Ubuntu
syslinux package

FTBFS: ‘-fcf-protection’ is not compatible with this target (i386)

Bug #2036757 reported by Paul Mars
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
syslinux (Ubuntu)
Fix Released
Undecided
Paul Mars

Bug Description

The build of syslinux 3:6.04~git20190206.bf6db5b4+dfsg1-3ubuntu1 targeting amd64 is failing with the following error:

gcc -MT bios.o -MD -MF ./.bios.o.d -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/syslinux-3:6.04~git20190206.bf6db5b4+dfsg1-3ubuntu1 -m32 -march=i386 -mpreferred-stack-boundary=2 -mincoming-stack-boundary=2 -ffreestanding -fno-stack-protector -fwrapv -freg-struct-return -Os -fomit-frame-pointer -mregparm=3 -DREGPARM=3 -msoft-float -fno-exceptions -fno-asynchronous-unwind-tables -fno-strict-aliasing -falign-functions=0 -falign-jumps=0 -falign-labels=0 -falign-loops=0 -fvisibility=hidden -g -W -Wall -Wstrict-prototypes -Wno-sign-compare -fcommon -I/<<PKGBUILDDIR>>/core/include -I/<<PKGBUILDDIR>>/com32/include -I/<<PKGBUILDDIR>>/com32/include/sys -I/<<PKGBUILDDIR>>/com32/lib -I/<<PKGBUILDDIR>>/core/lwip/src/include -I/<<PKGBUILDDIR>>/core/lwip/src/include/ipv4 -I/<<PKGBUILDDIR>>/core/fs/pxe -D__SYSLINUX_CORE__ -D__FIRMWARE_BIOS__ -I/<<PKGBUILDDIR>>/bios -DLDLINUX=\"ldlinux.c32\" -c -o bios.o /<<PKGBUILDDIR>>/core/bios.c
cc1: error: ‘-fcf-protection’ is not compatible with this target
make[5]: *** [/<<PKGBUILDDIR>>/mk/embedded.mk:66: bios.o] Error 1

Tags: ftbfs
Revision history for this message
Paul Mars (upils) wrote :

I compared with the most recent (2021-06-13) buildlog from the debian pkg here https://buildd.debian.org/status/fetch.php?pkg=syslinux&arch=amd64&ver=3%3A6.04~git20190206.bf6db5b4%2Bdfsg1-3%2Bb1&stamp=1623592451&raw=0 and the -fcf-protection flag is not present.

I will try to determine when it was added and why it is not compatible.

Found this similar bug https://bugs.launchpad.net/ubuntu/+source/gcc-11/+bug/1940029

The error message maybe misleading, because this flag is supposed to be compatible with the i386 arch (as per this doc https://wiki.ubuntu.com/ToolChain/CompilerFlags#A-fcf-protection).

Revision history for this message
Paul Mars (upils) wrote :

I can confirm the build is succeeding when this flag is explicitly set to none

GCCOPT += $(call gcc_ok,-fcf-protection=none,)

But I will keep digging because I do not want to disable this security feature if this is not the root cause.

Simon Chopin (schopin)
tags: added: ftbfs
Revision history for this message
Paul Mars (upils) wrote (last edit ):

On Mantic, with gcc (Ubuntu 13.2.0-3ubuntu1) 13.2.0 I was able to determine that the -fcf-protection flag os only working with -march=i686, and not previous x86 arch with:

- gcc -dM -E -x c -fcf-protection -m32 -march=i686 /dev/null

no error

- gcc -dM -E -x c -fcf-protection -m32 -march=i386 /dev/null

cc1: error: '-fcf-protection' is not compatible with this target

At this point I see 2 possible solutions:

- patch syslinux to set -fcf-protection flag to none. But I need to understand why this flag end up in the gcc command line in the first place.
- patch gcc to exclude -fcf-protection when targeting anything lower than i686. But I understand that was the goal of the patch to solve LP: #1940029. So I may miss something.

Revision history for this message
Matthias Klose (doko) wrote :

these flags are injected by dpkg-buildflags, however you are not really targeting amd64, but i386 (gcc -m32). Calling

DEB_HOST_ARCH=i386 dpkg-buildflags

should give you the correct build flags. Filtering out this flag should be a valid fix as well.

Revision history for this message
Paul Mars (upils) wrote :

The patch fixing the build.

Changed in syslinux (Ubuntu):
assignee: nobody → Paul Mars (upils)
Revision history for this message
Julian Andres Klode (juliank) wrote :

Disabling the security feature is fine because this is not run in secure contexts but on BIOS boot, patch looks good, I'm going to do a test build here and then sponsor.

Revision history for this message
Julian Andres Klode (juliank) wrote :

WRT the patch, you should be providing a debdiff and not just a patch to drop into debian/patches.

Revision history for this message
Paul Mars (upils) wrote :

Patch in debdiff format.

Revision history for this message
Paul Mars (upils) wrote (last edit ):

Cleaner debdiff

Julian Andres Klode (juliank)
Changed in syslinux (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package syslinux - 3:6.04~git20190206.bf6db5b4+dfsg1-3ubuntu2

---------------
syslinux (3:6.04~git20190206.bf6db5b4+dfsg1-3ubuntu2) mantic; urgency=medium

  * Fix build ignoring the new default -fcf-protection flag added
    by dpkg-buildflags. LP: #2036757

 -- Paul Mars <email address hidden> Thu, 21 Sep 2023 17:07:01 +0200

Changed in syslinux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.