From owner-freebsd-stable@freebsd.org  Tue Nov 29 09:22:09 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40B6DC5963D;
 Tue, 29 Nov 2016 09:22:09 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D6EE01290;
 Tue, 29 Nov 2016 09:22:05 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from tom.home (kib@localhost [127.0.0.1])
 by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id uAT9M0qI009034
 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Tue, 29 Nov 2016 11:22:00 +0200 (EET)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua uAT9M0qI009034
Received: (from kostik@localhost)
 by tom.home (8.15.2/8.15.2/Submit) id uAT9M0DP009033;
 Tue, 29 Nov 2016 11:22:00 +0200 (EET)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Tue, 29 Nov 2016 11:22:00 +0200
From: Konstantin Belousov <kostikbel@gmail.com>
To: Dewayne Geraghty <dewaynegeraghty@gmail.com>
Cc: freebsd-stable stable <freebsd-stable@freebsd.org>, toolchain@freebsd.org
Subject: Re: How to turn off SSP stack-protector on 11.0S
Message-ID: <20161129092200.GU54029@kib.kiev.ua>
References: <CAGnMC6oftf7+0CLyDWGDjh9y=3dTTpMDrS6+dB=+MBXQ6DKkPQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGnMC6oftf7+0CLyDWGDjh9y=3dTTpMDrS6+dB=+MBXQ6DKkPQ@mail.gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 09:22:09 -0000

On Tue, Nov 29, 2016 at 12:32:28PM +1100, Dewayne Geraghty wrote:
> Is WITHOUT_SSP actually honoured and is building a world and/or ports
> without SSP possible? Advise/suggestions appreciated.
> 
> Amongst the 9 different server configurations that we build/support, we've
> been asked to build a machine dedicated to PROLOG use.  (yes really).
> 
> As such we're trying to turn off everything that isn't needed for this
> particular server.  For those concerned with security, it is an air-gap
> machine receiving data via usb.
> 
> We've built/installed 11.0S from source.  Now we're building the custom
> server.  However, even with WITHOUT_SSP= in both /etc/make.conf and
> /etc/src.conf, we come up against little issues like:
> "can not find /usr/lib/libssp_nonshared.a"
So, does your host have /usr/lib/libssp_nonshared.a ?  How did you installed
11.0, and what does designator 11.0S above mean ?

Easy way out is to claim that r307146 should help you, but I suspect that
there is something more broken in your configuration or build/install
method.

> 
> An example:
> Stage 2.3: build tools
> ===> bin/csh (obj,build-tools)
> grep 'ERR_' /usr/src/bin/csh/../../contrib/tcsh/sh.err.c | grep '^#define'
> >> sh.err.h
> cc -E -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG
> -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
> -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
> -std=gnu99 -Qunused-arguments
> -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
> /usr/src/bin/csh/../../contrib/tcsh/tc.const.c
> /usr/src/bin/csh/../../contrib/tcsh/sh.char.h /usr/src/bin/csh/config.h
> /usr/src/bin/csh/../../contrib/tcsh/config_f.h
> /usr/src/bin/csh/../../contrib/tcsh/sh.types.h sh.err.h -D_h_tc_const |
> grep 'Char STR' |  sed -e 's/Char \([a-zA-Z0-9_]*\)\(.*\)/extern Char
> \1[];/' |  sort >> tc.const.h
> cc -o gethost  -L/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/lib -O2
> -pipe -g0 -ggdb0 -DSTRIP_FBSDID  -UDEBUGGING -UDEBUG
> -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
> -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
> -std=gnu99 -Qunused-arguments
> -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
> /usr/src/bin/csh/../../contrib/tcsh/gethost.c
> /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
> cc: error: linker command failed with exit code 1 (use -v to see invocation)
> *** [gethost] Error code 1
> 
> Note the
> /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
> 
> It seems that the linker is trying to use the above library during the
> build of all static images/executables.

P.S. Toolchain@ is the place where you more likely to get a useful feedback.