Search:  
Gentoo Wiki

TIP_Building_OCaml_with_hardened_AMD64

Due to Gentoo bug #134403, OCaml (dev-lang/ocaml) does not currently install out of the box on Hardened Gentoo when on AMD64. The discussion in the bug report reveals that the problem relates to the PIE-enabled toolchain. Fortunately, Hardened allows you to switch toolchains on the fly, thus the solution.

Prerequisites

Installation

First, make sure what version of the hardened GCC toolchain you are using:

Code: shell
# gcc-config -l
 [1] x86_64-pc-linux-gnu-3.4.6 *
 [2] x86_64-pc-linux-gnu-3.4.6-hardenednopie
 [3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
 [4] x86_64-pc-linux-gnu-3.4.6-hardenednossp
 [5] x86_64-pc-linux-gnu-3.4.6-vanilla

This output would tell you that you have version 3.4.6 of the toolchain, and the "x86_64-pc-linux-gnu-3.4.6" choice is currently active. To build OCaml, you need to temporarily switch to the "-hardenednopie" toolchain:

Code: shell
# gcc-config x86_64-pc-linux-gnu-3.4.6-hardenednopie
 * Switching native-compiler to x86_64-pc-linux-gnu-3.4.6-hardenednopie ...
>>> Regenerating /etc/ld.so.cache...
  1. source /etc/profile

Next, just compile OCaml and switch back to the toolchain with all protections enabled -- to get full protection for executables that do work with the full hardened toolchain.

Code: shell
# emerge dev-lang/ocaml
[wait for it to build...]
>>> dev-lang/ocaml-3.09.2 merged.

# gcc-config x86_64-pc-linux-gnu-3.4.6
 * Switching native-compiler to x86_64-pc-linux-gnu-3.4.6 ...
>>> Regenerating /etc/ld.so.cache...
# source /etc/profile

Congratulations, you're done!

Feedback

Concerns or Compliments? Please use the Discussion section.

Retrieved from "http://www.gentoo-wiki.info/TIP_Building_OCaml_with_hardened_AMD64"

Last modified: Mon, 09 Apr 2007 01:11:00 +0000 Hits: 618