Ports issueshttps://git.hardenedbsd.org/hardenedbsd/ports/-/issues2023-11-22T19:00:36Zhttps://git.hardenedbsd.org/hardenedbsd/ports/-/issues/8math/R fails to build in 14-CURRENT/amd64 due to LTO-ified libs in base2023-11-22T19:00:36ZShawn Webbmath/R fails to build in 14-CURRENT/amd64 due to LTO-ified libs in baseBuilding the base OS libraries with LTO breaks math/R. Log file attached. Additionally, the log can be found here: http://ci-08.md.hardenedbsd.org/data/hardenedbsd-current_amd64-local/2021-06-12_18h34m42s/logs/errors/R-4.1.0.log
[2021-0...Building the base OS libraries with LTO breaks math/R. Log file attached. Additionally, the log can be found here: http://ci-08.md.hardenedbsd.org/data/hardenedbsd-current_amd64-local/2021-06-12_18h34m42s/logs/errors/R-4.1.0.log
[2021-06-13_math_R-4.1.0.log](/uploads/96e3d39074fb2fd32c92162c4222248c/2021-06-13_math_R-4.1.0.log)Shawn WebbLoicShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/ports/-/issues/12Identify ports broken due to our use of llvm-ar, llvm-nm, and llvm-objdump2022-06-04T04:00:22ZShawn WebbIdentify ports broken due to our use of llvm-ar, llvm-nm, and llvm-objdumpWe need to identify which ports are broken due to our use of a more complete llvm compiler toolchain. As we identify those broken ports, we need to submit bug reports with those projects.We need to identify which ports are broken due to our use of a more complete llvm compiler toolchain. As we identify those broken ports, we need to submit bug reports with those projects.LoicLoichttps://git.hardenedbsd.org/hardenedbsd/ports/-/issues/14[bsd.hardening.mk] Use '-ftrivial-auto-var-init=zero' with GCC.2022-03-18T18:38:01ZLoic[bsd.hardening.mk] Use '-ftrivial-auto-var-init=zero' with GCC.Stack Auto-Zero-Initialzation happen soon in GCC, See:
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=a25e0b5e6ac8a77a71c229e0a7b744603365b0e9
We will be able to build ports that use 'USE_GCC' with the "-ftrivial-auto-var-init=zero"...Stack Auto-Zero-Initialzation happen soon in GCC, See:
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=a25e0b5e6ac8a77a71c229e0a7b744603365b0e9
We will be able to build ports that use 'USE_GCC' with the "-ftrivial-auto-var-init=zero" argument (See: [bsd.hardening.mk#L361](https://git.hardenedbsd.org/hardenedbsd/ports/-/blame/hardenedbsd/main/Mk/bsd.hardening.mk#L361))Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/ports/-/issues/19[bsd.hardening.mk] Use '-Wbidi-chars' with GCC12.2022-02-15T17:52:50ZLoic[bsd.hardening.mk] Use '-Wbidi-chars' with GCC12.GCC 12 add a warning flag to Help Fend Off Trojan Source Attacks.
See: https://developers.redhat.com/articles/2022/01/12/prevent-trojan-source-attacks-gcc-12GCC 12 add a warning flag to Help Fend Off Trojan Source Attacks.
See: https://developers.redhat.com/articles/2022/01/12/prevent-trojan-source-attacks-gcc-12https://git.hardenedbsd.org/hardenedbsd/ports/-/issues/24Bazel compile from source not port tree.2022-03-17T17:53:37ZUlas SAYGINBazel compile from source not port tree.We have bazel on our FreeBSD port tree and HardenedBSD also but Bazel community does not provide JDK toolchain for FreeBSD and that means,
we need to compile from source and in this case, you need to change hardening settings like OpenJD...We have bazel on our FreeBSD port tree and HardenedBSD also but Bazel community does not provide JDK toolchain for FreeBSD and that means,
we need to compile from source and in this case, you need to change hardening settings like OpenJDK needs, if you dont change,
when you give command like bazel documentation said, you will only get return to command line prompt without any error.
in order to compile bazel from source, you have to change settings below for now as i know but i am not sure
do i need to change aything else? @shawn.webb and @loic may advise if they have time to compile bazel from source if they want to try.
now i was trying and i got error :smile:
i am putting this issue here because first i want to inform people,
second i want opinion from others and experience if they have.
thirdly, it will affect people on hardenedbsd side if port will be used by hardenedbsd users which i want :smile:
lastly, i inform the situation on FreeBSD side on bug report
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262614
any contribution and ideas are welcome!
The settings you should change.
```
root@hbsdb03:~/bazel6march # sysctl hardening.pax.pageexec.status=1
hardening.pax.pageexec.status: 2 -> 1
root@hbsdb03:~/bazel6march # sysctl hardening.pax.mprotect.status=1
hardening.pax.mprotect.status: 2 -> 1
```
bazel source compile error :
```
root@hbsdb03:~/bazel6march # env EXTRA_BAZEL_ARGS="--tool_java_runtime_version=local_jdk" bash ./compile.sh
🍃 Building Bazel from scratch......
🍃 Building Bazel with Bazel.
.WARNING: Option 'java_toolchain' is deprecated
WARNING: Option 'host_java_toolchain' is deprecated
INFO: Analyzed target //src:bazel_nojdk (357 packages loaded, 9874 targets configured).
INFO: Found 1 target...
ERROR: /tmp/bazel_iGe5utrA/out/external/upb/upbc/BUILD:44:10: Compiling upbc/message_layout.cc [for tool] failed: (Exit 1): clang failed: error executing command (from target @upb//upbc:protoc-gen-upb)
(cd /tmp/bazel_iGe5utrA/out/execroot/io_bazel && \
exec env - \
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin \
PWD=/proc/self/cwd \
/usr/bin/clang -U_FORTIFY_SOURCE '-D_FORTIFY_SOURCE=1' -fstack-protector -Wall -fno-omit-frame-pointer -g0 -O2 -DNDEBUG -ffunction-sections -fdata-sections '-std=c++0x' -MD -MF bazel-out/freebsd-opt-exec-EDC14992/bin/external/upb/upbc/_objs/protoc-gen-upb/message_layout.d '-frandom-seed=bazel-out/freebsd-opt-exec-EDC14992/bin/external/upb/upbc/_objs/protoc-gen-upb/message_layout.o' -iquote external/upb -iquote bazel-out/freebsd-opt-exec-EDC14992/bin/external/upb -iquote external/com_google_protobuf -iquote bazel-out/freebsd-opt-exec-EDC14992/bin/external/com_google_protobuf -iquote . -iquote bazel-out/freebsd-opt-exec-EDC14992/bin -iquote external/com_google_absl -iquote bazel-out/freebsd-opt-exec-EDC14992/bin/external/com_google_absl -iquote external/bazel_tools -iquote bazel-out/freebsd-opt-exec-EDC14992/bin/external/bazel_tools -isystem external/com_google_protobuf/src -isystem bazel-out/freebsd-opt-exec-EDC14992/bin/external/com_google_protobuf/src -isystem third_party/zlib -isystem bazel-out/freebsd-opt-exec-EDC14992/bin/third_party/zlib -g0 -g0 -Wextra -Werror -Wno-long-long -no-canonical-prefixes -Wno-builtin-macro-redefined '-D__DATE__="redacted"' '-D__TIMESTAMP__="redacted"' '-D__TIME__="redacted"' -c external/upb/upbc/message_layout.cc -o bazel-out/freebsd-opt-exec-EDC14992/bin/external/upb/upbc/_objs/protoc-gen-upb/message_layout.o)
# Configuration: 0007cac0a61b491aa08534ec14dcec21f3e3b71a8fcf84bed288b767bef6b31d
# Execution platform: //:default_host_platform
In file included from external/upb/upbc/message_layout.cc:26:
In file included from external/upb/upbc/message_layout.h:32:
In file included from external/com_google_absl/absl/container/flat_hash_map.h:40:
In file included from external/com_google_absl/absl/container/internal/hash_function_defaults.h:56:
In file included from external/com_google_absl/absl/strings/cord.h:78:
external/com_google_absl/absl/functional/function_ref.h:124:16: error: definition of implicit copy constructor for 'FunctionRef<void (absl::string_view)>' is deprecated because it has a user-declared copy assignment operator [-Werror,-Wdeprecated-copy]
FunctionRef& operator=(const FunctionRef& rhs) = delete;
^
external/com_google_absl/absl/strings/cord.h:1325:33: note: in implicit copy constructor for 'absl::FunctionRef<void (absl::string_view)>' first required here
return ForEachChunkAux(rep, callback);
^
1 error generated.
Target //src:bazel_nojdk failed to build
INFO: Elapsed time: 185.772s, Critical Path: 17.86s
INFO: 208 processes: 9 internal, 199 local.
FAILED: Build did NOT complete successfully
ERROR: Could not build Bazel
```
dmesg output :
```
root@hbsdb03:~/bazel6march # dmesg
[1] Copyright (c) 2013-2022 The HardenedBSD Project.
[1] Copyright (c) 1992-2021 The FreeBSD Project.
[1] Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
[1] The Regents of the University of California. All rights reserved.
[1] FreeBSD is a registered trademark of The FreeBSD Foundation.
[1] FreeBSD 13.1-STABLE-HBSD #359 hardened/13-stable/master-n191023-68977827b08: Fri Mar 11 12:17:56 EST 2022
[1] root@ci-01.md.hardenedbsd.org:/usr/obj/src/13-stable/amd64.amd64/sys/HARDENEDBSD amd64
[1] FreeBSD clang version 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303)
[1] VT(vga): text 80x25
[1] HardenedBSD: initialize and check features (__HardenedBSD_version 1300061 __FreeBSD_version 1301500).
[1] CPU: Intel(R) Xeon(R) CPU E5-2683 v3 @ 2.00GHz (1995.38-MHz K8-class CPU)
[1] Origin="GenuineIntel" Id=0x306f2 Family=0x6 Model=0x3f Stepping=2
[1] Features=0x1f83fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,SS,HTT>
[1] Features2=0xfffa3203<SSE3,PCLMULQDQ,SSSE3,FMA,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV>
[1] AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
[1] AMD Features2=0x21<LAHF,ABM>
[1] Structured Extended Features=0x27ab<FSGSBASE,TSCADJ,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,NFPUSG>
[1] Structured Extended Features3=0xbc000400<MD_CLEAR,IBPB,STIBP,L1DFL,ARCH_CAP,SSBD>
[1] XSAVE Features=0x1<XSAVEOPT>
[1] IA32_ARCH_CAPS=0xc<RSBA,SKIP_L1DFL_VME>
[1] TSC: P-state invariant
[1] Hypervisor: Origin = "VMwareVMware"
[1] real memory = 8589934592 (8192 MB)
[1] avail memory = 8278695936 (7895 MB)
[1] Event timer "LAPIC" quality 600
[1] ACPI APIC Table: <PTLTD APIC >
[1] FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
[1] FreeBSD/SMP: 2 package(s) x 2 core(s)
[1] random: registering fast source Intel Secure Key RNG
[1] random: fast provider: "Intel Secure Key RNG"
[1] random: unblocking device.
[1] MADT: Forcing active-low polarity and level trigger for SCI
[1] ioapic0 <Version 2.0> irqs 0-23
[1] Launching APs: 1 2 3
[1] random: entropy device external interface
[1] kbd1 at kbdmux0
[1] vtvga0: <VT VGA driver>
[1] smbios0: <System Management BIOS> at iomem 0xf69b0-0xf69ce
[1] smbios0: Version: 2.7
[1] aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS>
[1] acpi0: <INTEL 440BX>
[1] acpi0: Power Button (fixed)
[1] hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
[1] Timecounter "HPET" frequency 14318180 Hz quality 950
[1] cpu0: <ACPI CPU> numa-domain 0 on acpi0
[1] attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
[1] Timecounter "i8254" frequency 1193182 Hz quality 0
[1] Event timer "i8254" frequency 1193182 Hz quality 100
[1] atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
[1] atrtc0: registered as a time-of-day clock, resolution 1.000000s
[1] Event timer "RTC" frequency 32768 Hz quality 0
[1] Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
[1] acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
[1] pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
[1] pci0: <ACPI PCI bus> on pcib0
[1] pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
[1] pci1: <ACPI PCI bus> on pcib1
[1] isab0: <PCI-ISA bridge> at device 7.0 on pci0
[1] isa0: <ISA bus> on isab0
[1] atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1060-0x106f at device 7.1 on pci0
[1] ata0: <ATA channel> at channel 0 on atapci0
[1] ata1: <ATA channel> at channel 1 on atapci0
[1] pci0: <bridge> at device 7.3 (no driver attached)
[1] vgapci0: <VGA-compatible display> port 0x1070-0x107f mem 0xe8000000-0xefffffff,0xfe000000-0xfe7fffff irq 16 at device 15.0 on pci0
[1] vgapci0: Boot video device
[1] mpt0: <LSILogic 1030 Ultra4 Adapter> port 0x1400-0x14ff mem 0xfeba0000-0xfebbffff,0xfebc0000-0xfebdffff irq 17 at device 16.0 on pci0
[1] mpt0: MPI Version=1.2.0.0
[1] pcib2: <ACPI PCI-PCI bridge> at device 17.0 on pci0
[1] pci2: <ACPI PCI bus> on pcib2
[1] uhci0: <UHCI (generic) USB controller> port 0x2080-0x209f irq 18 at device 0.0 on pci2
[1] usbus0 on uhci0
[1] usbus0: 12Mbps Full Speed USB v1.0
[1] em0: <Intel(R) Legacy PRO/1000 MT 82545EM (Copper)> port 0x2000-0x203f mem 0xfd5c0000-0xfd5dffff,0xfdff0000-0xfdffffff irq 19 at device 1.0 on pci2
[1] em0: EEPROM V15.255-15
[1] em0: Using 1024 TX descriptors and 1024 RX descriptors
[1] em0: Ethernet address: 00:0c:29:49:62:49
[1] em0: link state changed to UP
[1] em0: netmap queues/slots: TX 1/1024, RX 1/1024
[1] pcm0: <AudioPCI ES1371-A> port 0x2040-0x207f irq 16 at device 2.0 on pci2
[1] pcm0: <Cirrus Logic CS4297A AC97 Codec>
[1] pcm0: <Playback: DAC1,DAC2 / Record: ADC>
[1] ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfd5ef000-0xfd5effff irq 17 at device 3.0 on pci2
[1] usbus1: EHCI version 1.0
[1] usbus1 on ehci0
[1] usbus1: 480Mbps High Speed USB v2.0
[1] pcib3: <ACPI PCI-PCI bridge> at device 21.0 on pci0
[1] pcib4: <ACPI PCI-PCI bridge> at device 21.1 on pci0
[1] pcib5: <ACPI PCI-PCI bridge> at device 21.2 on pci0
[1] pcib6: <ACPI PCI-PCI bridge> at device 21.3 on pci0
[1] pcib7: <ACPI PCI-PCI bridge> at device 21.4 on pci0
[1] pcib8: <ACPI PCI-PCI bridge> at device 21.5 on pci0
[1] pcib9: <ACPI PCI-PCI bridge> at device 21.6 on pci0
[1] pcib10: <ACPI PCI-PCI bridge> at device 21.7 on pci0
[1] pcib11: <ACPI PCI-PCI bridge> at device 22.0 on pci0
[1] pcib12: <ACPI PCI-PCI bridge> at device 22.1 on pci0
[1] pcib13: <ACPI PCI-PCI bridge> at device 22.2 on pci0
[1] pcib14: <ACPI PCI-PCI bridge> at device 22.3 on pci0
[1] pcib15: <ACPI PCI-PCI bridge> at device 22.4 on pci0
[1] pcib16: <ACPI PCI-PCI bridge> at device 22.5 on pci0
[1] pcib17: <ACPI PCI-PCI bridge> at device 22.6 on pci0
[1] pcib18: <ACPI PCI-PCI bridge> at device 22.7 on pci0
[1] pcib19: <ACPI PCI-PCI bridge> at device 23.0 on pci0
[1] pcib20: <ACPI PCI-PCI bridge> at device 23.1 on pci0
[1] pcib21: <ACPI PCI-PCI bridge> at device 23.2 on pci0
[1] pcib22: <ACPI PCI-PCI bridge> at device 23.3 on pci0
[1] pcib23: <ACPI PCI-PCI bridge> at device 23.4 on pci0
[1] pcib24: <ACPI PCI-PCI bridge> at device 23.5 on pci0
[1] pcib25: <ACPI PCI-PCI bridge> at device 23.6 on pci0
[1] pcib26: <ACPI PCI-PCI bridge> at device 23.7 on pci0
[1] pcib27: <ACPI PCI-PCI bridge> at device 24.0 on pci0
[1] pcib28: <ACPI PCI-PCI bridge> at device 24.1 on pci0
[1] pcib29: <ACPI PCI-PCI bridge> at device 24.2 on pci0
[1] pcib30: <ACPI PCI-PCI bridge> at device 24.3 on pci0
[1] pcib31: <ACPI PCI-PCI bridge> at device 24.4 on pci0
[1] pcib32: <ACPI PCI-PCI bridge> at device 24.5 on pci0
[1] pcib33: <ACPI PCI-PCI bridge> at device 24.6 on pci0
[1] pcib34: <ACPI PCI-PCI bridge> at device 24.7 on pci0
[1] acpi_acad0: <AC Adapter> on acpi0
[1] atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
[1] atkbd0: <AT Keyboard> irq 1 on atkbdc0
[1] kbd0 at atkbd0
[1] atkbd0: [GIANT-LOCKED]
[1] psm0: <PS/2 Mouse> irq 12 on atkbdc0
[1] psm0: [GIANT-LOCKED]
[1] WARNING: Device "psm" is Giant locked and may be deleted before FreeBSD 14.0.
[1] psm0: model IntelliMouse, device ID 3
[1] acpi_syscontainer0: <System Container> on acpi0
[1] orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc9fff,0xca000-0xcafff,0xdc000-0xdffff,0xe0000-0xe7fff pnpid ORM0000 on isa0
[1] vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff pnpid PNP0900 on isa0
[1] Timecounter "TSC" frequency 1995382000 Hz quality 1000
[1] Timecounters tick every 10.000 msec
[1] ugen0.1: <(0x15ad) UHCI root HUB> at usbus0
[1] ugen1.1: <(0x15ad) EHCI root HUB> at usbus1
[1] uhub0 on usbus0
[1] uhub0: <(0x15ad) UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
[1] uhub1 on usbus1
[1] uhub1: <(0x15ad) EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
[1] Trying to mount root from ufs:/dev/da0s1a [rw]...
[1] uhub0: 2 ports with 2 removable, self powered
[2] Root mount waiting for: CAM usbus0 usbus1
[2] ugen0.2: <VMware VMware Virtual USB Mouse> at usbus0
[2] cd0 at ata1 bus 0 scbus1 target 0 lun 0
cd0: <NECVMWar VMware IDE CDR10 1.00> Removable CD-ROM SCSI device
cd0: Serial Number 10000000000000000001
cd0: 33.300MB/s transfers (UDMA2, ATAPI 12bytes, PIO 65534bytes)
cd0: 1048MB (536648 2048 byte sectors)
cd0: quirks=0x40<RETRY_BUSY>
[2] da0 at mpt0 bus 0 scbus2 target 0 lun 0
da0: <VMware, VMware Virtual S 1.0> Fixed Direct Access SCSI-2 device
da0: 320.000MB/s transfers (160.000MHz, offset 127, 16bit)
da0: Command Queueing enabled
da0: 245760MB (503316480 512 byte sectors)
da0: quirks=0x140<RETRY_BUSY,STRICT_UNMAP>
[3] ugen0.3: <VMware, Inc. VMware Virtual USB Hub> at usbus0
[3] uhub2 on uhub0
[3] uhub2: <VMware, Inc.> on usbus0
[3] Root mount waiting for: usbus0 usbus1
[3] uhub1: 6 ports with 6 removable, self powered
[4] uhub2: 7 ports with 7 removable, self powered
[5] intsmb0: <Intel PIIX4 SMBUS Interface> port 0x1040-0x104f at device 7.3 on pci0
[5] intsmb0: intr SMI disabled revision 0
[5] smbus0: <System Management Bus> on intsmb0
[5] vmci0: <VMware Virtual Machine Communication Interface> port 0x1080-0x10bf mem 0xfebfe000-0xfebfffff irq 16 at device 7.7 on pci0
[5] lo0: link state changed to UP
[13] uhid0 on uhub0
[13] uhid0: <VMware> on usbus0
[14] uhid1 on uhub0
[14] uhid1: <VMware> on usbus0
[251] pid 35573 (javac), jid 0, uid 0: exited on signal 6 (core dumped)
[264] pid 58234 (javac), jid 0, uid 0: exited on signal 6 (core dumped)
[290] pid 83802 (javac), jid 0, uid 0: exited on signal 6 (core dumped)
[374] [HBSD SEGVGUARD] [/usr/local/openjdk11/bin/javac (9683)] Suspension expired.
[374] -> pid: 9683 ppid: 9496 p_pax: 0x65a<NOPAGEEXEC,NOMPROTECT,SEGVGUARD,ASLR,NOSHLIBRANDOM,DISALLOWMAP32BIT>
```