fortify hardening still overrides debug builds in many cases #60919
Comments
|
As a more universal workaround, one might want to use the catch-all for example when the build error is |
|
Thank you for your contributions. This has been automatically marked as stale because it has had no activity for 180 days. If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity. Here are suggestions that might help resolve this more quickly:
|
stale
bot
added
the
2.status: stale
|
still an issue, but not really important to me |
stale
bot
removed
the
2.status: stale
This is asinine behaviour. See: - NixOS/nixpkgs#18995 - NixOS/nixpkgs#60919
|
I marked this as stale due to inactivity. → More info |
stale
bot
added
the
2.status: stale
|
still important to me |
stale
bot
removed
the
2.status: stale
ghost
mentioned this issue
|
@nh2 maybe we should implicitly disabled the fortify hardening if the build type is debug? That seems to be the most logical solution, IIUC. |
|
Just putting this here since it backlinks to the old issue. This behavior impacts people working with Go as well, I have to disable fortify to make I don't know the infrastructure good enough to decide if the "unable to run delve" should be another issue on its own |
|
This also impact scala-native - can't seem to not have fortify hardening applied. |
This disables '_FORTIFY_SOURCE' Werrors trying to compile wlroots. Long standing issue in NixOS/nixpkgs#60919 afaik. After this change you should be able to: ``` nix develop mmeson setup build -Dbuildtype=debug ninja -C build ```
This disables '_FORTIFY_SOURCE' Werrors trying to compile wlroots. Long standing issue in NixOS/nixpkgs#60919 afaik. After this change you should be able to: ``` nix develop mmeson setup build -Dbuildtype=debug ninja -C build ```
nixpkgs enables fortification by default, which adds `-O2` flag to gcc. This breaks the debug build. For more info, see: NixOS/nixpkgs#60919 NixOS/nixpkgs#18995 I also manually added `-O0` flag in debug flags in cmake. This is, gcc would complain if I forgot to disable fortification.
This is in some way a continuation of #18995 GCC has unwanted flags.
Even though that one is marked as solved, I have over the last 2 years encountered many situations where silently
-O2 -D_FORTIFY_SOURCE=2is added to builds where I have explicitly requested that a debug build be done (which should result in-O0/ no-Oflag being passed).For example, right now on meson-based builds (on Darwin, but I believe on Linux too), if I set
it does not have the desired effect unless I also add
because the fortify hardening adds
-O2 -D_FORTIFY_SOURCE=2no matter what.The same happend to me in various C++ builds, and it's always a big drag in development time when you just can't get your
-O0debug builds working.Reading the PR description of #28029, it says
so I suspect that this isn't good enough, because most development builds don't add
-O0explicitly -- instead they add no-Oflag at all, so even with the PR-O2is still added.I think we must do something about it because it's a total pain.
The text was updated successfully, but these errors were encountered: