Sunday, August 23, 2009

Adventures in Gentoo Lisp, Part 1: Hardened Lisp

As part of my ongoing quest to make things as difficult for myself as possible, I recently upgraded my Gentoo laptop to the hardened toolchain. (Perhaps more on this later.)

At any rate, during my marathon post-upgrade rebuild of the entire system, only three packages failed to build: mplayer, openoffice, and gcl.  The first two I expected -- mplayer is a perpetual problem for hardened gcc, and openoffice's build fails if you look at it funny.  gcl grabbed my interest, not the least because I'd forgotten all about installing it a couple of months ago, and in the interm it'd been masked.

Just for kicks, I unmasked it and tried to rebuild anyway, and of course it failed.  The package doesn't even get through the configure stage if you have a hardened compiler, for a number of reasons.  Even GNU seems to have abandoned gcl about 4 years ago, so out it went. 

CMUCL doesn't run on my amd64, so let try SBCL. 

Slightly more success this time, in that the ebuild flat out told me to switch to a vanilla compiler and build it, in a more-or-less polite way:
* So-called "hardened" compiler features are incompatible with SBCL. You
* must use gcc-config to select a profile with non-hardened features
* (the "vanilla" profile) and "source /etc/profile" before continuing.
 Switching profiles allowed the build to complete, but still there was trouble:
platypus ~ # sbcl
mmap: wanted 1044480 bytes at 0x20000000, actually mapped at 0x70fca0123000
ensure_space: failed to validate 1044480 bytes at 0x20000000
(hint: Try "ulimit -a"; maybe you should increase memory limits.)
Fortunately I recognize these symptoms from the Hardened Gentoo project documentation as a PaX issue.  A bit of playing around with paxctl and I finally get the right magic word:
- PaX flags: -----m---e-r [sbcl]
        MPROTECT is disabled
        EMUTRAMP is disabled
        RANDMMAP is disabled
This gets sbcl up and running, but before we leave things this way, see if CLISP does any better.  I'd rather have the native compiler than the bytecode one, but eh, whichever works.  And, in fact, clisp compiles and builds right of the the box, making it apparently the only Hardened AMD64 friendly Lisp around.  And the one with the coolest splash screen, by the way:
- PaX flags: -------x---- [/usr/bin/clisp]
        RANDEXEC is disabled 

platypus ~ # clisp

  i i i i i i i       ooooo    o        ooooooo   ooooo   ooooo
  I I I I I I I      8     8   8           8     8     o  8    8
  I  \ `+' /  I      8         8           8     8        8    8
   \  `-+-'  /       8         8           8      ooooo   8oooo
    `-__|__-'        8         8           8           8  8
        |            8     o   8           8     o     8  8
  ------+------       ooooo    8oooooo  ooo8ooo   ooooo   8

Welcome to GNU CLISP 2.48 (2009-07-28) <http://clisp.cons.org/>
And now that I'm staring at a Lisp prompt again, looks like its time to head back to Practical Common Lisp and start reading.

Next Up: SLIME!

0 comments: