Issue #14422 has been updated by vo.x (Vit Ondruch).


So I have another issue with the configuration options. I tried to enable GMP support in Ruby on Fedora. Therefore, the Ruby build requires not "gmp-devel" and the configuration scripts configures the ruby to linka against GMP. So far so good.

But later, when I want to build binary packages, they fails and this is the mkmf.log content:

~~~
"pkg-config --exists libffi"
| pkg-config --libs libffi
=> "-lffi \n"
"gcc -o conftest -I/usr/include -I/usr/include/ruby/backward -I/usr/include -I.    -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -mcet -fcf-protection conftest.c  -L. -L/usr/lib64 -L. -Wl,-z,relro  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -fstack-protector -rdynamic -Wl,-export-dynamic  -m64   -lruby  -lpthread -lgmp -ldl -lcrypt -lm   -lc"
/usr/bin/ld: cannot find -lgmp
collect2: error: ld returned 1 exit status
checked program was:
/* begin */
1: #include "ruby.h"
2: 
3: int main(int argc, char **argv)
4: {
5:   return 0;
6: }
/* end */
~~~

Apparently, the "-lgmp" is problematic, since I don't have gmp-devel installed in the buildroot for other packages. The link option should not be propagated for gems. They should pick their requirements by their configuration scripts.

----------------------------------------
Bug #14422: Ruby configuration options should not be reused for gem builds
https://bugs.ruby-lang.org/issues/14422#change-70737

* Author: vo.x (Vit Ondruch)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
When Fedora started to harden its packages, we quite often seen complains from our users about problems installing their gems, with errors such as [1]:

~~~
gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory
~~~

The issue as analyzed by Mamoru TASAKA is [2]:

> Well, if I am not mistaken, the real problem here is that rpm's %optflags is always embedded into Fedora's ruby config file, that is 
>
> /usr/lib64/ruby/rbconfig.rb:167:  CONFIG["CXXFLAGS"] = "-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -mtune=generic"
> /usr/lib64/ruby/rbconfig.rb:171:  CONFIG["CFLAGS"] = "-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -mtune=generic -fPIC"
>
> on x86_64, for example.
>
> Although I am not sure this is already discussed somewhere or not, basically I think changing the default CFLAGS of "system" ruby like this way is undesirable and ? installed "rbconfig.rb" should have some "minimal" CFLAGS / CXXFLAGS.
> ( for example, just like CONFIG["CFLAGS"] = "-fPIC" )
>
> Only when we build Fedora gems or so (on koji), we should change CFLAGS / CXXFLAGS explicitly afterwards using %optflags.

and Red Hat toolchain team responds [3]:

> The current advice of the Red Hat toolchain team is to keep distribution build flags and toolchain default flags separate.  This is why running gcc gives you the upstream defaults, and not the flags we use to compile Fedora packages.  For consistency, Ruby (and other compilation support tools) follow this pattern: Use distribution flags when building for Fedora, but use upstream flags when the user compiles packages (i.e., what Ruby uses, probably something involving -O2).
>
> Our build flags are fully ABI-compatible with each other, so mismatches will not cause any problems at the C/C++/ABI level.

The question is why Ruby does this and how we can avoid this behavior. We could force installation of redhat-rpm-config package, providing the "/usr/lib/rpm/redhat/redhat-hardened-cc1", to every ruby user, but that does not seems right. There are also other similar issues discussing this situation [4], [5]. Any thoughts?

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1284684
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1284684#c6
[3]: https://bugzilla.redhat.com/show_bug.cgi?id=1284684#c11
[4]: https://bugzilla.redhat.com/show_bug.cgi?id=1218294
[5]: https://bugzilla.redhat.com/show_bug.cgi?id=1432191



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>