On 10/2/20 6:31 AM, Vitaly Zaitsev via devel wrote:
On 01.10.2020 22:48, Jeff Law wrote:
What you want to do to fix this is force -fPIC into the build flags.
That inhibits local symbol resolution and the copy relocs that are so
problematical for QT.  You can see examples of how to do this in the
clementine package.
Telegram Desktop already uses -fPIC:

I would suggest looking for any uses of -fPIE when compiling the C/C++ sources.  PIE allows local binding for some object acceses (and again, its local binding of objects that runs afoul of key aspects of the QT libraries).


The package I've been looking at (nextcloud) has this gem in a couple of its CMakeLists.txt files:


 if(UNIX AND NOT APPLE)
  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIE")
  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie")
 endif()

Which means we pass -fPIE when building .o files and thus the flag is ultimately passed through to LTO compiles which in turn enables the problematic symbol binding.  -fPIC is the right thing for QT applications given the way the library works.  Note that in the case of nextcloud, I don't think that was a global setting across the entire package -- it was used in just specific subdirectories and thus didn't show up in every invocation of the compiler.


Note that compiling the objects with -fPIC still allows creating a PIE executable via the -pie option at link time.  This is critically important from a security standpoint.

jeff

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Reply via email to