From: Max Krummenacher <max.oss.09@gmail.com>
To: Vyacheslav Yurkov <uvv.mail@gmail.com>
Cc: openembedded-core@lists.openembedded.org,
Khem Raj <raj.khem@gmail.com>,
Max Krummenacher <max.krummenacher@toradex.com>
Subject: Re: [OE-core] systemd build failure with gcc 15 / tpm2 / aarch64: gcs required
Date: Mon, 5 May 2025 14:56:33 +0200 [thread overview]
Message-ID: <aBi1gWY-xOVOBxjI@toolbox> (raw)
In-Reply-To: <CAKHfEahGyPFdLcB0LZqxaBpuKKWGWzhmxFHY8V+8Bv+7EdN4ng@mail.gmail.com>
On Mon, May 05, 2025 at 02:33:22PM +0200, Vyacheslav Yurkov wrote:
> Did you ask this in the systemd issue tracker as well?
No, I didn't. I hoped to get some insight from OE first.
To me it looks more like an issue with the way the toolchain or
systemd or openssl gets configured rather than with the upstream
systemd codebase. I might be wrong though.
Regards
Max
>
> Slava
>
> On Mon, May 5, 2025, 13:46 Max Krummenacher via lists.openembedded.org
> <max.oss.09=gmail.com@lists.openembedded.org> wrote:
>
> > Hello
> >
> > I'm seeing a strange warning resulting in a failed build when building
> > systemd with tpm2 in DISTRO_FEATURES.
> >
> > GCS seems to be a new feature supported with GCC 15 and friends
> > targeting the AARCH64 architecture. Whatever it does ;-).
> >
> > Ways to reproduce:
> >
> > Add the needed layers for tpm2, add tpm2 to distro features and build
> > systemd.
> > E.g.
> > bblayers.conf additions:
> >
> > ${TOPDIR}/../meta-security/meta-tpm \
> > ${TOPDIR}/../meta-openembedded/meta-oe \
> > ${TOPDIR}/../meta-openembedded/meta-python \
> >
> > local.conf additions:
> >
> > DISTRO_FEATURES:append = " tpm2"
> > INIT_MANAGER = "systemd"
> >
> > MACHINE=qemuarm64 bitbake systemd
> >
> > Results in:
> >
> > | FAILED: src/shared/libsystemd-shared-257.so
> > | aarch64-poky-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard
> > -fstack-protector-strong
> > -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
> > -Werror=format-security --sysroot=...systemd/257.5/recipe-sysroot
> > -o src/shared/libsystemd-shared-257.so -Wl,--as-needed
> > -Wl,--no-undefined -shared -fPIC
> > -Wl,-soname,libsystemd-shared-257.so -Wl,--whole-archive
> > -Wl,--start-group src/shared/libsystemd-shared-257.a
> > src/basic/libbasic.a src/libsystemd/libsystemd_static.a
> > -Wl,--no-whole-archive -fstack-protector
> > -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed
> > -ffile-prefix-map=...systemd/257.5/git=/usr/src/debug/systemd/257.5
> > -ffile-prefix-map...systemd/257.5/build=/usr/src/debug/systemd/257.5
> > -ffile-prefix-map=...systemd/257.5/recipe-sysroot=
> > -ffile-prefix-map=...systemd/257.5/recipe-sysroot-native=
> > -Wl,-z,relro,-z,now -shared
> > -Wl,--version-script=...systemd/257.5/git/src/shared/libshared.sym
> > -pthread ...systemd/257.5/recipe-sysroot/usr/lib/libacl.so
> > ...systemd/257.5/recipe-sysroot/usr/lib/libblkid.so
> > ...systemd/257.5/recipe-sysroot/usr/lib/libcap.so
> > ...systemd/257.5/recipe-sysroot/usr/lib/libcrypt.so -ldl
> > ...systemd/257.5/recipe-sysroot/usr/lib/libmount.so
> > ...systemd/257.5/recipe-sysroot/usr/lib/libssl.so
> > ...systemd/257.5/recipe-sysroot/usr/lib/libcrypto.so -lrt
> > ...systemd/257.5/recipe-sysroot/usr/lib/libseccomp.so
> > -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--warn-common
> > -Wl,--gc-sections -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro
> > -Wl,--warn-common -Wl,--gc-sections -lm
> > -Wl,--end-group -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro
> > -Wl,--warn-common -Wl,--gc-sections
> > -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--warn-common
> > -Wl,--gc-sections
> > | ...systemd/257.5/recipe-sysroot/usr/lib/libcrypto.so: warning: GCS is
> > required by -z gcs,
> > but this shared library lacks the necessary property note. The dynamic
> > loader might not enable GCS
> > or refuse to load the program unless all the shared library dependencies
> > have the GCS marking.
> > | collect2: error: ld returned 1 exit status
> >
> >
> > I already found that adding to the systemd recipe
> >
> > 'CFLAGS:append = " -Wl,-z,gcs-report-dynamic=none"'
> >
> > prevents the build error. However I'm not sure if that would be a good
> > way forward and if there are other recipes / configurations which would
> > result in similar build errors.
> >
> > Any comments? Thanks.
> >
> > Regards
> > Max
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#216006):
> > https://lists.openembedded.org/g/openembedded-core/message/216006
> > Mute This Topic: https://lists.openembedded.org/mt/112627480/4455192
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> > uvv.mail@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
> >
next prev parent reply other threads:[~2025-05-05 12:56 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-05 11:46 systemd build failure with gcc 15 / tpm2 / aarch64: gcs required Max Krummenacher
2025-05-05 12:33 ` [OE-core] " Vyacheslav Yurkov
2025-05-05 12:56 ` Max Krummenacher [this message]
2025-05-05 14:45 ` Khem Raj
2025-05-05 19:09 ` [OE-core] " Randy MacLeod
2025-05-06 11:38 ` Sathishkumar D
2025-05-06 12:24 ` [OE-core] " Mikko Rapeli
2025-05-06 13:13 ` Khem Raj
2025-05-06 13:28 ` Sathishkumar Duraisamy
2025-05-06 13:32 ` Khem Raj
2025-05-06 13:45 ` Mikko Rapeli
2025-05-06 14:21 ` Max Krummenacher
2025-05-06 22:59 ` Khem Raj
2025-05-07 6:04 ` Sathishkumar Duraisamy
2025-05-07 6:14 ` Khem Raj
2025-05-07 8:22 ` Mikko Rapeli
[not found] ` <183D310FC8853D5E.1749@lists.openembedded.org>
2025-05-07 8:31 ` Mikko Rapeli
2025-05-07 8:55 ` Sathishkumar Duraisamy
2025-05-07 14:22 ` Mikko Rapeli
2025-05-07 14:35 ` Khem Raj
2025-05-07 16:05 ` Sathishkumar Duraisamy
2025-05-07 18:29 ` Trevor Woerner
2025-05-07 18:33 ` Ross Burton
2025-05-07 18:38 ` Khem Raj
2025-05-07 19:04 ` Trevor Woerner
2025-05-07 19:10 ` Trevor Woerner
2025-05-07 19:51 ` Khem Raj
2025-05-08 6:22 ` Mikko Rapeli
2025-05-08 7:00 ` Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBi1gWY-xOVOBxjI@toolbox \
--to=max.oss.09@gmail.com \
--cc=max.krummenacher@toradex.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
--cc=uvv.mail@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox