subject:"Bug#946396\: Missing fcrypt causes Lintian test failure"

Bug#946396: Missing fcrypt causes Lintian test failure

2020-01-05 Thread Aurelien Jarno

On 2020-01-05 09:43, Felix Lechner wrote:
> Hi Aurelien,
> 
> On Sun, Dec 8, 2019 at 3:08 PM Aurelien Jarno  wrote:
> >
> > Hi,
> >
> > On 2019-12-07 13:42, Felix Lechner wrote:
> > > Hi,
> > >
> > > Starting in `libc6 2.29-5`, the Lintian test
> > > `t/tags/checks/binaries/binaries-obsolete-des` fails in `unstable`:
> > >
> > > cc -g -O2 
> > > -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> > > -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro
> > > -Wl,-z,now uses-fcrypt.o -o uses-fcrypt -lcrypt
> > > /usr/bin/ld: uses-fcrypt.o: in function `main':
> > > ./uses-fcrypt.c:19: undefined reference to `fcrypt'
> > > collect2: error: ld returned 1 exit status
> > > make[2]: *** [Makefile:34: uses-fcrypt] Error 1
> >
> > Sorry about breaking lintian with that change.
> 
> Your suggestion worked great for two weeks, but now the fix for
> #946396 seems to have broken it again. As you can see from this build
> log, libcrypt-dev is installed in unstable, but not libcrypt1-dev:
> 
> https://salsa.debian.org/lintian/lintian/-/jobs/484947/raw
> 
> > > Perhaps is it time to remove the test (and the tag
> > > `obsolete-des-encryption`). Was `fcrypt` dropped entirely, or is it
> > > still provided by `libcrypt`?
> >
> > Yes, fcrypt is still provided by libcrypt, and like libc it is
> > not available to newly linked binaries, just for old binaries. That's
> > why you need some tricks to link against it.
> >
> > > I do not understand the impact of this commit:
> > >
> > > 
> > > https://salsa.debian.org/glibc-team/glibc/commit/e1dc23943b0a5c9e0612f8e1364a37f12b6710ef
> > >
> > > Here is the code that did not link:
> > >
> > > /* This program uses the obsolete function 'fcrypt',
> > >which is an alias for 'crypt'.  */
> > >
> > > #include 
> > > #include 
> > >
> > > /* The prototype may already have been removed from crypt.h.  */
> > > extern char *fcrypt(const char *, const char *);
> > >
> > > /* It may already not be possible to link new programs that use
> > >'fcrypt' without special magic.  */
> > > #ifdef SYMVER
> > > __asm__ (".symver fcrypt, fcrypt@" SYMVER);
> > > #endif
> > >
> > > int
> > > main(void)
> > > {
> > > puts(fcrypt("password", "Dn"));
> > > return 0;
> > > }
> >
> > The code itself works. However for that it needs to have SYMVER defined
> > to the correct version. This is done in the Makefile, and it assumes
> > that libcrypto.so is provided by libc6. The following patch makes the
> > code to link correctly:
> >
> > --- t/tags/checks/binaries/binaries-obsolete-des/orig/Makefile.orig 
> > 2019-12-08 23:05:20.520887001 +
> > +++ t/tags/checks/binaries/binaries-obsolete-des/orig/Makefile  2019-12-08 
> > 23:05:11.092888400 +
> > @@ -5,7 +5,7 @@
> >  # around, but we have to know the exact "symbol version" associated with
> >  # the obsolete functions, which has to be dug out of libcrypt.so with nm.
> >
> > -LIBCRYPT_FILE := $(shell dpkg -L libc6-dev | grep 'libcrypt\.so$$')
> > +LIBCRYPT_FILE := $(shell dpkg -L libcrypt1-dev | grep 'libcrypt\.so$$')
> >  SYMVER := $(shell nm --dynamic --with-symbol-versions $(LIBCRYPT_FILE) | \
> >  grep ' setkey@' | cut -d@ -f2)
> 
> Because the package libcrypt1-dev is not installed in unstable (only
> libcrypt-dev is), your suggestion now errors out with:
> 
>dh_auto_build
> make -j1 "INSTALL=install --strip-program=true"
> make[2]: Entering directory
> '/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0'
> dpkg-query: package 'libcrypt1-dev' is not installed
> Use dpkg --contents (= dpkg-deb --contents) to list archive files contents.
> nm: 'a.out': No such file
> : update target 'uses-fcrypt.o' due to: uses-fcrypt.c
> cc -g -O2 
> -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
> -D_FORTIFY_SOURCE=2 -USYMVER  -c -o uses-fcrypt.o uses-fcrypt.c
> Makefile:38: update target 'uses-fcrypt' due to: uses-fcrypt.o
> cc -g -O2 
> -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro
> -Wl,-z,now uses-fcrypt.o -o uses-fcrypt -lcrypt
> /usr/bin/ld: uses-fcrypt.o: in function `main':
> ./uses-fcrypt.c:19: undefined reference to `fcrypt'
> collect2: error: ld returned 1 exit status
> make[2]: *** [Makefile:38: uses-fcrypt] Error 1
> 
> Is the solution to replace libcrypt1-dev in your suggestion in the
> Makefile with libcrypt-dev?

Yes, at the end libcrypt1-dev has been removed into libcrypt-dev, so
this is the right thing to do. I don't think you need to keep
libcrypt1-dev in your check, now that everything has been migrated to
testing, I

Bug#946396: Missing fcrypt causes Lintian test failure

2020-01-05 Thread Felix Lechner

Hi Aurelien,

On Sun, Dec 8, 2019 at 3:08 PM Aurelien Jarno  wrote:
>
> Hi,
>
> On 2019-12-07 13:42, Felix Lechner wrote:
> > Hi,
> >
> > Starting in `libc6 2.29-5`, the Lintian test
> > `t/tags/checks/binaries/binaries-obsolete-des` fails in `unstable`:
> >
> > cc -g -O2 
> > -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> > -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro
> > -Wl,-z,now uses-fcrypt.o -o uses-fcrypt -lcrypt
> > /usr/bin/ld: uses-fcrypt.o: in function `main':
> > ./uses-fcrypt.c:19: undefined reference to `fcrypt'
> > collect2: error: ld returned 1 exit status
> > make[2]: *** [Makefile:34: uses-fcrypt] Error 1
>
> Sorry about breaking lintian with that change.

Your suggestion worked great for two weeks, but now the fix for
#946396 seems to have broken it again. As you can see from this build
log, libcrypt-dev is installed in unstable, but not libcrypt1-dev:

https://salsa.debian.org/lintian/lintian/-/jobs/484947/raw

> > Perhaps is it time to remove the test (and the tag
> > `obsolete-des-encryption`). Was `fcrypt` dropped entirely, or is it
> > still provided by `libcrypt`?
>
> Yes, fcrypt is still provided by libcrypt, and like libc it is
> not available to newly linked binaries, just for old binaries. That's
> why you need some tricks to link against it.
>
> > I do not understand the impact of this commit:
> >
> > 
> > https://salsa.debian.org/glibc-team/glibc/commit/e1dc23943b0a5c9e0612f8e1364a37f12b6710ef
> >
> > Here is the code that did not link:
> >
> > /* This program uses the obsolete function 'fcrypt',
> >which is an alias for 'crypt'.  */
> >
> > #include 
> > #include 
> >
> > /* The prototype may already have been removed from crypt.h.  */
> > extern char *fcrypt(const char *, const char *);
> >
> > /* It may already not be possible to link new programs that use
> >'fcrypt' without special magic.  */
> > #ifdef SYMVER
> > __asm__ (".symver fcrypt, fcrypt@" SYMVER);
> > #endif
> >
> > int
> > main(void)
> > {
> > puts(fcrypt("password", "Dn"));
> > return 0;
> > }
>
> The code itself works. However for that it needs to have SYMVER defined
> to the correct version. This is done in the Makefile, and it assumes
> that libcrypto.so is provided by libc6. The following patch makes the
> code to link correctly:
>
> --- t/tags/checks/binaries/binaries-obsolete-des/orig/Makefile.orig 
> 2019-12-08 23:05:20.520887001 +
> +++ t/tags/checks/binaries/binaries-obsolete-des/orig/Makefile  2019-12-08 
> 23:05:11.092888400 +
> @@ -5,7 +5,7 @@
>  # around, but we have to know the exact "symbol version" associated with
>  # the obsolete functions, which has to be dug out of libcrypt.so with nm.
>
> -LIBCRYPT_FILE := $(shell dpkg -L libc6-dev | grep 'libcrypt\.so$$')
> +LIBCRYPT_FILE := $(shell dpkg -L libcrypt1-dev | grep 'libcrypt\.so$$')
>  SYMVER := $(shell nm --dynamic --with-symbol-versions $(LIBCRYPT_FILE) | \
>  grep ' setkey@' | cut -d@ -f2)

Because the package libcrypt1-dev is not installed in unstable (only
libcrypt-dev is), your suggestion now errors out with:

   dh_auto_build
make -j1 "INSTALL=install --strip-program=true"
make[2]: Entering directory
'/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0'
dpkg-query: package 'libcrypt1-dev' is not installed
Use dpkg --contents (= dpkg-deb --contents) to list archive files contents.
nm: 'a.out': No such file
: update target 'uses-fcrypt.o' due to: uses-fcrypt.c
cc -g -O2 
-fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -USYMVER  -c -o uses-fcrypt.o uses-fcrypt.c
Makefile:38: update target 'uses-fcrypt' due to: uses-fcrypt.o
cc -g -O2 
-fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
-fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro
-Wl,-z,now uses-fcrypt.o -o uses-fcrypt -lcrypt
/usr/bin/ld: uses-fcrypt.o: in function `main':
./uses-fcrypt.c:19: undefined reference to `fcrypt'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:38: uses-fcrypt] Error 1

Is the solution to replace libcrypt1-dev in your suggestion in the
Makefile with libcrypt-dev?

Kind regards
Felix Lechner

Bug#946396: Missing fcrypt causes Lintian test failure

Bug#946396: Missing fcrypt causes Lintian test failure

2 matches

Site Navigation

Mail list logo

Footer information