It has come to my attention that, on -current PIE architectures (amd64, mips64*, sparc64),
gcc -static will produce a binary that's "generally" static, but that will require a working ld.so to run. This can be a problem if you want to compile static binaries for chroot, or say, you're trying to build a recovery system, and get stranded because you lost ld.so. as far as I know, you can build fully static binaries by: - compiling stuff with -fno-pie - linking with -nopie -static This is what happens on the base system for bin and sbin, so those are safe, e.g.: cc -O2 -pipe -fno-pie -c /usr/src/bin/ls/cmp.c cc -O2 -pipe -fno-pie -c /usr/src/bin/ls/ls.c cc -O2 -pipe -fno-pie -c /usr/src/bin/ls/main.c cc -O2 -pipe -fno-pie -c /usr/src/bin/ls/print.c cc -O2 -pipe -fno-pie -c /usr/src/bin/ls/util.c cc -nopie -static -o ls cmp.o ls.o main.o print.o util.o -lutil This stuff is totally a moving target, it is probably going to change in the future. Note that there are very good reasons to prefer pie binaries in MOST cases, including for 'static' binaries... So, as far as the chroot way goes, the most correct fix is probably to provide ld.so along with your binaries...
