On Fri, Jul 17, 2020 at 3:24 PM Niels Möller nisse@lysator.liu.se wrote:

Jeffrey Walton noloader@gmail.com writes:

...

Hi Everyone,

I build OpenSSH for downlevel machines, like OS X and Solaris. I install into /opt/ssh, and I use a runpath of $ORIGIN/../lib. The LDFLAGS are:

-Wl,-runpath,'$ORIGIN/../lib' -Wl,-runpath,$(prefix)/lib

-Wl,--enable-new-dtags

I noticed Nettle does not handle the ORIGIN-based runpath properly:

/opt/ssh/lib/libhogweed.so.6: RUNPATH: RIGIN/../lib:/opt/ssh/lib RPATH: RIGIN/../lib:/opt/ssh/lib

Indeed looks like missing a quote/escape problem. Does it work with other packages using autconf? How? I would suggest adding the quotes in the input, i.e., set

LDFLAGS='-Wl,-runpath,'$$ORIGIN/../lib' -Wl,-runpath,$(prefix)/lib ...'

when running configure.

Since you specify $(prefix), a Makefile-level substitution, and expect that to work, it seems reasonable to me to use Makefile-style syntax, including needed escapes, also for $ORIGIN.

...

I believe the fix is to escape the dollar sign in the makefile. That is, when Nettle creates its makefiles, it must use:

-Wl,-runpath,'$$ORIGIN/../lib' ...

Where do you suggest that substitution be made? And how would Nettle's configure script or Makefile know that you intend the $ in '$ORIGIN' to be escaped, but not the $ in '$(prefix)' ?

I admit I'm quite skeptical, and I also think it's important to stay consistent with how LDFLAGS is handled in other GNU packages. But if you can suggest a good way to do it, I'm happy to listen.

You have to fix the makefiles. If you escape the dollar signs in LDFLAGS, then Autotools will fail its conftests because they don't use a makefile. Autotools conftests use CFLAGS, LDFLAGS (and friends) directly.

Run this after you write out your Makefiles. You can probably add it to configure.ac since configure.ac is just another script.

# We want the leading single quote, and the trailing slash. origin1=$(echo "'"'$ORIGIN/' | sed -e 's/[/&]/\&/g') origin2=$(echo "'"'$$ORIGIN/' | sed -e 's/[/&]/\&/g')

IFS="" find "./" -name 'Makefile' -print | while read -r file do chmod a+w "$file" sed -e "s/$origin1/$origin2/g" \ -e "s/GZIP_ENV = --best/GZIP_ENV = -9/g" \ "$file" > "$file.fixed" mv "$file.fixed" "$file" chmod a-w "$file" done

You can add additional expressions to the sed for $LIB and $PLATFORM.

Don't use 'sed -i' because it is not portable and fails on AIX and OS X (and possibly others, like the BSDs and BusyBox). Sed to a new file, and then move the new file to the old file.

The Gzip expression is due to '--best'. That's a GNU extension, and fails for BusyBox and other non-GNU systems, like Alpine Linux.

Jeff

On Mon, Jul 20, 2020 at 8:04 AM Niels Möller nisse@lysator.liu.se wrote:

Jeffrey Walton noloader@gmail.com writes:

...

You have to fix the makefiles. If you escape the dollar signs in LDFLAGS, then Autotools will fail its conftests because they don't use a makefile. Autotools conftests use CFLAGS, LDFLAGS (and friends) directly.

In that case, how is your "-Wl,-runpath,$(prefix)/lib" handled at that stage?

I'll reach out to other GNU maintainers to ask for advice. I don't want to depart much from what others do here.

$(prefix) is expanded to a path. It is no longer a variable.

Here's how my variables look on Ubuntu 18.04:

PREFIX: /usr/local LIBDIR: /usr/local/lib

AUTOCONF_BUILD: x86_64-pc-linux-gnu PKG_CONFIG_PATH: /usr/local/lib/pkgconfig CPPFLAGS: -I/usr/local/include -DNDEBUG ASFLAGS: -Wa,--noexecstack CFLAGS: -g2 -O2 -march=native -fPIC -pthread CXXFLAGS: -g2 -O2 -march=native -fPIC -pthread LDFLAGS: -L/usr/local/lib -Wl,-R,'$ORIGIN/../lib' -Wl,-R,/usr/local/lib -Wl,--enable-new-dtags -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,origin LDLIBS: -ldl -lpthread

It looks like Nettle is one of three libraries that don't handle the rpath tokens well. The other two are Perl and OpenLDAP.

Nettle is pretty easy to fix with editelf and patchelf. I can patch the programs and libraries after 'make' and 'make check'. Perl and OpenLDAP resist the fix by building shit during 'make install'. I don't have access to the programs and libraries at that point.

Jeff