On Mon, Feb 11, 2008 at 11:24:49PM +0100, Penguin Lover Alex Schuster squawked: > I emerged -e again, this time without distcc and ccache. All compiled fine, > except for media-video/mplayer-1.0_rc2_p24929-r1 (vf_decimate.c:26: error: > can't find a register in class `BREG' while reloading `asm') and
http://bugs.gentoo.org/show_bug.cgi?id=175627 Like you found below, it can be avoided using vanilla GCC. That is why I still only have mplayer-1.0_rc1-r2, that one compiled okay. > I then decided to harden my desktop PC, too. I want to get some experience > with the hardened setup, and I want that machine to be able to act as a > distcc server for another hardened machine which will be set up soon. > x11-misc/xscreensaver-5.04: > lockward.c:59: error: syntax error before "uint8_t" Not a problem with hardened. http://bugs.gentoo.org/show_bug.cgi?id=208731 Meanwhile, downgrade to 5.03, that one works. > But most annoying is that the nvidia drivers do not seem to work. First, what card and which drivers? I have an old card that is not supported by drivers >= 1.0.9700, so ... scratch that, I didn't notice that the versioning scheme changed. http://www.gentoo.org/doc/en/nvidia-guide.xml > they refused to compile telling me that this would do more harm than good > with a hardened setup. I put them into packages.unmask, now they compile > and the nvidia module loads, but still X has no GLX, xorg.0.log > says "Failed to initialize GLX extension (NVIDIA X driver not found)", This really does not sound like a hardened issue... I need to upgrade my drivers to the 96.* to see if I can reproduce your problem, but with 1.0.8776 (from two years ago) I definitely do not have your problem. > glxinfo segfaults. I guess I will try to re-compile all X stuff with the > vanilla gcc. glxinfo segfaulting is expected. Do you have chpax/paxctl installed? There are a metric shitload of stuff that will run afoul of pax on hardened. A quick list from my /etc/conf.d/chpax has (admittedly, this is info that is two years old, since chpax is obsolete and hasn't been updated) java, wine, xorg, xine, openoffice, mplayer, mozilla, firefox, glxinfo, glxgears, ut2004, skype glxinfo has problem with mprotect. Check your system log, there should be something to that effect when your hardened system shuts glxinfo down. I have my entire system on the hardened profile (including X and nvidia [yes, despite the warnings of the hardened team about nvidia]) and no problems. My guess is that your problem with GLX lies somewhere else. > Would it be possible to make these changes permanent, that is, can I tell > portage to compile specific packages with a specific > compiler? /etc/portage/package.compilerflavor or something? Don't know. On the wiki there is a way to switch CFLAGS, don't know if something like that can be used to strip SSP and/or PIC flags from the hardened. W -- "Somebody has suggested that as a solution to global warming we just change the earth's orbit a little bit. Personally, I'm not too keen to carry out this experiment quite yet." ~DeathMech, S. Sondhi. P-town PHY 205 Sortir en Pantoufles: up 431 days, 12:37 -- gentoo-user@lists.gentoo.org mailing list
