tags 853751 + patch user helmutg@debian.org usertags 853751 + rebootstrap thanks Hi, This bug has become important, since src:unbound became part of the build-essential closure (due to Build-Depends of gnutls28). So this is now a blocking issue for rebootstrapping kfreebsd and hurd. Andreas Beckmann wrote: > unbound FTBFS on hurd-i386 and kfreebsd-* due to usage of linux specific > headers linux/types.h and sys/mount.h: This is still the case in sid: https://buildd.debian.org/status/fetch.php?pkg=unbound&arch=hurd-i386&ver=1.6.0-2&stamp=1482097724&raw=0 https://buildd.debian.org/status/fetch.php?pkg=unbound&arch=kfreebsd-amd64&ver=1.6.0-2&stamp=1482453042&raw=0 https://buildd.debian.org/status/fetch.php?pkg=unbound&arch=kfreebsd-i386&ver=1.6.0-2&stamp=1482578818&raw=0 | compat/getentropy_linux.c:56:25: fatal error: linux/types.h: No such file or directory The reason is, unbound requires an arc4random(3) implementation. For platforms not having that in their libc, it bundles its own embedded code copy (in compat/) but that only supports Linux, OS/X and Solaris. We have in Debian a good arc4random(3) implementation provided by libbsd, which is already ported to all architectures. Please use it on kfreebsd and hurd, at least. I've attached a patch to do exactly that, and fixes the current FTBFS there. (It was necessary that the LDFLAGS of libbsd-overlay.pc come *before* -Wl,--as-needed, or else the AC_REPLACE_FUNCS configure checks fail -- I'm not sure what is the reason for that?) You could perhaps use libbsd unconditionally - on linux arches too - and then the copy in compat/ would no longer be used. There is a long history of software embedding copies of arc4random, and then forgetting to maintain them. There is a longer discussion of that here: https://wiki.debian.org/arc4random I hold the opinion that packages should use the libbsd implementation whereever possible, and then in Debian we would only need to maintain it in one place, to the benefit of all reverse-deps. Many thanks, Regards, -- Steven Chamberlain steven@pyro.eu.org
diff --git a/configure.ac b/configure.ac index d850539..f83f003 100644 --- a/configure.ac +++ b/configure.ac @@ -674,6 +674,14 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform,reallocarray]) else AC_MSG_RESULT([no]) + + # Otherwise see if libbsd can provide these functions + AC_CHECK_DECLS([strlcpy,strlcat], [], [], [ +#include <string.h> +]) + AC_CHECK_DECLS([arc4random,arc4random_uniform,reallocarray], [], [], [ +#include <stdlib.h> +]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1]) diff --git a/debian/rules b/debian/rules index f978494..ede0d90 100755 --- a/debian/rules +++ b/debian/rules @@ -14,6 +14,12 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk +ifneq ($(DEB_HOST_ARCH_OS), linux) +# libbsd can provide strlcpy, strlcat, arc4random*, reallocarray +CFLAGS += $(shell pkg-config --cflags libbsd-overlay) +LDFLAGS += $(shell pkg-config --libs libbsd-overlay) +endif + clean: dh_autotools-dev_restoreconfig dh_autoreconf_clean @@ -31,7 +37,7 @@ binary-arch: build ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) # first build -- build unbound daemon PYTHON_VERSION="$(shell py3versions -vd)" \ - CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS) -Wl,--as-needed" \ dh_auto_configure -- \ --disable-rpath \ --with-pidfile=/run/unbound.pid \ @@ -48,7 +54,7 @@ ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) endif # second build -- build libunbound only, against nettle - CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS) -Wl,--as-needed" \ dh_auto_configure -- \ --disable-rpath \ --with-libunbound-only \ @@ -67,7 +73,7 @@ endif ifneq (,$(filter python-unbound,$(DOPACKAGES))) # third build - pyunbound for Python 2 PYTHON_VERSION="$(shell pyversions -vd)" \ - CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS) -Wl,--as-needed" \ dh_auto_configure -- \ --disable-rpath \ --with-pythonmodule \ @@ -86,7 +92,7 @@ endif ifneq (,$(filter python3-unbound,$(DOPACKAGES))) # fourth build - pyunbound for Python 3 PYTHON_VERSION="$(shell py3versions -vd)" \ - CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS) -Wl,--as-needed" \ dh_auto_configure -- \ --disable-rpath \ --with-pythonmodule \
Attachment:
signature.asc
Description: Digital signature