search

ncroxon / gnu-efi

Develop EFI applications for ARM-64, ARM-32, x86_64, IA-64 (IPF), IA-32 (x86), and MIPS platforms using the GNU toolchain and the EFI development environment.
42 stars 10 forks source link

Disable RELRO #5

Closed gmbr3 closed 4 months ago

gmbr3 commented 4 months ago

No point having PT_GNU_RELRO as ELF data won't exist when merging into PE32+ file

Unbreaks lld usage which complains about linker script Fixes ncroxon/gnu-efi#4

hughsie commented 4 months ago

I've tried this on the flatpak cross-build and get:

ld -L/app/lib -Wl,-z,relro,-z,now -Wl,--as-needed  -nostdlib --warn-common --no-undefined --fatal-warnings --build-id=sha1 -z nocombreloc -z norelro -nostdlib --warn-common --no-undefined --fatal-warnings --build-id=sha1 -z nocombreloc -z norelro -shared -Bsymbolic -L/run/build/gnu-efi//apps/../x86_64/lib -L/run/build/gnu-efi//apps/../x86_64/gnuefi /run/build/gnu-efi//apps/../x86_64/gnuefi/crt0-efi-x86_64.o t.o -o t.so -lefi -lgnuefi /usr/lib/gcc/x86_64-unknown-linux-gnu/13.2.0/libgcc.a -T /run/build/gnu-efi//apps/../gnuefi/elf_x86_64_efi.lds

ld: unrecognized option '-Wl,-z,relro,-z,now'

gmbr3 commented 4 months ago

I've tried this on the flatpak cross-build and get:

ld -L/app/lib -Wl,-z,relro,-z,now -Wl,--as-needed  -nostdlib --warn-common --no-undefined --fatal-warnings --build-id=sha1 -z nocombreloc -z norelro -nostdlib --warn-common --no-undefined --fatal-warnings --build-id=sha1 -z nocombreloc -z norelro -shared -Bsymbolic -L/run/build/gnu-efi//apps/../x86_64/lib -L/run/build/gnu-efi//apps/../x86_64/gnuefi /run/build/gnu-efi//apps/../x86_64/gnuefi/crt0-efi-x86_64.o t.o -o t.so -lefi -lgnuefi /usr/lib/gcc/x86_64-unknown-linux-gnu/13.2.0/libgcc.a -T /run/build/gnu-efi//apps/../gnuefi/elf_x86_64_efi.lds

ld: unrecognized option '-Wl,-z,relro,-z,now'

Removing RELRO would break NOW aswell, I presume LD means you have conflicting options not that it doesn't know . Any idea where these options are coming from?? Flatpak defaults??

hughsie commented 4 months ago

Flatpak defaults??

Yup, you're completely correct -- it's from /etc/flatpak-builder/defaults.json -- opting out of that and with your patch it builds wonderfully. Thanks!