Re: [Xenomai] Debian package of Xenomai 2.6.4

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Leopold Palomo-Avellaneda <leo@alaxarxa.net>
To: Gilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
Cc: xenomai@xenomai.org
Subject: Re: [Xenomai] Debian package of Xenomai 2.6.4
Date: Thu, 25 Jun 2015 15:56:49 +0200	[thread overview]
Message-ID: <5297525.euQ38TDxur@soho> (raw)
In-Reply-To: <20150625125414.GE26099@hermes.click-hack.org>

El Dijous, 25 de juny de 2015, a les 14:54:14, Gilles Chanteperdrix va 
escriure:
> > > > 
> > > > - Drop /dev from libxenomai1.
> > > > The /dev directory is created by udev. All debian systems have udev.
> > > > However, I'm thinking to have another package with this stuff. What do
> > > > you think?
> > 
> > You didn't answer this ..
Gilles,

I have dropped /dev from libxenomai. Could be problematic?

[...]


> > 
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/cmd_bits
> > > > N:
> > > > N:    This package provides an ELF binary that lacks the "read-only
> > > > N:    relocation" link flag. This package was likely not built with
> > > > the
> > > > N:    default Debian compiler flags defined by dpkg-buildflags. If
> > > > built
> > > > using N:    dpkg-buildflags directly, be sure to import LDFLAGS.
> > > > N:
> > > > N:    Refer to https://wiki.debian.org/Hardening for details.
> > > > N:
> > > > N:    Severity: normal, Certainty: certain
> > > > N:
> > > > N:    Check: binaries, Type: binary, udeb
> > > > N:
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/cmd_read
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/cmd_write
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/insn_bits
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/insn_read
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/insn_write
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/rtcanrecv
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/rtcansend
> > > > W: xenomai-system-tools: hardening-no-relro usr/bin/wf_generate
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/native+posix/mq_select
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/native/heap
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/native/leaks
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/native/sigdebug
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/native/tsc
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/posix/leaks
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/posix/mprotect
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/posix/nano_test
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/posix/shm
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/posix/test_pip_exit
> > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux-
> > > > gnu/xenomai/regression/posix/xddp_test
> > > > W: xenomai-system-tools: hardening-no-relro usr/sbin/analogy_config
> > > > W: xenomai-system-tools: hardening-no-relro usr/sbin/rtcanconfig
> > > 
> > > Please provide the patch to the debian/rules to apply this change. I
> > > do not think we did anything special to avoid using the default flags.
> > 
> > my configure line says:
> > 
> > CONFIG_OPTS += --prefix=/usr \
> > 
> >                     --includedir=/usr/include/xenomai \
> >                     --mandir=/usr/share/man \
> >                     --with-testdir=/usr/lib/$(DEB_HOST_MULTIARCH)/xenomai
> >                     \
> >                     --enable-fortify \
> >                     --libdir='$${prefix}/lib/$(DEB_HOST_MULTIARCH)/'
> > 
> > plus some specific arch params.
> 
> What specific arch params? Last time I checked in the in-tree
> debian/rules, these arch params were obsolete, so, I removed them
> all.

ifeq ($(DEB_HOST_ARCH), i386)
        CONFIG_OPTS = \
                    --enable-x86-tsc
endif
ifeq ($(DEB_HOST_ARCH), amd64)
        CONFIG_OPTS = \
                    --enable-x86-tsc \
                    --enable-x86-sep  
endif
ifeq ($(DEB_HOST_ARCH), powerpc)
        CONFIG_OPTS =
endif
ifeq ($(DEB_HOST_ARCH), armeb)
        CONFIG_OPTS = --enable-arm-mach=generic --enable-arm-eabi
endif
ifeq ($(DEB_HOST_ARCH), armel)
        CONFIG_OPTS = --enable-arm-mach=generic --enable-arm-eabi
endif
ifeq ($(DEB_HOST_ARCH), arm)
        CONFIG_OPTS = --enable-arm-mach=generic
endif


> > I have tested it with --enable-fortify and
> > without.
> 
> --enable-fortify, as documented, allows applications built for the
> POSIX skin with the fortify define (_FORTIFY_SOURCE), to correctly
> link with Xenomai libraries (IOW, it provides implementation of
> __wrap_printf_chk and the like). It has no influence on building
> Xenomai with that flag.
> 
> > I have also:
> > DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
> > 
> > following
> > 
> > https://wiki.debian.org/Hardening
> > 
> > any help in this stuff will help.
> 
> The in-tree debian/rules exports the variable DEB_BUILD_HARDENING=1
> to build the package with hardening. At the time I read the wiki,
> this was one recommended way, supposing that the wiki was up to date
> when I read it. I am afraid I can you help more on this, this looks
> like a debian specific problem.

Ok,

the other people have the same issue?

Leopold


-- 
--
Linux User 152692     GPG: 05F4A7A949A2D9AA
Catalonia
-------------------------------------
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://xenomai.org/pipermail/xenomai/attachments/20150625/5031107f/attachment.sig>

next prev parent reply	other threads:[~2015-06-25 13:56 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-25 11:43 [Xenomai] Debian package of Xenomai 2.6.4 Leopold Palomo-Avellaneda
2015-06-25 12:01 ` Gilles Chanteperdrix
2015-06-25 12:41   ` Leopold Palomo-Avellaneda
2015-06-25 12:54     ` Gilles Chanteperdrix
2015-06-25 13:56       ` Leopold Palomo-Avellaneda [this message]
2015-06-25 14:06         ` Gilles Chanteperdrix
2015-06-25 15:35           ` Leopold Palomo-Avellaneda
2015-06-25 20:56 ` Gilles Chanteperdrix
2015-06-25 21:10   ` Leopold Palomo-Avellaneda
2015-06-26 12:44     ` Gilles Chanteperdrix
2015-06-26 12:49     ` Gilles Chanteperdrix
2015-06-26 13:47       ` Leopold Palomo-Avellaneda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5297525.euQ38TDxur@soho \
    --to=leo@alaxarxa.net \
    --cc=gilles.chanteperdrix@xenomai.org \
    --cc=xenomai@xenomai.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.