Bug#1076932: webdis: FTBFS: src/client.h:6:10: fatal error: http_parser.h: No such file or directory

Fri, 26 Jul 2024 10:51:13 -0700 

On Wed, Jul 24, 2024 at 12:50:20PM GMT, Santiago Vila wrote:
> During a rebuild of all packages in unstable, your package failed to build:
> 
> --------------------------------------------------------------------------------
> [...]
>  debian/rules binary
> dh binary
>    dh_update_autotools_config
>    dh_autoreconf
>    dh_auto_configure
>    debian/rules override_dh_auto_build
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> dh_auto_build
>       make -j2 "INSTALL=install --strip-program=true"
> make[2]: Entering directory '/<<PKGBUILDDIR>>'
> cc -c -g -O2 -Werror=implicit-function-declaration 
> -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong 
> -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
> -DMSGPACK=1 -o src/webdis.o src/webdis.c
> cc -c -g -O2 -Werror=implicit-function-declaration 
> -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong 
> -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
> -DMSGPACK=1 -o src/cmd.o src/cmd.c
> In file included from src/cmd.c:4:
> src/client.h:6:10: fatal error: http_parser.h: No such file or directory
>     6 | #include "http_parser.h"
>       |          ^~~~~~~~~~~~~~~

Nothing has changed in the packaging since it last successfully built,
so I used debbisect to narrow down the problem to the dpkg 1.22.7
upload.

With dpkg 1.22.6, webdis builds fine because the CFLAGS that are defined
in debian/rules (in particular the -I options) are picked up by the
upstream build:

        make -j6 "INSTALL=install --strip-program=true"
    make[2]: Entering directory '/<<PKGBUILDDIR>>'
    cc -c -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
-Wdate-time -D_FORTIFY_SOURCE=2 -Isrc -Isrc/http-parser -DMSGPACK=1 -o 
src/webdis.o src/webdis.c

However, with dpkg 1.22.7 we see a very different command being used to
compile:

        make -j2 "INSTALL=install --strip-program=true"
    make[2]: Entering directory '/<<PKGBUILDDIR>>'
    cc -c -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
-DMSGPACK=1 -o src/webdis.o src/webdis.c

It's missing "-Wdate-time -D_FORTIFY_SOURCE=2" and the include
directories.

The relevant lines from debian/rules are

    export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow
    include /usr/share/dpkg/buildflags.mk
    CFLAGS += $(CPPFLAGS)
    export CFLAGS += -Isrc -Isrc/http-parser

Maybe this package is trying to use the dpkg-provided build flags
incorrectly, but I've seen this pattern in a number of places.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

Reply via email to