[<<][nixos][>>][..]
Sat Oct 26 12:39:07 EDT 2019

What is the actual error?

ok I see.
this is doing a parallel build.
that's why the errors are messed up.

Th actual error is this:


/usr/bin/g++  -I../../libcpp -I. -I../../libcpp/../include -I../../libcpp/include  -O2 -I/home/tom/exo/br/target/i586/host/include -W -Wall -Wno-narrowing -Wwrite-strings -Wmissing-format-attribute -pedantic -Wno-long-long  -fno-exceptions -fno-rtti -I../../libcpp -I. -I../../libcpp/../include -I../../libcpp/include   -c -o mkdeps.o -MT mkdeps.o -MMD -MP -MF .deps/mkdeps.Tpo ../../libcpp/mkdeps.c
../../libcpp/macro.c: In function 'bool create_iso_definition(cpp_reader*, cpp_macro*)':
../../libcpp/macro.c:3093:58: error: format not a string literal and no format arguments [-Werror=format-security]
        cpp_error (pfile, CPP_DL_ERROR, paste_op_error_msg);
                                                          ^
../../libcpp/macro.c:3106:58: error: format not a string literal and no format arguments [-Werror=format-security]
        cpp_error (pfile, CPP_DL_ERROR, paste_op_error_msg);
                                                          ^

Still an issue with gcc 6.5.0


On debian I use 6.3

Maybe try with 5?  (5.5.0)

Looks like that is working.

The fix should be done in libcpp or in buildroot.
Probably this is already fixed and I have an old image.

Anyway it seems we are going somewhere now.

It might still be nix:

https://unix.stackexchange.com/questions/356232/disabling-the-security-hardening-options-for-a-nix-shell-environment?rq=1

Nix compiler wrapper has an option to disable format-security.


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80895

That is a bug in GCC:

    GCC couldn't be compiled with `-Werror=format-security`, now it can.
    The motivation is here (although that post is somewhat outdated):


So this is actually mentioned in default.nix


It is definitely present in the shell:

piksi-env-chrootenv:tom@phoo:~/exo/br$ set |grep hard 
hardeningDisable=all

maybe this is only in a more recent one?

i guess it is easy enough to test.

Many people mention it, but I don't see this variable defined anywhere.

/nix/store/wnr08dppprnf7n1vwyxqag3fd64l99s6-gcc-wrapper-8.3.0/nix-support/add-hardening.sh

piksi-env-chrootenv:tom@phoo:~/exo/br$ NIX_DEBUG=1 gcc test.c
HARDENING: disabled flags: pie
HARDENING: Is active (not completely disabled with "all" flag)
HARDENING: enabling fortify
HARDENING: enabling stackprotector
HARDENING: enabling strictoverflow
HARDENING: enabling format
HARDENING: enabling pic
extra flags before to /nix/store/ihdxv6777cd071l9mnzkp6x1didax0qs-gcc-8.3.0/bin/gcc:
  -O2
  -D_FORTIFY_SOURCE=2
  -fstack-protector-strong
  --param
  ssp-buffer-size=4
  -fno-strict-overflow
  -Wformat
  -Wformat-security
  -Werror=format-security
  -fPIC
  -Wl\,-dynamic-linker
  -Wl\,/nix/store/681354n3k44r8z90m35hm8945vsp95h1-glibc-2.27/lib/ld-linux-x86-64.so.2
original flags to /nix/store/ihdxv6777cd071l9mnzkp6x1didax0qs-gcc-8.3.0/bin/gcc:
  test.c
extra flags after to /nix/store/ihdxv6777cd071l9mnzkp6x1didax0qs-gcc-8.3.0/bin/gcc:
  -B/nix/store/jrp13k1sl13jl8yqg5f69vikaivbjvm3-gcc-8.3.0-lib/lib
  -B/nix/store/681354n3k44r8z90m35hm8945vsp95h1-glibc-2.27/lib/
  -idirafter
  /nix/store/sr4253np2gz2bpha4gn8gqlmiw604155-glibc-2.27-dev/include
  -idirafter
  /nix/store/ihdxv6777cd071l9mnzkp6x1didax0qs-gcc-8.3.0/lib/gcc/x86_64-unknown-linux-gnu/8.3.0/include-fixed
  -B/nix/store/wnr08dppprnf7n1vwyxqag3fd64l99s6-gcc-wrapper-8.3.0/bin/
  -idirafter
  /usr/include
  -idirafter
  /usr/include
  -L/usr/lib
  -L/usr/lib32
  -L/usr/lib
  -L/usr/lib32
  -L/nix/store/681354n3k44r8z90m35hm8945vsp95h1-glibc-2.27/lib
  -L/nix/store/jrp13k1sl13jl8yqg5f69vikaivbjvm3-gcc-8.3.0-lib/lib
test.c: In function 'main':
test.c:4:2: error: format not a string literal and no format arguments [-Werror=format-security]
  printf(argv[1]);
  ^~~~~~
cc1: some warnings being treated as errors



So why is not not responding to hardeningDisable=all ?

Some magic is happening here.

I want to see exactly where this hardeningDisable variable is used.

Ok added it to default.nix
This moves it along.


It breaks again:

make[1]: Entering directory '/home/tom/exo/br/target/i586/build/host-ncurses-6.0/progs'
make[1]: *** No rule to make target '../include/curses.h', needed by '../obj_s/tic.o'.  Stop.
make[1]: Leaving directory '/home/tom/exo/br/target/i586/build/host-ncurses-6.0/progs'
make: *** [package/pkg-generic.mk:250: /home/tom/exo/br/target/i586/build/host-ncurses-6.0/.stamp_built] Error 2
make: Leaving directory '/home/tom/exo/deps/buildroot'

That directory does have curses.h.in
so it looks like something went wrong with the configuration

checking for prefix... /home/tom/exo/br/target/i586/host
...
checking where we will install curses.h... ${prefix}/include/ncurses

Yeah what the fuck ever.

menuconfig also doesn't work. maybe host curses setup is not ok.
Maybe it needs ncurses 6?

I'm trying the bbb variant.  Maybe better luck there.
Same problem.

Maybe start with "make menuconfig" not working?

EDIT: Revisit some basics.







[Reply][About]
[<<][nixos][>>][..]