#879027 libtomcrypt: FTBFS on x32: final link failed: Bad value

#879027#5
Date:
2017-10-18 15:22:42 UTC
From:
To:
The latest build of libtomcrypt for x32 (admittedly not a release
architecture) failed per the below excerpts from
https://buildd.debian.org/status/fetch.php?pkg=libtomcrypt&arch=x32&ver=1.18.0-1&stamp=1508165690&raw=0:

  libtool: compile:  gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer -DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time -D_FORTIFY_SOURCE=2 -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro -Wl,-z,now -c src/ciphers/aes/aes.c  -fPIC -DPIC -o src/ciphers/aes/.libs/aes.o
  [...]
  libtool --mode=link --tag=CC gcc -I./src/headers/ -Wall -Wsign-compare -Wshadow -DLTC_SOURCE -Wextra -Wsystem-headers -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wwrite-strings -Wno-type-limits -O3 -funroll-loops -fomit-frame-pointer -DGIT_VERSION=\"1.18.0\" -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -DGMP_DESC -DLTM_DESC -DUSE_LTM -Wdate-time -D_FORTIFY_SOURCE=2  -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro -Wl,-z,now src/ciphers/aes/aes.lo src/ciphers/aes/aes_enc.lo src/ciphers/anubis.lo [...] src/stream/sober128/sober128_test.lo -lgmp -ltommath -o libtomcrypt.la -rpath /usr/local/lib -version-info 1:0
  libtool: link: gcc -shared  -fPIC -DPIC  src/ciphers/aes/.libs/aes.o src/ciphers/aes/.libs/aes_enc.o src/ciphers/.libs/anubis.o [...] src/stream/sober128/.libs/sober128_test.o   -lgmp -ltommath  -O3 -g -O2 -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -specs=/usr/share/dpkg/pie-link.specs -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname -Wl,libtomcrypt.so.1 -o .libs/libtomcrypt.so.1.0.0
  /usr/bin/ld: src/ciphers/aes/.libs/aes.o: relocation R_X86_64_PC32 against symbol `rijndael_setup' can not be used when making a shared object; recompile with -fPIC
  /usr/bin/ld: final link failed: Bad value
  collect2: error: ld returned 1 exit status

I'm not sure why the linker's complaining about missing an option you
did in fact supply, but perhaps the use of pie-*.specs is somehow
throwing things off; please try forgoing PIE on x32 for now.

Thanks!

#879027#10
Date:
2017-10-18 15:31:07 UTC
From:
To:
[+cc steffen, karel]

Any clues about this build failure?

#879027#15
Date:
2017-11-10 16:26:44 UTC
From:
To:
Any updates on this?

I built the library with x32 support on my local machine and that
works as expected
dynamically linked, interpreter /libx32/ld-linux-x32.so.2, for GNU/Linux
3.4.0, BuildID[sha1]=e747673ddc8a354679b2e0f97b12886a7c6273c2, not stripped


Can I somehow create this exact environment locally so I can try to
reproduce?

#879027#20
Date:
2017-11-10 16:30:23 UTC
From:
To:
You can get a guest account on Debian porter machines (we have one for
each architecture which Debian supports). Please follow
https://dsa.debian.org/doc/guest-account/, I’m happy to sponsor your
request.

#879027#25
Date:
2017-11-12 19:12:41 UTC
From:
To:
Sorry, I just realized we don’t actually have an x32 porterbox listed
at https://db.debian.org/machines.cgi.

ucko, what’s the procedure here? How can Steffen get access to a
machine on which to reproduce this issue?

Thanks.

On Fri, Nov 10, 2017 at 5:30 PM, Michael Stapelberg <stapelberg@debian.org> wrote:

#879027#30
Date:
2017-11-13 02:17:10 UTC
From:
To:
Michael Stapelberg <stapelberg@debian.org> writes:

Good question.  Technically, x32 is an alternate ABI for amd64, so the
amd64 porter box could in principle additionally host x32 chroots.
However, to do so, it would need an explicit kernel command line setting
(syscall.x32=y), since x32 binary support is off by default for now to
avoid adding a potential attack vector for little practical gain.

I'm not an official porter or buildd maintainer, and don't know what
setup they use, sorry.

#879027#35
Date:
2017-11-13 08:23:35 UTC
From:
To:
Do I understand correctly that you’re saying booting an amd64 machine
with syscall.x32=y should suffice to reproduce the issue?

#879027#40
Date:
2017-11-13 16:20:23 UTC
From:
To:
Michael Stapelberg <stapelberg@debian.org> writes:

AIUI, that setting should let you work in a local x32 chroot, though you
will of course have to set it up first via debootstrap or the like.

#879027#45
Date:
2017-11-13 16:21:58 UTC
From:
To:
Could you provide the command line for doing this please?
#879027#50
Date:
2017-11-13 17:04:34 UTC
From:
To:
Michael Stapelberg <stapelberg@debian.org> writes:

Sure, no problem.

sudo apt install debootstrap debian-ports-archive-keyring

sudo debootstrap --arch=x32 --variant=buildd \
    --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg \
    unstable $DIR https://deb.debian.org/debian-ports

You'll then want to establish an rbind mount for $DIR/dev and regular
bind mounts for, at minimum, $DIR/proc and $DIR/sys.  (You might
consider doing the same for $DIR/home and $DIR/tmp.)