I have updated pkgsrc to 3.21. Someone in pkgsrc-land tried to build
with the hardening technique RELRO, which pkgsrc supports and most
packages are ok with:
http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html
But, the post-package checks fail because the binaries are not built
with RELRO.
Looking at the build:
LDFLAGS as passed to scons are
LDFLAGS=-Wl,-z,relro\ -Wl,-z,now\ -L/usr/pkg/lib\ -L/usr/lib\ -Wl,-R/usr/lib\ -Wl,-R/usr/pkg/lib\ -L/usr/X11R7/lib\ -Wl,-R/usr/X11R7/lib
first build line for gpsd is
gcc -o gpsd -Wl,-z,relro -Wl,-z,now -pthread -Wl,-R/usr/lib -Wl,-R/usr/pkg/lib -Wl,-R/usr/X11R7/lib dbusexport.o gpsd.o shmexport.o timehint.o -L. -L/usr/pkg/lib -L/usr/lib -L/usr/X11R7/lib -lgpsd -lgps_static -lusb-1.0 -lm -lrt -ldbus-1
second build line for gpsd is
gcc -o gpsd -pthread -Wl,-R/usr/pkg/lib dbusexport.o gpsd.o shmexport.o timehint.o -L. -L/usr/pkg/lib -lgpsd -lgps_static -lusb-1.0 -lm -lrt -ldbus-1
and it seems the first one is good and the second has lost things,
including the L/R to /usr/X11R7/lib (which is ok in this case because
gpsd doesn't actually need X, but still it seems strange).
I haven't been able to figure out in SConstruct why there are two builds
(smells like the libtool relink before install to allow testing with not
isntalled libs?), and more importantly why user-specified LDFLAGS are
ignored.
Any clues?
The first line is compiling a single .o file and the latter is linking a number of .o files (and static libraries?) to get the gpsd binary. Knowing very little about how the toolchain works that seems backwards. It's probably in the SConstruct file somewhere. I might have a better answer later.
Also, no shared library linking? J/k