[Clfs-support] [clfs-embedded] Could not compile dropbear 2022.83 on i486-linux-musl

Michele Bucca michele.bucca at gmail.com
Sun Mar 24 17:06:55 PDT 2024 

Il giorno dom 24 mar 2024 alle ore 02:33 Michele Bucca
<michele.bucca at gmail.com> ha scritto:
>
> Hello there.
> Recently I'm trying to update the clfs-embedded book by using up to
> date packages. (https://michele13.github.io/clfs-embedded/x86/)
> Everything has worked so far until I've tried to compile  dropbear
> 2022.83.
> when I run the command
>
> make MULTI=1 \
>   PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
>
> I get the following error:
>
> i486-linux-musl-gcc --sysroot=/mnt/clfs/targetfs -Os -Wl,-z,now
> -Wl,-z,relro -Wl,-pie  -o dropbearmulti dbmulti.o atomicio.o bignum.o
> buffer.o chachapoly.o circbuffer.o cli-agentfwd.o cli-auth.o
> cli-authinteract.o cli-authpasswd.o cli-authpubkey.o cli-channel.o
> cli-chansession.o cli-kex.o cli-main.o cli-runopts.o cli-session.o
> cli-tcpfwd.o common-algo.o common-channel.o common-chansession.o
> common-kex.o common-runopts.o common-session.o compat.o crypto_desc.o
> curve25519.o dbhelpers.o dbmalloc.o dbrandom.o dbutil.o dh_groups.o
> dropbearconvert.o dropbearkey.o dss.o ecc.o ecdsa.o ed25519.o
> fake-rfc2553.o gcm.o gendss.o gened25519.o genrsa.o gensignkey.o
> keyimport.o list.o listener.o loginrec.o ltc_prng.o netio.o packet.o
> process-packet.o progressmeter.o queue.o rsa.o scp.o scpmisc.o
> signkey.o signkey_ossh.o sk-ecdsa.o sk-ed25519.o sshpty.o
> svr-agentfwd.o svr-auth.o svr-authpam.o svr-authpasswd.o
> svr-authpubkey.o svr-authpubkeyoptions.o svr-chansession.o svr-kex.o
> svr-main.o svr-runopts.o svr-service.o svr-session.o svr-tcpfwd.o
> svr-x11fwd.o tcp-accept.o termcodes.o libtomcrypt/libtomcrypt.a
> libtommath/libtommath.a -lz  -lcrypt
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/crtbegin.o:
> warning: relocation in read-only section `.text'
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> buffer.o: in function `buf_putmpint':
> buffer.c:(.text+0x723): undefined reference to `__stack_chk_fail_local'
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> chachapoly.o: in function `dropbear_chachapoly_crypt':
> chachapoly.c:(.text+0x1e2): undefined reference to `__stack_chk_fail_local'
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> chachapoly.o: in function `dropbear_chachapoly_getlength':
> chachapoly.c:(.text+0x2de): undefined reference to `__stack_chk_fail_local'
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> cli-agentfwd.o: in function `cli_load_agent_keys':
> cli-agentfwd.c:(.text+0x3a4): undefined reference to `__stack_chk_fail_local'
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> cli-auth.o: in function `recv_msg_userauth_banner':
> cli-auth.c:(.text+0x168): undefined reference to `__stack_chk_fail_local'
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> cli-auth.o:cli-auth.c:(.text+0x391): more undefined references to
> `__stack_chk_fail_local' follow
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> dropbearmulti: hidden symbol `__stack_chk_fail_local' isn't defined
> /mnt/clfs/cross-tools/lib/gcc/i486-linux-musl/13.2.0/../../../../i486-linux-musl/bin/ld:
> final link failed: bad value
> collect2: error: ld returned 1 exit status
> make: *** [Makefile:224: dropbearmulti] Error 1
>
> If I build the old version (2013.60) everything works.
> I've followed the book's instructions without chainging nothing. Do
> you know what might be the cause? I've also built the latest version
> of dropbear using another toolchain I built using this script
>
> https://github.com/michele13/linux-tools/blob/master/toolchains/toolchain-v2/x86_64-cross-linux-musl.sh
>
> and I don't get any problems. What do you think it's wrong with my
> clfs toolchain?

Ok, it seems that if the i486-linux-musl toolchain is built you can't
use -fstack-protector-all
https://github.com/GregorR/musl-cross/issues/45

So we have two solutions to build dropbear:
1. We patch GCC by applying this:
https://git.alpinelinux.org/aports/tree/main/gcc/0017-Alpine-musl-package-provides-libssp_nonshared.a.-We-.patch

2. We disable stack protections by prepending CFLAGS="$CFLAGS
-fno-stack-protector" to configure

Which one is better?

> I'e also compiled a test program found here
> (https://stackoverflow.com/questions/64679192/undefined-reference-to-stack-chk-fail-local)
> but I get the same error:
>
> int main()
> {
>   __stack_chk_fail_local();
>   return 0;
> }
>
> gcc -o exec x.c -Wl,-Map,x.map
>
> Cheers
> Michele Bucca

More information about the Clfs-support mailing list