Re: ERROR: [...] missing RELRO

[nia <nia%NetBSD.org@localhost>]

On Fri, Oct 01, 2021 at 03:08:57PM +0200, Hauke Fath wrote:
> Hi,
> 
> one more of these things that just get dropped on pkgsrc by 
> well-meaning people: RELRO.
> 
> The search engine of least contempt spits out 
> <https://wiki.netbsd.org/pkgsrc/hardening/>, which has a terse 
> PKGSRC_USE_RELRO chapter. It doesn't bother to explain the acronym; a 
> link to a 2008 page results in a Google login, and is obscure enough 
> not to be known by archive.org.
> 
> If RELRO has been discussed on pkg-{tech,users}@, it didn't show up.
> 
> My question: If a package build errors out because of RELRO 
> (net/netatalk22), how can it be fixed, or exempted from the check?
> 
> Cheerio,
> Hauke

Hello, the well meaning person was me :)
If you want an explanation of RELRO, this one is _really_ good:
https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro

I believe the problem with netatalk22 is that it's installing
static libraries to libexec/. This is not typically expected.

The check-relro script is expecting that the static libraries are
executables, checking for the RELRO linker flags, but of course...
Static libraries aren't linked.

In this case, I will be adding CHECK_RELRO_SKIP to netatalk22.
Thanks for the report!