions ship compilers that include # `-fPIE' or '-fpie' and '-pie' in the default specs. if [ x"$pie_possible" = xyes ]; then TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -fno-pie" fi -if [ x"$nopie_possible" = xyes ] && [ x"$pie_possible" = xyes ]; then - TARGET_LDFLAGS="$TARGET_LDFLAGS -no-pie" + +if [ x"$link_nopie_needed" = xyes ] || [ x"$pie_possible" = xyes ]; then + if [ x"$nopie_possible" = xyes ]; then + TARGET_LDFLAGS="$TARGET_LDFLAGS -no-pie" + fi + if [ x"$nopie_oneword_possible" = xyes ]; then + TARGET_LDFLAGS="$TARGET_LDFLAGS -nopie" + fi fi] CFLAGS="$TARGET_CFLAGS"