Skip to content

remove some format hardenings#41192

Merged
peti merged 7 commits intoNixOS:masterfrom
oxij:tree/hardening-unformat
May 29, 2018
Merged

remove some format hardenings#41192
peti merged 7 commits intoNixOS:masterfrom
oxij:tree/hardening-unformat

Conversation

@oxij
Copy link
Member

@oxij oxij commented May 29, 2018

Motivation for this change

Fixing fallout from #28029 and continuing #39463.

Things done
  • Everything built before rebase.

@oxij oxij requested a review from peti as a code owner May 29, 2018 03:40
@oxij oxij force-pushed the tree/hardening-unformat branch from 75b5d0b to 486948f Compare May 29, 2018 03:41
This was referenced May 29, 2018
Merged
Closed
@GrahamcOfBorg GrahamcOfBorg added 6.topic: haskell General-purpose, statically typed, purely functional programming language 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. labels May 29, 2018
@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on x86_64-linux (full log)

Attempted: a52dec, libgdiplus, tinyxml

Partial log (click to expand)

post-installation fixup
moving /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/man to /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/share/man
shrinking RPATHs of ELF executables and libraries in /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4
shrinking /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/bin/a52dec
shrinking /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/bin/extract_a52
gzipping man pages under /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/share/man/
strip is /nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/lib  /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4/bin
patching script interpreter paths in /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4
checking for references to /build in /nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4...

@oxij
Copy link
Member Author

oxij commented May 29, 2018

@GrahamcOfBorg build linuxPackages.perf haskellPackages.ghc802

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on x86_64-linux (full log)

Attempted: linuxPackages.perf

The following builds were skipped because they don't evaluate on x86_64-linux: haskellPackages.ghc802

Partial log (click to expand)

/nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44/libexec/perf-core/scripts/perl/bin/rw-by-file-report: interpreter directive changed from "/bin/bash" to "/nix/store/m47apl3hq3i52fzy2cz24378p0xn4lyx-bash-4.4-p19/bin/bash"
/nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44/libexec/perf-core/scripts/perl/rwtop.pl: interpreter directive changed from "/usr/bin/perl -w" to "/nix/store/kag4rrbjj5hih61dlagry62v82l0gscw-perl-5.24.3/bin/perl -w"
/nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44/libexec/perf-core/scripts/perl/wakeup-latency.pl: interpreter directive changed from "/usr/bin/perl -w" to "/nix/store/kag4rrbjj5hih61dlagry62v82l0gscw-perl-5.24.3/bin/perl -w"
/nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44/libexec/perf-core/perf-with-kcore: interpreter directive changed from "/bin/bash" to "/nix/store/m47apl3hq3i52fzy2cz24378p0xn4lyx-bash-4.4-p19/bin/bash"
checking for references to /build in /nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44...
moving /nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44/lib64/* to /nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44/lib
shrinking RPATHs of ELF executables and libraries in /nix/store/929f5q1zbf6gwa4l4bq4kra9w0rg3jx5-perf-linux-4.14.44-debug
patching script interpreter paths in /nix/store/929f5q1zbf6gwa4l4bq4kra9w0rg3jx5-perf-linux-4.14.44-debug
checking for references to /build in /nix/store/929f5q1zbf6gwa4l4bq4kra9w0rg3jx5-perf-linux-4.14.44-debug...
/nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on aarch64-linux (full log)

Attempted: linuxPackages.perf

The following builds were skipped because they don't evaluate on aarch64-linux: haskellPackages.ghc802

Partial log (click to expand)

/nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44/libexec/perf-core/scripts/perl/rw-by-file.pl: interpreter directive changed from "/usr/bin/perl -w" to "/nix/store/0cicmg6kkz0r056kxhcfwgmf4wjr3ham-perl-5.24.3/bin/perl -w"
/nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44/libexec/perf-core/perf-with-kcore: interpreter directive changed from "/bin/bash" to "/nix/store/vnb8q2h7951gd551nm2vq2g6n8296g5b-bash-4.4-p19/bin/bash"
/nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44/libexec/perf-core/perf-archive: interpreter directive changed from "/bin/bash" to "/nix/store/vnb8q2h7951gd551nm2vq2g6n8296g5b-bash-4.4-p19/bin/bash"
/nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44/libexec/perf-core/tests/attr.py: interpreter directive changed from " /usr/bin/python" to "/nix/store/1xkxxrd2sd8q78icm687ac8si9miak45-python-2.7.15/bin/python"
checking for references to /build in /nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44...
moving /nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44/lib64/* to /nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44/lib
shrinking RPATHs of ELF executables and libraries in /nix/store/3wi0hsdx5yhqjm53nx5s6086ks5p4nz8-perf-linux-4.14.44-debug
patching script interpreter paths in /nix/store/3wi0hsdx5yhqjm53nx5s6086ks5p4nz8-perf-linux-4.14.44-debug
checking for references to /build in /nix/store/3wi0hsdx5yhqjm53nx5s6086ks5p4nz8-perf-linux-4.14.44-debug...
/nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44

@oxij
Copy link
Member Author

oxij commented May 29, 2018

@GrahamcOfBorg build haskell.compiler.ghc802

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

No attempt on aarch64-linux (full log)

The following builds were skipped because they don't evaluate on aarch64-linux: haskell.compiler.ghc802

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on x86_64-linux (full log)

Attempted: haskell.compiler.ghc802

Partial log (click to expand)

strip is /nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/vnzhm68hg3minr68ckcflndhfiphkgsd-ghc-8.0.2-man
checking for references to /build in /nix/store/vnzhm68hg3minr68ckcflndhfiphkgsd-ghc-8.0.2-man...
shrinking RPATHs of ELF executables and libraries in /nix/store/m7wrj3pfgjxnw62pq924ba8jwasdbxm6-ghc-8.0.2-doc
/nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip is /nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip
strip is /nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/m7wrj3pfgjxnw62pq924ba8jwasdbxm6-ghc-8.0.2-doc
/nix/store/m7wrj3pfgjxnw62pq924ba8jwasdbxm6-ghc-8.0.2-doc/share/doc/ghc/html/libraries/gen_contents_index: interpreter directive changed from "/bin/sh" to "/nix/store/m47apl3hq3i52fzy2cz24378p0xn4lyx-bash-4.4-p19/bin/sh"
checking for references to /build in /nix/store/m7wrj3pfgjxnw62pq924ba8jwasdbxm6-ghc-8.0.2-doc...
/nix/store/f7jhkc1frnqb37l7h3gi51y4vc8qnwry-ghc-8.0.2

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on aarch64-linux (full log)

Attempted: a52dec, libgdiplus, tinyxml

Partial log (click to expand)

post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/g2ws2p2qggz29l3m9klymln4i67k2ch4-libgdiplus-2.10.9
shrinking /nix/store/g2ws2p2qggz29l3m9klymln4i67k2ch4-libgdiplus-2.10.9/lib/libgdiplus.so.0.0.0
strip is /nix/store/8yfik687kfccisxnad42j19lfb7ij9b4-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/g2ws2p2qggz29l3m9klymln4i67k2ch4-libgdiplus-2.10.9/lib
patching script interpreter paths in /nix/store/g2ws2p2qggz29l3m9klymln4i67k2ch4-libgdiplus-2.10.9
checking for references to /build in /nix/store/g2ws2p2qggz29l3m9klymln4i67k2ch4-libgdiplus-2.10.9...
/nix/store/ff9wqbmjbi4dfbfjxlpnqgpamfh1blhb-a52dec-0.7.4p4
/nix/store/g2ws2p2qggz29l3m9klymln4i67k2ch4-libgdiplus-2.10.9
/nix/store/sx89pf3psyxxrn8zdq155ds3aa4jdj20-tinyxml-2.6.2

@xeji
Copy link
Contributor

xeji commented May 29, 2018

libgdiplus: see also #41187

@peti
Copy link
Member

peti commented May 29, 2018

How about haskell.packages.ghc842.ghc? It also seems to have trouble with the new hardening features: https://hydra.nixos.org/build/75026569. Or is that not related?

@oxij oxij force-pushed the tree/hardening-unformat branch from 486948f to 29757f3 Compare May 29, 2018 07:36
@oxij
Copy link
Member Author

oxij commented May 29, 2018 via email

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on aarch64-linux (full log)

Attempted: a52dec, linuxPackages.perf, tinyxml

The following builds were skipped because they don't evaluate on aarch64-linux: haskell.compiler.ghc802, haskell.compiler.ghc842

Partial log (click to expand)

in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.


/nix/store/ff9wqbmjbi4dfbfjxlpnqgpamfh1blhb-a52dec-0.7.4p4
/nix/store/phi6j1ybq9xkbrl64yj48c4acxsng7az-perf-linux-4.14.44
/nix/store/sx89pf3psyxxrn8zdq155ds3aa4jdj20-tinyxml-2.6.2

@GrahamcOfBorg
Copy link

GrahamcOfBorg commented May 29, 2018

Success on x86_64-linux (full log)

Attempted: a52dec, haskell.compiler.ghc802, haskell.compiler.ghc842, linuxPackages.perf, tinyxml

Partial log (click to expand)

/nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip is /nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip
strip is /nix/store/92d2ifxcni4n3zx9s8wnkcjlvnx5ajlc-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/s2fmlbgfydj5pf2pgb75l91d80cmk9f9-ghc-8.4.2-doc
/nix/store/s2fmlbgfydj5pf2pgb75l91d80cmk9f9-ghc-8.4.2-doc/share/doc/ghc/html/libraries/gen_contents_index: interpreter directive changed from "/bin/sh" to "/nix/store/m47apl3hq3i52fzy2cz24378p0xn4lyx-bash-4.4-p19/bin/sh"
checking for references to /build in /nix/store/s2fmlbgfydj5pf2pgb75l91d80cmk9f9-ghc-8.4.2-doc...
/nix/store/wrfqv2j2z9jzrgp2jln0k9q246lzir3s-a52dec-0.7.4p4
/nix/store/f7jhkc1frnqb37l7h3gi51y4vc8qnwry-ghc-8.0.2
/nix/store/qqpj7di0zjbfwpziz5bn8w2kf9cyn42c-ghc-8.4.2
/nix/store/xmissrgpzr4nmypcmphgf2mn5ni0xpzx-perf-linux-4.14.44
/nix/store/ps9drs0ya9l81nk3kida9hkd5qcfamli-tinyxml-2.6.2

@peti
Copy link
Member

peti commented May 29, 2018
edited
Loading

ghc-7.10.3 and ghc-head are also broken. :-(

I committed a246b6e6f8a33622d0be001391a9087820030134 and 8d36f159fa3dcdb2b8f4872787a4bf67748fd7db to the haskell-updates branch to fix.

EDIT: I needed two attempts to get the hyperlinks to the commits right.

@oxij
Copy link
Member Author

oxij commented May 29, 2018 via email

@peti peti merged commit 5418dfc into NixOS:master May 29, 2018
@oxij oxij deleted the tree/hardening-unformat branch September 8, 2018 22:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peti peti peti approved these changes

Assignees

No one assigned

Labels

6.topic: haskell General-purpose, statically typed, purely functional programming language 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@oxij @GrahamcOfBorg @xeji @peti