| « Keeping track of Trac wikis | Mailserver problemer igen » |
Grub problems on hardened
Yesterday I updated my laptop for the first time i a month and had to update 240+ packages including KDE. All in all the upgrade went smoothely, I only had to skip a few packages that won't compile with hardened GCC, most notably mplayer. However after the reboot it turned out I had a problem with GRUB and my system wouldn't boot. I got it quickly fixed with a bootable USB stick with SystemRescueCd, I only miss a 64 bit version for my other systems :( It turned out that my /boot partition was simply full.
At the same time it also turned out that GRUB wouldn't run on my AMD64 hardened desktop, whenever I tried to run grub or grub-install it would segfault. The only solution seems to compile it with vanilla GCC.
So now I'm back to recreating my home setup so I can actually print and share files:)
Note: I'm using GCC4.
Trackback address for this post
9 comments
Or just use grub-static on an amd64 desktop :-P Like you're supposed to do on multilib anyway ;)
2008-04-13 @ 16:34
Comment from: robbat2 [Visitor] 
Jaervosz: That sounds really weird. Could you get a full backtrace with debug and post a bug for me (I've been maintaining it in Gentoo lately).
And I know that kingtaco has 100+ amd64 hardened boxes with no segfaults in grub.
Chrstian:
grub should compile and work perfectly on multilib amd64 - it does on my boxes.
And I know that kingtaco has 100+ amd64 hardened boxes with no segfaults in grub.
Chrstian:
grub should compile and work perfectly on multilib amd64 - it does on my boxes.
2008-04-13 @ 19:12
Comment from: Rob [Visitor]
I, too, have an amd64 (3200+) and moved from an Athlon. I've not yet dared switching to a 64-bit system, but one indispensible tool in making the switch was INSERT Linux. Using partimage I backed up the existing partitions so they could be moved to my SATA drive.
I am not a guru, but I began my move to Gentoo while attempting to complete my engineering degree in November, 2004. Finances and other issues stopped the education, but I'm now stuck on Gentoo and now appreciate chroot! If Gentoo comes to an end so will be my computer use. (I use to be a CAD designer, but outsourcing and the American economy ended that, but perhaps Gentoo will open up some at home work?!)
Gentoo Rules! even with its imperfections!
I am not a guru, but I began my move to Gentoo while attempting to complete my engineering degree in November, 2004. Finances and other issues stopped the education, but I'm now stuck on Gentoo and now appreciate chroot! If Gentoo comes to an end so will be my computer use. (I use to be a CAD designer, but outsourcing and the American economy ended that, but perhaps Gentoo will open up some at home work?!)
Gentoo Rules! even with its imperfections!
2008-04-13 @ 20:48
Comment from: Xake [Visitor]
I guess you are using kevquinns overlay? Some time ago this started to happening for me too. I do not have a clue why it is happening, but I know what is happening: for some reson PIE is not filtered by the eclass as it should.
Short way to make sure of this: look at your build log and if it says just after Unpacking that it does not filter PIE becouse it can't find nopie or nopiessp spec files, then you have this issue too. I have not had the time diving in to why.
The segfault I have had on one of my boxes (the one that did not have the PIE-filtering-problem) and fixed it temporary with a patch from debian adding stdvars into the offending functions (does not remember in my head which). I have not have had the time diving in to why this happends either.
But I guess this may be a starting point when trying to find out what went wrong.
Short way to make sure of this: look at your build log and if it says just after Unpacking that it does not filter PIE becouse it can't find nopie or nopiessp spec files, then you have this issue too. I have not had the time diving in to why.
The segfault I have had on one of my boxes (the one that did not have the PIE-filtering-problem) and fixed it temporary with a patch from debian adding stdvars into the offending functions (does not remember in my head which). I have not have had the time diving in to why this happends either.
But I guess this may be a starting point when trying to find out what went wrong.
2008-04-13 @ 21:33
Comment from: jaervosz [Member]
Yes, I've been using kevquinns overlay at some point, so that sounds like the likely cause. I really haven't had the time to dig into this issue, since I've had a ton of other problems after a harddisk crash:(
2008-04-13 @ 23:14
As phreak said, you need to be using grub-static with hardened. I think remember a documentation change we had to make for this.
2008-04-14 @ 02:46
Comment from: Xake [Visitor]
I do not have to use grub-static. It worked fine on my systems as long as PIE was nicely filtered. But as that broke on my system, then... well, You could guess.
2008-04-14 @ 23:07
Comment from: Xake [Visitor]
Ok, I found the fix:
Open up the toolchain-funcs.eclass you are using in your favorite editor.
Browse to the function _gcc-install-dir().
Change the line:
awk '$1=="install:" {print $2}')"
to
awk '$1=="installation:" {print $2}')"
and filter-flag -fPIE will work once again.
Open up the toolchain-funcs.eclass you are using in your favorite editor.
Browse to the function _gcc-install-dir().
Change the line:
awk '$1=="install:" {print $2}')"
to
awk '$1=="installation:" {print $2}')"
and filter-flag -fPIE will work once again.
2008-04-15 @ 21:19
Comment from: Xake [Visitor]
Scratch that: you should just force that function to LC_ALL="C" instead of to follow your own LC_ALL as it breaks the "awk".
2008-04-15 @ 22:02
Comment feed for this postLeave a comment
