On Wed, Feb 04, 2015 at 03:40:51PM +1300, Peter wrote:
> On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
> > We've never supported "pie", so if shared libraries don't work with
> > "pie" that's not a bug. Perhaps "pie" support could be considered
> > for 3.1.
>
> Ok, I'm fine with that.
The low-level details are easy, the hard part is the interface
glue. How should users be able to specify such flags, updating
the INSTALL documentation, ...
For a preview of a brute-force hack that makes it work, apply
the patch below:
diff --git a/makedefs b/makedefs
index f7be08c..c8b7d74 100644
--- a/makedefs
+++ b/makedefs
@@ -1090,7 +1090,7 @@ SYSTYPE = $SYSTYPE
_AR = $_AR
ARFL = $ARFL
_RANLIB = $_RANLIB
-SYSLIBS = $AUXLIBS $SYSLIBS $PLUGIN_AUXLIBS
+SYSLIBS = -pie $AUXLIBS $SYSLIBS $PLUGIN_AUXLIBS
CC = $CC $CCARGS \$(WARN)
OPT = $OPT
DEBUG = $DEBUG
and configure Postfix with:
make -f Makefile.init CCARGS="-fPIC ..." AUXLIBS="..."
The "SYSLIBS" flags only get used for linked executable programs,
not shared libraries, but now every object file must be PIC, hence
the extra CCARGS flag.
This is not a user interface, just a proof of concept. To support
this properly we'd need to automatically enable -fPIC for all
objects when PIE is requested for executables.
Note, good luck debugging those (even getting a stack trace) if
you ever run into trouble. I've yet to see a gdb that understands
PIE executables, perhaps I have not yet been using a sufficiently
bleeding-edge toolchain.
--
Viktor.
