On Sat, 19 Nov 2016 04:15:48 +0700
"Tuan M. Hoang" <tmhoang_at_flatglobe.org> wrote:
> On Thu, 17 Nov 2016 08:24:40 +0200
> Timo Teras <timo.teras_at_iki.fi> wrote:
> > > > > b) Then I run crossbuild script, and I need remove paxmark
> > > > > lines in gcc's APKBUILD as it returns an unknown error (while
> > > > > creat-cross script runs just fine). AFAIK, it is about
> > > > > security concerns, not system's functionality, so for now I
> > > > > guess it is okay.
> > > >
> > > > Your kernel is probably built without XATTR support. paxmark
> > > > requires XATTR enabled kernel.
> > >
> > > I guess my x86_64 machine running grsec kernel (linux-grsec
> > > package) is XATTR-enabled. I looked a little bit closer on the
> > > build log and see this : http://sprunge.us/EIVE. When I try to
> > > run those $ paxctl manually (code from /usr/sbin/paxmark), they
> > > just pass alright with no output on stdout nor stderr. I also
> > > tried adding --enable-xattr-support to configure script in gcc
> > > APKBUILD, but it won't help. What do you think ?
> > The kernel should be xattr enabled. What filesystem are you using?
> > Perhaps there's some filesystem level knob (kernel config) or
> > limitation.
> $ df -T | grep sda
> /dev/sda3 ext4 20473424 6217272 13196368 32% /
> /dev/sda1 ext4 95054 16460 71426
> 19% /boot $ cat /proc/fs/ext4/sda1/options | grep xattr
> $ cat /proc/fs/ext4/sda3/options | grep xattr
IIRC, if it's grsec kernel, you don't even need the user_xattr mount
option as grsec kernel treats those xattrs specially.
Of course grsec does not support s390x so the markings are not really
needed for vanilla kernel. However would be good to figure out so we
get the build right from beginning.
You could try strace the attr command and see where it fails.
> > > Another problem I am having is when cross-compiling linux-vanilla
> > > package using aports/scripts/bootstrap.sh :
> > > http://sprunge.us/AAcA. I am reading abuild source code to find
> > > the cause but still nothing new. It'd be nice if you help me to
> > > have a look.
> > Bootstrap script was not yet updated for libressl change. I'll take
> > a look at this. I think the only change needed is to build libressl
> > instead of openssl. I'll push fix for this soon.
> Actually this occurred to me before libress was adopted. After
> libressl was introduced, I also changed Bootstrap script, libressl
> APKBUILD, kernel config to adop libressl too, but still the bug. So I
> guess it's more likely coming from abuild. Here are some of my
> patches, in case you might want to have a look.
I would be happy to pick up some of these patches already now. Would
you be able to give them exported with "git format-patch" so you get
annotated as author and the commit log is preserved.
I could try bootstrap s390 too then and see if the same problem happens
and analyze it a bit more.
In any case I recently fixed the bootstrap script and few aports. I was
able to bootstrap again git master for armv7.
Received on Sat Nov 19 2016 - 09:21:09 UTC