Ghidra does not respect CFLAGS / LDFLAGS

[blshkv]

Hello,

I'm building Ghidra from source under gentoo using Portage environment (I also created an ebuild) and getting the following message:

QA Notice: Files built without respecting LDFLAGS have been detected
  Please include the following list of files in your report:
 /usr/share/ghidra/GPL/DemanglerGnu/os/linux_x86_64/demangler_gnu_v2_24
 /usr/share/ghidra/GPL/DemanglerGnu/os/linux_x86_64/demangler_gnu_v2_33_1
 /usr/share/ghidra/Ghidra/Features/Decompiler/os/linux_x86_64/decompile
 /usr/share/ghidra/Ghidra/Features/Decompiler/os/linux_x86_64/sleigh

See the following bug reports for more details: https://github.com/pentoo/pentoo-overlay/issues/1131 https://github.com/pentoo/pentoo-overlay/issues/1132

A typical fix could look like this:

-       $(CPP) $(LINKOBJ) -o $(BIN) $(LIBS)
+       $(CPP) $(LDFLAGS) $(LINKOBJ) -o $(BIN) $(LIBS)

[ryanmkurtz]

Since we do not experience this warning in our build environment, you are going to have to supply the confirmed fix to the Ghidra codebase for us to consider taking an action. Thanks!

[blshkv]

forgot to mentioned, that Gentoo uses the following script to report this bug: https://github.com/gentoo/portage/blob/master/bin/install-qa-check.d/10ignored-flags It based on the "scanelf" utility output and the script comes with the default "portage" packet manager

[ryanmkurtz]

Can you provide me the scanelf command line args to use to test out a potential fix?

[blshkv]

It's not just one line. From what I can see from the script, Gentoo check it by adding "-Wl,--defsym=__gentoo_check_ldflags__=0" to LDFLAGS global settings. Next, your Makefile should export like this:

LDFLAGS?=${LDFLAGS}
$(CPP) $(LDFLAGS) $(LINKOBJ) -o $(BIN) $(LIBS)

After compilation (do not strip it!), search for that string using a command like this: scanelf -qyRF '#s%p' -s __gentoo_check_ldflags__ ./my_bin_file

[ryanmkurtz]

Note that we use Gradle to build our natives, so the suggested fix will not directly apply.

[blshkv]

Yes, that's why I don't know how to apply a similar fix here. But you do have a makefile though: https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Features/Decompiler/src/decompile/cpp/Makefile

[ryanmkurtz]

That is not used in the build process that you referenced above.

[ryanmkurtz]

I don't have Gentoo, but I'm assuming that is needed to reproduce this right?

[blshkv]

nop, you can specify any custom CFLAGS / LDFLAGS global values (by exporting it into your env) and check if it would be propagated into binaries as I described above: https://github.com/NationalSecurityAgency/ghidra/issues/4472#issuecomment-1196492283

Alternatively, yes you can download Pentoo live ISO, and run our ebuild to check it:

cd /var/db/repos/pentoo-overlay/dev-util/ghidra
ebuild ghidra-10.1.5-r1.ebuild install

[ryanmkurtz]

I've spent some time trying to get a pentoo VM up and running to test this, but had some issues with getting a network interface up. I've basically run out of the time I had allotted myself to debug this. I think the best way forward is to let someone with a vested interest in it getting fixed submit a PR which we can then consider accepting.

[0x14307]

So I decided to look at this using a fresh Gentoo install with the overlay & see if I could reproduce it. Both with common CFLAGS & the ones used in the listed issue above I could not find any sort of errors and was able to compile it just fine. I'll try it again tomorrow with a pentoo VM and find anything else that way,

[blshkv]

You can use Gentoo with overlay too, but please add the following line to /etc/porage/make.conf:

#FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"

That should enable all QA checks. Next, run the following:

cd /var/db/repos/pentoo-overlay/dev-util/ghidra/
ebuild ghidra-10.1.5-r1.ebuild clean install 

[0x14307]

Did this solve it on your end?

[blshkv]

no, these are the steps how to reproduce the issue. You still need to fix Gradle build scripts to respect global CFLAGS / LDFLAGS values

[0x14307]

Ah I see, I was using the ones given in the other issues you cited but I can look with the ones you just listed.

[0x14307]

@blshkv Is this during the compilation of Ghidra itself? I was just able to run it just fine with the configs you just listed.

[blshkv]

You should see the message after running Ebuild install step

[0x14307]

I can't find that folder, do you know where else it could be?

[blshkv]

You can get it from emerge --info, Try: /var/db/pentoo

[0x14307]

I grabbed it from /var/lib/layman/pentoo/dev-util/ghidra and built it. Zero problems here.

[blshkv]

Have you changed features settings? Can you run ebuild ghidra-10.1.5-r1.ebuild clean install and upload ../temp/build.log file? and emerge --info > emerge_info.txt too.

[0x14307]

Build log

Emerge info

I'm most likely certain this is an error that happens on your machine and your machine only, I haven't been able to reproduce anything you have said has happened so I'm certain this is just a case of "works on my machine"

[blshkv]

the /etc/portage/make.conf seems missing the following:

# -frecord-gcc-switches (if present in all of CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS) detects missing CFLAGS usage
COMMON_FLAGS="-march=native -O2 -pipe -frecord-gcc-switches"

CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"

# You can use ${COMMON_FLAGS} here, but please remember to include as-needed manually then.
# Enables a Portage QA check to report when LDFLAGS is not respected
LDFLAGS="${LDFLAGS} -Wl,--defsym=__gentoo_check_ldflags__=0"

https://wiki.gentoo.org/wiki/Package_testing

[blshkv]

your --defsym=gentoo_check_ldflags=0 is also missing __ (double underscore) suffix and prefix, that may be important.

[blshkv]

a new bug related was reported in the build env recently: https://github.com/pentoo/pentoo-overlay/issues/1236 Could you have a look at it too please, since you are on it.

<=------------> 11% EXECUTING [16s]> IDLE> IDLE> IDLE> IDLE<-------------> 0% WAITINGNote: /var/tmp/portage/dev-util/ghidra-10.1.5-r1/work/ghidra-Ghidra_10.1.5_build/GPL/DMG/src/dmg/java/mobiledevices/dmg/ghidra/GRandomAccessFile.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* What went wrong:
Execution failed for task ':Framework-Debugging:compileExpCloneExecExecutableExpCloneExecC'.
> Error while evaluating property 'compilerVersion' of task ':Framework-Debugging:compileExpCloneExecExecutableExpCloneExecC'
   > No tool chain is available to build for platform 'linux_x86_64':
       - Tool chain 'gcc' (GNU GCC):
           - Could not find C compiler 'gcc' in system path.

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
==============================================================================

2: Task failed with an exception.
-----------
* What went wrong:
Execution failed for task ':Decompiler:compileDecompileLinux_x86_64ExecutableDecompileCpp'.
> Error while evaluating property 'compilerVersion' of task ':Decompiler:compileDecompileLinux_x86_64ExecutableDecompileCpp'
   > No tool chain is available to build for platform 'linux_x86_64':
       - Tool chain 'gcc' (GNU GCC):
           - Could not find C compiler 'gcc' in system path.

[blshkv]

http://nlrtm1-edge2.cdn.i3d.net/o1/k9999/pub/gentoo-portage/dev-java/openjfx/files/11/respect-user-cflags-11.0.11.patch

found a patch to fix a similar issue. It might give you some ideas.