Newest at the top
| 2024-05-02 18:39:02 +0200 | <hseg> | (eg am depending on cabal/stack for dependency resolution) |
| 2024-05-02 18:38:50 +0200 | <hseg> | but not for much else |
| 2024-05-02 18:38:45 +0200 | <hseg> | yeah, so I integrate my haskell-related stuff *slightly* in arch so pacman can track the files |
| 2024-05-02 18:38:17 +0200 | <hseg> | just missed your last three messages |
| 2024-05-02 18:36:35 +0200 | <tomsmeding> | logs link in topic if necessary |
| 2024-05-02 18:36:21 +0200 | <tomsmeding> | O.o |
| 2024-05-02 18:36:16 +0200 | <hseg> | Apologies, computer crashed |
| 2024-05-02 18:36:06 +0200 | hseg | (~gesh@77.137.75.224) |
| 2024-05-02 18:35:59 +0200 | <tomsmeding> | bye :p |
| 2024-05-02 18:35:45 +0200 | hseg | (~gesh@77.137.75.224) (Read error: Connection reset by peer) |
| 2024-05-02 18:34:19 +0200 | <tomsmeding> | "cabal install cabal-fmt" |
| 2024-05-02 18:34:16 +0200 | <tomsmeding> | hseg: that's what everyone here does, ignore anything haskell-related in the arch package repository and just use cabal/stack/whatever |
| 2024-05-02 18:33:24 +0200 | <int-e> | But I imagine you can still build GHC such that it builds the base libraries with -fPIE. So that's the tangent I'm on right now... but it will take a while to try. |
| 2024-05-02 18:33:18 +0200 | <hseg> | int-e: indeed, which is why I've been building all my haskell programs statically on Arch, sidestepping their entire haskell ecosystem |
| 2024-05-02 18:32:48 +0200 | <tomsmeding> | the answer seems to be, nothing is set up for that so you're on your own? |
| 2024-05-02 18:32:24 +0200 | <tomsmeding> | hseg's question now is "even if I link statically, can I at least get the security benefits of PIE" |
| 2024-05-02 18:32:19 +0200 | <int-e> | <s>Ask me about Arch</s> |
| 2024-05-02 18:32:10 +0200 | <tomsmeding> | we've gone over that :) |
| 2024-05-02 18:31:59 +0200 | <int-e> | The reason why Haskell libraries are generally linked statically is that there's no ABI compatibility between recompiled versions of the same library. |
| 2024-05-02 18:31:55 +0200 | <tomsmeding> | but yeah sorry, I thought I knew enough to help but I don't |
| 2024-05-02 18:31:14 +0200 | <int-e> | hseg: I'm on my own tangent which may or may not intersect with yours, sorry. |
| 2024-05-02 18:31:06 +0200 | <hseg> | ah |
| 2024-05-02 18:30:51 +0200 | <tomsmeding> | int-e was referring to the -fPIE note |
| 2024-05-02 18:30:34 +0200 | <hseg> | I'm confused -- why is it linking statically? |
| 2024-05-02 18:30:31 +0200 | tomsmeding | gives up |
| 2024-05-02 18:30:19 +0200 | califax | (~califax@user/califx) (Remote host closed the connection) |
| 2024-05-02 18:29:56 +0200 | <tomsmeding> | I see |
| 2024-05-02 18:29:40 +0200 | <int-e> | That's when trying to link statically; with -dynamic -pie I get a PIE executable that's dynamically linked. (Just a simple hello world, no `cabal` involved) |
| 2024-05-02 18:28:43 +0200 | euleritian | (~euleritia@dynamic-176-001-008-240.176.1.pool.telefonica.de) |
| 2024-05-02 18:28:30 +0200 | noumenon | (~noumenon@113.51-175-156.customer.lyse.net) (Read error: Connection reset by peer) |
| 2024-05-02 18:27:41 +0200 | <hseg> | https://0x0.st/XX23.txt |
| 2024-05-02 18:27:17 +0200 | euleritian | (~euleritia@dynamic-176-001-008-240.176.1.pool.telefonica.de) (Read error: Connection reset by peer) |
| 2024-05-02 18:27:17 +0200 | <int-e> | And the trouble you'll run into is that the base libraries won't be compiled with the requisite -fPIE flag. |
| 2024-05-02 18:25:15 +0200 | euleritian | (~euleritia@dynamic-176-001-008-240.176.1.pool.telefonica.de) |
| 2024-05-02 18:25:14 +0200 | <tomsmeding> | I added a non-boot dependency to be sure that that works too, in principle |
| 2024-05-02 18:25:01 +0200 | <tomsmeding> | I can compile an executable that gives the aforementioned string in file(1) output with just `-pie -dynamic`, nothing else |
| 2024-05-02 18:24:54 +0200 | <hseg> | tried --ghc-options='-pie -fPIE', didn't work |
| 2024-05-02 18:24:31 +0200 | <int-e> | s/--enable-shared/-fPIE/ I think (different from -pie, you need that for linking) |
| 2024-05-02 18:24:29 +0200 | euleritian | (~euleritia@ip4d16fc38.dynamic.kabel-deutschland.de) (Ping timeout: 240 seconds) |
| 2024-05-02 18:23:50 +0200 | <hseg> | testing... |
| 2024-05-02 18:23:35 +0200 | <tomsmeding> | don't even need the --enable-shared |
| 2024-05-02 18:23:11 +0200 | <tomsmeding> | try cabal configure --enable-shared --ghc-options='-pie -dynamic' |
| 2024-05-02 18:23:01 +0200 | <tomsmeding> | hseg: is 'ELF 64-bit LSB pie executable' in file(1) output what you're looking for? |
| 2024-05-02 18:19:19 +0200 | chele | (~chele@user/chele) (Remote host closed the connection) |
| 2024-05-02 18:19:15 +0200 | yin | (~yin@user/zero) |
| 2024-05-02 18:19:07 +0200 | <hseg> | in any case, that does put pie and relro back on the table for me |
| 2024-05-02 18:17:50 +0200 | machinedgod | (~machinedg@d173-183-246-216.abhsia.telus.net) (Ping timeout: 245 seconds) |
| 2024-05-02 18:17:03 +0200 | <hseg> | have they given up on ASLR for haskell? |
| 2024-05-02 18:16:54 +0200 | <hseg> | on dynamic linking, yes |
| 2024-05-02 18:15:49 +0200 | <tomsmeding> | debian has given up on that for haskell apparently https://wiki.debian.org/StaticLinking#Haskell |