tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Supporting MKPIE but without -pie embedded in wrapper scripts



On Sun, Jan 16, 2022 at 10:17:45PM +0900, PHO wrote:
> Hello,
> 
> While trying to update lang/ghc90 to 9.0.2 and also enabling support for
> PKGSRC_MKPIE, I found the way how the current infrastructure enforces MKPIE
> rather cumbersome for packages that need to bootstrap from a pre-built
> bootkit.
> 
> GHC bootkits consist of a compiler executable and the standard Haskell
> library in the form of a set of static archives (lib*.a), which may or may
> not be built with -fPIC. When lang/ghc90 is to be built, with
> MKPIE_SUPPORTED set to yes, one of these things will happen:
> 
> 1. Bootkit is built without -fPIC, and PKGSRC_MKPIE is set to no.
> 
>      This builds non-PIE GHC fine.
> 
> 2. Bootkit is built with -fPIC, and PKGSRC_MKPIE is set to yes.
> 
>      This builds PIE GHC fine (with some tweaks applied to lang/ghc90).
> 
> 3. Bootkit is built without -fPIC but PKGSRC_MKPIE is set to yes.
> 
>      This fails to build the stage-1 compiler, which is an intermediate
> compiler to build the final, stage-2 compiler that will be installed. This
> is because pkgsrc forces -pie to be passed to the linker regardless of
> compilation stages (because it doesn't know GHC does a 2-stage
> bootstrapping), but the stage-1 compiler needs to be linked against static
> libraries coming from the non-PIC bootkit.
> 
> 4. Bootkit is built with -fPIC but PKGSRC_MKPIE is set to no.
> 
>      This means we have no choice but to link a non-PIC stage-1 compiler *.o
> against static libraries from the bootkit built with -fPIC. This apparently
> works, at least on NetBSD, but... you aren't supposed to do that right? I
> don't know if this works on all the platforms we currently support.
> 
> So, in order for packages like GHC to support MKPIE, we need a way to tell
> pkgsrc that we are going to build PIE on our own responsibility but not
> getting enforced by the infrastructure, such as injecting -pic in linker
> flags, on per-package basis. But this of course means packages that request
> an exemption from the enforcement can accidentally install non-PIE, so a
> post-build check is desired.
> 
> The attached patch introduces a new package-settable variable
> AUTOMATIC_MKPIE and a new check mentioned above. What do you think? Can I
> commit this?

Looks good to me.
 Thomas


Home | Main Index | Thread Index | Old Index