Improved OpenBSD support #436

Open
opened 2021-10-21 19:08:32 +00:00 by msavoritias · 4 comments

Go Version: go version go1.17 openbsd/amd64
OS: OpenBSD anon.my.domain 7.0 GENERIC.MP#232 amd64

I managed to install tea by working around the issue in a hacky way.
Apologies for the length of the ticket.
I structured it as a meta issue for OpenBSD support.

For tea to support OpenBSD it needs:

  • Some way to remove the -buildmode=pie option when make detects OpenBSD (#437)
  • Long term investigate why static doesnt build. Short term disable static build in OpenBSD. (#437)
  • (optionally) make Makefile compatible with non-GNU make.
  • (optionally) Implement plegde and unveil.

Steps I took:

  1. Run it as it said in the compiling instructions which got me this:
 make STATIC=true                
*** Parse error in /usr/obj/ports/tea: Need an operator in 'GO111MODULE=on' (Makefile:2)
*** Parse error: Need an operator in 'CGO_ENABLED=0' (Makefile:3)
*** Parse error: Missing dependency operator (Makefile:13)
*** Parse error: Need an operator in 'else' (Makefile:16)
*** Parse error: Need an operator in 'endif' (Makefile:23)
*** Parse error: Missing dependency operator (Makefile:29)
*** Parse error: Need an operator in 'endif' (Makefile:35)
No closing parenthesis in archive specification
*** Parse error: Error in archive specification: "(, Windows_NT)" (Makefile:43)
*** Parse error: Need an operator in 'else' (Makefile:45)
*** Parse error: Need an operator in 'endif' (Makefile:47)
*** Parse error: Missing dependency operator (Makefile:133)
*** Parse error: Need an operator in 'endif' (Makefile:135)

  1. Found that the issue may be due to OpenBSD not supporting realtime signals possibly.
    Issue Here.

  2. Installed gnu make following the issue above to see if I could sidestep the issue.
    Gave me this error:

go build -buildmode=pie  -mod=vendor -tags '' -ldflags '-X "main.Version=0.8.0+13-gac25e89" -X "main.Tags=" -s -w' -o tea
-buildmode=pie not supported on openbsd/amd64
gmake: *** [Makefile:136: tea] Error 1
  1. As a last effort to see how far I could go I removed the pie option from everywhere in the config. After running it again I got this:
enabling static build, make sure you have glibc-static (or equivalent) installed
go build  -mod=vendor -tags 'osusergo,netgo,static_build,' -ldflags '-X "main.Version=0.8.0+13-gac25e89" -X "main.Tags=" -s -w -linkmode=external -extldflags -X "main.Tags=osusergo,netgo,static_build,"' -o tea
# code.gitea.io/tea
usage: link [options] main.o
gmake: *** [Makefile:135: tea] Error 2

  1. Running:
gmake -linkshared 
go build  -mod=vendor -tags '' -ldflags '-X "main.Version=0.8.0+13-gac25e89" -X "main.Tags=" -s -w' -o tea

I got it to compile. But its obviously a hack.

Regards,

Marinus

Go Version: go version go1.17 openbsd/amd64 OS: OpenBSD anon.my.domain 7.0 GENERIC.MP#232 amd64 I managed to install tea by working around the issue in a hacky way. Apologies for the length of the ticket. I structured it as a meta issue for OpenBSD support. For tea to support OpenBSD it needs: - [x] Some way to remove the -buildmode=pie option when make detects OpenBSD (#437) - [x] Long term investigate why static doesnt build. Short term disable static build in OpenBSD. (#437) - [ ] (optionally) make `Makefile` compatible with non-GNU make. - [ ] (optionally) Implement plegde and unveil. Steps I took: 1. Run it as it said in the compiling instructions which got me this: ``` make STATIC=true *** Parse error in /usr/obj/ports/tea: Need an operator in 'GO111MODULE=on' (Makefile:2) *** Parse error: Need an operator in 'CGO_ENABLED=0' (Makefile:3) *** Parse error: Missing dependency operator (Makefile:13) *** Parse error: Need an operator in 'else' (Makefile:16) *** Parse error: Need an operator in 'endif' (Makefile:23) *** Parse error: Missing dependency operator (Makefile:29) *** Parse error: Need an operator in 'endif' (Makefile:35) No closing parenthesis in archive specification *** Parse error: Error in archive specification: "(, Windows_NT)" (Makefile:43) *** Parse error: Need an operator in 'else' (Makefile:45) *** Parse error: Need an operator in 'endif' (Makefile:47) *** Parse error: Missing dependency operator (Makefile:133) *** Parse error: Need an operator in 'endif' (Makefile:135) ``` 2. Found that the issue may be due to OpenBSD not supporting realtime signals possibly. [Issue Here](https://github.com/vivien/i3blocks/issues/278). 3. Installed gnu make following the issue above to see if I could sidestep the issue. Gave me this error: ``` go build -buildmode=pie -mod=vendor -tags '' -ldflags '-X "main.Version=0.8.0+13-gac25e89" -X "main.Tags=" -s -w' -o tea -buildmode=pie not supported on openbsd/amd64 gmake: *** [Makefile:136: tea] Error 1 ``` 4. As a last effort to see how far I could go I removed the pie option from everywhere in the config. After running it again I got this: ``` gmake STATIC=true enabling static build, make sure you have glibc-static (or equivalent) installed go build -mod=vendor -tags 'osusergo,netgo,static_build,' -ldflags '-X "main.Version=0.8.0+13-gac25e89" -X "main.Tags=" -s -w -linkmode=external -extldflags -X "main.Tags=osusergo,netgo,static_build,"' -o tea # code.gitea.io/tea usage: link [options] main.o gmake: *** [Makefile:135: tea] Error 2 ``` 5. Running: ``` gmake -linkshared go build -mod=vendor -tags '' -ldflags '-X "main.Version=0.8.0+13-gac25e89" -X "main.Tags=" -s -w' -o tea ``` I got it to compile. But its obviously a hack. Regards, Marinus
noerw added the
kind/build
label 2021-10-21 19:27:24 +00:00
Member

Thanks for trying that out, I was already wondering how tricky it would be to run on openbsd ;)

*** Parse error in /usr/obj/ports/tea: Need an operator in 'GO111MODULE=on' (Makefile:2)

It looks like having a Makefile compatible with non-GNU make flavours will require a full rewrite of the Makefile, not sure if that's going to happen anytime soon. If somebody bothers to do it, you're welcome ;)

  1. Found that the issue may be due to OpenBSD not supporting realtime signals possibly. Issue Here

The remark in that issue is about a property of i3blocks, not about the build problem with make. I don't think this problem applies to tea, but what do I know ;) Would be nice if you can confirm tea is correctly working on your system (there's no meaningful testsuite currently, just try to run tea issues or similar).

-buildmode=pie not supported on openbsd/amd64

We can make that an optional flag, it's just a security enhancement, where memory adresses can get randomized. If this compilation flag blocks platform support, it should be optional for a not-that-sensitive application like tea.

compile instructions: make STATIC=true

The STATIC parameter is optional and defaults to false if omitted (maybe we should reflect that in the installation instructions).
STATIC=false should give you a similar result to the "hacky" invocation you used, can you try if that compiles on your system too?

Thanks for trying that out, I was already wondering how tricky it would be to run on openbsd ;) > `*** Parse error in /usr/obj/ports/tea: Need an operator in 'GO111MODULE=on' (Makefile:2)` It looks like having a Makefile compatible with non-GNU make flavours will require a full rewrite of the Makefile, not sure if that's going to happen anytime soon. If somebody bothers to do it, you're welcome ;) > 2. Found that the issue may be due to OpenBSD not supporting realtime signals possibly. Issue Here The remark in that issue is about a property of `i3blocks`, not about the build problem with make. I don't think this problem applies to tea, but what do I know ;) Would be nice if you can confirm `tea` is correctly working on your system (there's no meaningful testsuite currently, just try to run `tea issues` or similar). > `-buildmode=pie not supported on openbsd/amd64` We can make that an optional flag, it's just a security enhancement, where memory adresses can get randomized. If this compilation flag blocks platform support, it should be optional for a not-that-sensitive application like tea. > compile instructions: `make STATIC=true` The `STATIC` parameter is optional and defaults to false if omitted (maybe we should reflect that in the installation instructions). `STATIC=false` should give you a similar result to the "hacky" invocation you used, can you try if that compiles on your system too?
Author

Thanks for trying that out, I was already wondering how tricky it would be to run on openbsd ;)

*** Parse error in /usr/obj/ports/tea: Need an operator in 'GO111MODULE=on' (Makefile:2)

It looks like having a Makefile compatible with non-GNU make flavours will require a full rewrite of the Makefile, not sure if that's going to happen anytime soon. If somebody bothers to do it, you're welcome ;)

Agreed. I am definitely looking to contribute it at some point. Not that knowledgeable yet sadly. :(

  1. Found that the issue may be due to OpenBSD not supporting realtime signals possibly. Issue Here

The remark in that issue is about a property of i3blocks, not about the build problem with make. I don't think this problem applies to tea, but what do I know ;) Would be nice if you can confirm tea is correctly working on your system (there's no meaningful testsuite currently, just try to run tea issues or similar).

I logged in to both Codeberg and Gitea.com
Issues and pulls are listed fine.
I cant see repository info in yours and another one i tried though for some reason.
I love the layout btw :)

-buildmode=pie not supported on openbsd/amd64

We can make that an optional flag, it's just a security enhancement, where memory adresses can get randomized. If this compilation flag blocks platform support, it should be optional for a not-that-sensitive application like tea.

compile instructions: make STATIC=true

The STATIC parameter is optional and defaults to false if omitted (maybe we should reflect that in the installation instructions).
STATIC=false should give you a similar result to the "hacky" invocation you used, can you try if that compiles on your system too?

You are correct. It compiles fine with just gmake.
The hacky way was about removing pie from the Makefile btw.

> Thanks for trying that out, I was already wondering how tricky it would be to run on openbsd ;) > > > `*** Parse error in /usr/obj/ports/tea: Need an operator in 'GO111MODULE=on' (Makefile:2)` > > It looks like having a Makefile compatible with non-GNU make flavours will require a full rewrite of the Makefile, not sure if that's going to happen anytime soon. If somebody bothers to do it, you're welcome ;) Agreed. I am definitely looking to contribute it at some point. Not that knowledgeable yet sadly. :( > > > 2. Found that the issue may be due to OpenBSD not supporting realtime signals possibly. Issue Here > > The remark in that issue is about a property of `i3blocks`, not about the build problem with make. I don't think this problem applies to tea, but what do I know ;) Would be nice if you can confirm `tea` is correctly working on your system (there's no meaningful testsuite currently, just try to run `tea issues` or similar). I logged in to both Codeberg and Gitea.com Issues and pulls are listed fine. I cant see repository info in yours and another one i tried though for some reason. I love the layout btw :) > > > `-buildmode=pie not supported on openbsd/amd64` > > We can make that an optional flag, it's just a security enhancement, where memory adresses can get randomized. If this compilation flag blocks platform support, it should be optional for a not-that-sensitive application like tea. > > > compile instructions: `make STATIC=true` > > The `STATIC` parameter is optional and defaults to false if omitted (maybe we should reflect that in the installation instructions). > `STATIC=false` should give you a similar result to the "hacky" invocation you used, can you try if that compiles on your system too? You are correct. It compiles fine with just gmake. The hacky way was about removing pie from the Makefile btw.
Author

testing comment from OpenBSD

Uploading stuff works :)

testing comment from OpenBSD Uploading stuff works :)
Member

@msavoritias In #437 I simplified the build options and added an exception for OpenBSD wrt -buildmode=pie, so that builds with gmake on openbsd should turn out fine.

Some more or less interesting facts about those go flags:


I also experimented a bit with pledge & unveil:

I worked out some pledge promises that seem to work, but I'm not confident yet wrt the external editor we launch (for tea pr review and interactive multiline prompts). It might violate those pledges (the pledge also applies to execve'd subprocesses right?)

Adding unveil will be more tricky, as we need to change code to generate random /tmp paths before using them. Issue is, that we have dependencies that create tmpfiles with randomized names, not sure how to handle that, if at all.

@msavoritias In #437 I simplified the build options and added an exception for OpenBSD wrt `-buildmode=pie`, so that builds with gmake on openbsd should turn out fine. Some more or less interesting facts about those go flags: - It turns out that `-buildmode=pie` very likely could be trivially supported on OpenBSD, [but nobody sent the patch](https://github.com/golang/go/issues/20508#issuecomment-346708910). - In some upcoming go version `-buildmode=pie` [will imply a security enhanced buildmode including full RELRO](https://go-review.googlesource.com/c/go/+/312509). --- I also experimented a bit with [pledge](https://gitea.com/noerw/tea/commit/5876826d8c4b2f00aa0becb38993c812a5ad1a6e) & [unveil](https://gitea.com/noerw/tea/commit/f12cee0d42b777cefdf9ac0d1f031306a196e2fe): I worked out some pledge promises that seem to work, but I'm not confident yet wrt the external editor we launch (for `tea pr review` and interactive multiline prompts). It might violate those pledges (the pledge also applies to execve'd subprocesses right?) Adding unveil will be more tricky, as we need to change code to generate random `/tmp` paths before using them. Issue is, that we have dependencies that create tmpfiles with randomized names, not sure how to handle that, if at all.
noerw changed title from OpenBSD Support to Improved OpenBSD support 2021-12-03 13:50:55 +00:00
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/tea#436
No description provided.