HEADS UP: llvm 12 in base
14 views
Skip to first unread message
Shawn Webb
Jun 15, 2021, 8:14:42 PM6/15/21
to HardenedBSD Users
Hey all,
This is just a quick note for those that follow and build themselves
HardenedBSD 14-CURRENT/amd64. No need to read on if you use 13-STABLE,
12-STABLE, or 14-CURRENT/arm64.
FreeBSD's commit d409305fa3838fb39b38c26fc085fb729b8766d5, made on
Monday, the 26th of April 2021, upgraded llvm in base from 11 to 12.
The llvm project made changes to its IR bitcode format that landed
in version 12.
We currently use most (all?) of the llvm compiler toolchain tools in
HardenedBSD, including llvm-ar. FreeBSD's self-hosted build framework
for building the OS relies on a "compiler toolchain bootstrap" method
that brings in the newer toolchain libraries and applications. Since
FreeBSD does not use llvm-ar, this particular tool is missing in the
bootstrapped set of tools. Thus, when building HardenedBSD, we rely on
the pre-installed llvm-ar rather than one built during the bootstrap.
The use of the new (bootstrapped) compiler and the old (system)
llvm-ar breaks the build when compiling base libraries with LTO (which
we recently enabled by default on 14-CURRENT/amd64. Effectively, the
bootstrapped clang, at version 12, outputs LLVM IR object files that
the system llvm-ar, at version 11, doesn't understand. That lack of
understanding causes the build to fail.
I'm actively working on this issue[1]. The proper solution will be to
bring llvm-ar into the bootstrapped toolchain. As much as I want to
say "this should be easy," a cursory glance proves that it may be more
involved.
In the meantime, what users tracking 14-CURRENT/amd64 can do is do a
one-off build with WITHOUT_LTOLIB set in src.conf(5). After that
one-off build is completed and installed, users can build as normal.
I'm working on bringing our binary update server up-to-date with this
process such that users who normally build from source can do a
one-off `hbsd-update` to get the new version of the llvm compiler
toolchain components.
Please let me know if you have any questions, comments, or concerns.
[1]: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/56
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
This is just a quick note for those that follow and build themselves
HardenedBSD 14-CURRENT/amd64. No need to read on if you use 13-STABLE,
12-STABLE, or 14-CURRENT/arm64.
FreeBSD's commit d409305fa3838fb39b38c26fc085fb729b8766d5, made on
Monday, the 26th of April 2021, upgraded llvm in base from 11 to 12.
The llvm project made changes to its IR bitcode format that landed
in version 12.
We currently use most (all?) of the llvm compiler toolchain tools in
HardenedBSD, including llvm-ar. FreeBSD's self-hosted build framework
for building the OS relies on a "compiler toolchain bootstrap" method
that brings in the newer toolchain libraries and applications. Since
FreeBSD does not use llvm-ar, this particular tool is missing in the
bootstrapped set of tools. Thus, when building HardenedBSD, we rely on
the pre-installed llvm-ar rather than one built during the bootstrap.
The use of the new (bootstrapped) compiler and the old (system)
llvm-ar breaks the build when compiling base libraries with LTO (which
we recently enabled by default on 14-CURRENT/amd64. Effectively, the
bootstrapped clang, at version 12, outputs LLVM IR object files that
the system llvm-ar, at version 11, doesn't understand. That lack of
understanding causes the build to fail.
I'm actively working on this issue[1]. The proper solution will be to
bring llvm-ar into the bootstrapped toolchain. As much as I want to
say "this should be easy," a cursory glance proves that it may be more
involved.
In the meantime, what users tracking 14-CURRENT/amd64 can do is do a
one-off build with WITHOUT_LTOLIB set in src.conf(5). After that
one-off build is completed and installed, users can build as normal.
I'm working on bringing our binary update server up-to-date with this
process such that users who normally build from source can do a
one-off `hbsd-update` to get the new version of the llvm compiler
toolchain components.
Please let me know if you have any questions, comments, or concerns.
[1]: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/56
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
0 new messages