Viktor Dukhovni:
> On Wed, Feb 04, 2015 at 03:31:03PM +1300, Peter wrote:
>
> > Well for now, then I'll just have to remove -pie, but if I can get that
> > in as a feature request to make -pie work with shared=yes, then I would
> > really appreciate it. Not sure if it should be considered a block
On 02/04/2015 06:15 PM, Viktor Dukhovni wrote:
> And they still work I hope, ... If you can, please also check that
> dynamic maps still load.
I would hope so but I haven't actually run them yet. I will be pushing
them out to my testing repo soon and get some people to test.
Peter
On Wed, Feb 04, 2015 at 06:12:07PM +1300, Peter wrote:
> On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> > However, if my quick hack works, let us know, at least we'll know
> > what needs to be done to support this at some point later.
>
> It works, hardening check shows all the executables to b
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> However, if my quick hack works, let us know, at least we'll know
> what needs to be done to support this at some point later.
It works, hardening check shows all the executables to be position
independent.
Peter
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
> Yes, but they did not use shared libraries. The compatible thing
> to do would be a statically linked build. Once you're changing
> the build, you may as well drop PIE support for now.
Right, I would not have pursued pie support much further, but
On Wed, Feb 04, 2015 at 05:00:40PM +1300, Peter wrote:
> This is more along the lines of, I'm building 3rd-party postfix packages
> for CentOS, the current stable postfix packages (sourced from Fedora)
> have -pie enabled and so I'd like to keep it enabled if at all possible.
Yes, but they did no
On 02/04/2015 04:07 PM, Viktor Dukhovni wrote:
> The low-level details are easy, the hard part is the interface
> glue. How should users be able to specify such flags, updating
> the INSTALL documentation, ...
>
> For a preview of a brute-force hack that makes it work, apply
> the patch below:
>
On Wed, Feb 04, 2015 at 03:40:51PM +1300, Peter wrote:
> On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
> > We've never supported "pie", so if shared libraries don't work with
> > "pie" that's not a bug. Perhaps "pie" support could be considered
> > for 3.1.
>
> Ok, I'm fine with that.
The low-
On 02/04/2015 03:39 PM, Viktor Dukhovni wrote:
> We've never supported "pie", so if shared libraries don't work with
> "pie" that's not a bug. Perhaps "pie" support could be considered
> for 3.1.
Ok, I'm fine with that.
Peter
On Wed, Feb 04, 2015 at 03:31:03PM +1300, Peter wrote:
> Well for now, then I'll just have to remove -pie, but if I can get that
> in as a feature request to make -pie work with shared=yes, then I would
> really appreciate it. Not sure if it should be considered a blocker for
> 3.0.0 or not, thou
Am 04.02.2015 um 03:31 schrieb Peter:
On 02/04/2015 02:47 PM, Viktor Dukhovni wrote:
It may be tricky, Postfix applies "AUXLIBS" when building both the
final executables, and the shared libraries, but it seems that
"-pie" is not appropriate for shared libraries. Additinal "makedefs"
and Makefi
On 02/04/2015 02:46 PM, li...@rhsoft.net wrote:
> not for dynamic build but that below is from my rpmbuilder and it's a
> hardened build supporting ASLR
> AUXLIBS="-lpcre -L%{_libdir}/mysql -lmysqlclient -lm -L%{_libdir}/sasl2
> -lsasl2 -lssl -lcrypto -pie -Wl,-z,now -Wl,-z,relro,-z,noexecstack"
On 02/04/2015 02:47 PM, Viktor Dukhovni wrote:
> It may be tricky, Postfix applies "AUXLIBS" when building both the
> final executables, and the shared libraries, but it seems that
> "-pie" is not appropriate for shared libraries. Additinal "makedefs"
> and Makefile.in logic would be required to c
On Wed, Feb 04, 2015 at 02:31:37PM +1300, Peter wrote:
> Can you suggest the combination with -pie that is supposed to work and
> actually *does* work?
It may be tricky, Postfix applies "AUXLIBS" when building both the
final executables, and the shared libraries, but it seems that
"-pie" is not a
Am 04.02.2015 um 02:31 schrieb Peter:
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
BUT one belongs to CCARGS and the other to AUXLIBS
re-read the previous mails in this thread!
...and from one of *my* previous emails:
make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
...also
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
> BUT one belongs to CCARGS and the other to AUXLIBS
> re-read the previous mails in this thread!
...and from one of *my* previous emails:
> make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
>
> ...also fails
Can you suggest the combina
Am 03.02.2015 um 23:35 schrieb Peter:
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
Of course it does. You used both "-fPIE" and "-fpie".
No, I used both -fPIE and -pie (without the "f")
BUT one belongs to CCARGS and
On 02/04/2015 11:31 AM, Viktor Dukhovni wrote:
>> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
>> ...fails
>
> Of course it does. You used both "-fPIE" and "-fpie".
No, I used both -fPIE and -pie (without the "f").
Peter
On Wed, Feb 04, 2015 at 11:11:43AM +1300, Peter wrote:
> On 02/04/2015 10:47 AM, Viktor Dukhovni wrote:
> > No, not CCARGS, AUXLIBS:
> >
> > make -f Makefile.in shared=yes "AUXLIBS=-fPIE" makefiles
> > make
> >
> > works with the GCC toolchain on my machine.
>
> make makefiles shared=yes
On 02/04/2015 10:47 AM, Viktor Dukhovni wrote:
> No, not CCARGS, AUXLIBS:
>
> make -f Makefile.in shared=yes "AUXLIBS=-fPIE" makefiles
> make
>
> works with the GCC toolchain on my machine.
make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-fPIE -pie'
...fails
On 02/04/2015 10:49 AM, Wi
Viktor Dukhovni:
> On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
>
> > I simplified it down to this and was still got the error:
> > make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If you want PIE support, you'll need to use "-fPIE" (upper-case).
> This makes it possible to e
On Wed, Feb 04, 2015 at 10:45:23AM +1300, Peter wrote:
> On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
> > On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
> >
> >> I simplified it down to this and was still got the error:
> >> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
> >
>
On 02/04/2015 10:20 AM, Viktor Dukhovni wrote:
> On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
>
>> I simplified it down to this and was still got the error:
>> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If you want PIE support, you'll need to use "-fPIE" (upper-case).
>
On Wed, Feb 04, 2015 at 09:59:28AM +1300, Peter wrote:
> I simplified it down to this and was still got the error:
> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
If you want PIE support, you'll need to use "-fPIE" (upper-case).
This makes it possible to enable ASLR for the Postfix bina
On 02/04/2015 09:59 AM, Peter wrote:
> I simplified it down to this and was still got the error:
> make makefiles shared=yes 'CCARGS=-fPIC' 'AUXLIBS=-pie'
>
> If I remove the -pie from AUXLIBS (either from the simplified version or
> the full version) it builds just fine. It also builds just fine
On 02/04/2015 09:16 AM, Wietse Venema wrote:
> OK, show the complete "make makefiles" command that you used without
> the insanely complicated Linux build process. I have a few Linux
> boxen where I can try that command myself.
The full "make makefiles" was:
make -f Makefile.init makefiles shared=
Peter:
> On 02/04/2015 01:25 AM, Wietse Venema wrote:
> > Execute the following commands by themselves, not as part of
> > some insnaly complicated Linux build process.
> >
> > make makefiles
> > make
> >
> > If that works without error, then you made a mistake with the Linux
> > build proce
On 02/04/2015 01:25 AM, Wietse Venema wrote:
> Execute the following commands by themselves, not as part of
> some insnaly complicated Linux build process.
>
> make makefiles
> make
>
> If that works without error, then you made a mistake with the Linux
> build process.
Still does the same
Peter:
> I'm trying to build Postfix 3.0.0 with dynamic loadable module support
> (it builds fine without). When I add shared=yes dynamicmaps=yes to make
> makefiles I get the following (fpaste of build.log from mock):
> http://paste.fedoraproject.org/180820/14229612 (http://ur1.ca/jmm0z)
>
> Not
I'm trying to build Postfix 3.0.0 with dynamic loadable module support
(it builds fine without). When I add shared=yes dynamicmaps=yes to make
makefiles I get the following (fpaste of build.log from mock):
http://paste.fedoraproject.org/180820/14229612 (http://ur1.ca/jmm0z)
Note that the errors i
30 matches
Mail list logo
