Bug#1069410: efitools: FTBFS on arm64: make[1]: *** [Make.rules:130: HelloWorld-signed.efi] Error 1

To: 1069410@bugs.debian.org
Subject: Bug#1069410: efitools: FTBFS on arm64: make[1]: *** [Make.rules:130: HelloWorld-signed.efi] Error 1
From: Gianfranco Costamagna <locutusofborg@debian.org>
Date: Tue, 15 Oct 2024 09:27:52 +0200
Message-id: <[🔎] e266cef4-1060-4561-aa02-bcff584d9d1a@debian.org>
Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>, 1069410@bugs.debian.org
References: <e266cef4-1060-4561-aa02-bcff584d9d1a.ref@debian.org> <ZiOurFWLayNsxyfh@grub.nussbaum.fr>

Hello, I found a patch in Ubuntu archive, unfortunately the patch is really huge, and I'm not confident to just upload it because
it also drops some support.

I'm attaching the diff file.

Gianfranco

diff -Nru efitools-1.9.2/debian/changelog efitools-1.9.2/debian/changelog
--- efitools-1.9.2/debian/changelog	2024-09-27 16:09:33.000000000 +0200
+++ efitools-1.9.2/debian/changelog	2024-10-15 09:19:03.000000000 +0200
@@ -1,3 +1,16 @@
+efitools (1.9.2-3.2) unstable; urgency=low
+
+  * Non-maintainer upload
+
+  [ Aaron Rainbolt ]
+  * Cherrypick patch from Chris to fix generating ESL for SBAT binaries.
+  * Use --no-parallel switch with dh to avoid potential build failures.
+
+  [ Mate Kukri ]
+  * Fix FTBFS (LP: #2083030)
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 15 Oct 2024 09:19:03 +0200
+
 efitools (1.9.2-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch
--- efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch	1970-01-01 01:00:00.000000000 +0100
+++ efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch	2024-09-27 14:27:39.000000000 +0200
@@ -0,0 +1,240 @@
+Description: Fix FTBFS
+ - Remove redefintions of __STDC_VERSION__
+ - Add _XOPEN_SOURCE=700 to expose some APIs being used
+ - Remove dangerous usage of mktemp and sscanf
+ - Use standard C types over non-standard aliases
+ - Remove CFLAGS disabling mitigations
+ - Stop building EFI binaries
+Author: Mate Kukri <mate.kukri@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/efitools/+bug/2083030
+Last-Update: 2024-09-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/Make.rules
++++ b/Make.rules
+@@ -17,7 +17,7 @@
+ endif
+ INCDIR	   = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
+ CPPFLAGS   = -DCONFIG_$(ARCH)
+-CFLAGS	   = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
++CFLAGS	   = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700
+ LDFLAGS	   = -nostdlib
+ CRTOBJ		= crt0-efi-$(ARCH).o
+ CRTPATHS	= /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi
+--- a/cert-to-efi-sig-list.c
++++ b/cert-to-efi-sig-list.c
+@@ -6,7 +6,6 @@
+ 
+ 
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/efi-keytool.c
++++ b/efi-keytool.c
+@@ -15,7 +15,6 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/efi-readvar.c
++++ b/efi-readvar.c
+@@ -17,7 +17,6 @@
+ 
+ #include <openssl/x509.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/efi-updatevar.c
++++ b/efi-updatevar.c
+@@ -11,6 +11,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <strings.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+@@ -20,7 +21,6 @@
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/flash-var.c
++++ b/flash-var.c
+@@ -10,7 +10,6 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <version.h>
+--- a/hash-to-efi-sig-list.c
++++ b/hash-to-efi-sig-list.c
+@@ -4,7 +4,6 @@
+  * see COPYING file
+  */
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/lib/kernel_efivars.c
++++ b/lib/kernel_efivars.c
+@@ -16,7 +16,6 @@
+ #include <unistd.h>
+ #include <time.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+@@ -29,54 +28,39 @@
+ void
+ kernel_variable_init(void)
+ {
+-	char fname[] = "/tmp/efi.XXXXXX";
+-	char cmdline[256];
+-	int fd, ret;
+-	struct stat st;
+-	char *buf;
+-
+-	if (kernel_efi_path)
+-		return;
+-	mktemp(fname);
+-	snprintf(cmdline, sizeof(cmdline), "mount -l > %s", fname);
+-	ret = system(cmdline);
+-	if (WEXITSTATUS(ret) != 0)
+-		/* hopefully stderr said what was wrong */
+-		exit(1);
+-	fd = open(fname, O_RDONLY);
+-	unlink(fname);
+-	if (fd < 0) {
+-		fprintf(stderr, "Failed to open output of %s\n", cmdline);
+-		exit(1);
+-	}
+-	if (fstat(fd, &st) < 0) {
+-		perror("stat failed");
+-		exit(1);
+-	}
+-	if (st.st_size == 0) {
+-		fprintf(stderr, "No efivarfs filesystem is mounted\n");
++	FILE *mount_l_fp = NULL;
++	char *path = NULL;
++	char *type = NULL;
++
++	mount_l_fp = popen("mount -l", "r");
++
++	if (mount_l_fp == NULL) {
++		fprintf(stderr, "Failed to get output of mount -l\n");
+ 		exit(1);
+ 	}
+-	buf = malloc(st.st_size);
+-	read(fd, buf, st.st_size);
+-	close(fd);
+-
+-	char *ptr = buf;
+-	char path[512], type[512];
+-	while (ptr < buf + st.st_size) {
+-		int count;
+-
+-		sscanf(ptr, "%*s on %s type %s %*[^\n]\n%n", path, type, &count);
+-		ptr += count;
+-		if (strcmp(type, "efivarfs") == 0)
++
++	while (fscanf(mount_l_fp, "%*s on %ms type %ms %*[^\n]\n", &path, &type) == 2) {
++		if (strcmp(type, "efivarfs") == 0) {
++			kernel_efi_path = strdup(path);
+ 			break;
++		}
++		free(path);
++		path = NULL;
++		free(type);
++		type = NULL;
+ 	}
+-	if (strcmp(type, "efivarfs") != 0) {
++
++	if (mount_l_fp != NULL)
++		pclose(mount_l_fp);
++	if (path != NULL)
++		free(path);
++	if (type != NULL)
++		free(type);
++
++	if (kernel_efi_path == NULL) {
+ 		fprintf(stderr, "No efivarfs filesystem is mounted\n");
+ 		exit(1);
+ 	}
+-	kernel_efi_path = malloc(strlen(path) + 1);
+-	strcpy(kernel_efi_path, path);
+ }
+ 
+ int
+--- a/sig-list-to-certs.c
++++ b/sig-list-to-certs.c
+@@ -4,7 +4,6 @@
+  * see COPYING file
+  */
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/sign-efi-sig-list.c
++++ b/sign-efi-sig-list.c
+@@ -4,7 +4,6 @@
+  * see COPYING file
+  */
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/lib/asn1/oid.h
++++ b/lib/asn1/oid.h
+@@ -11,11 +11,11 @@
+ #define OID_H_
+ 
+ typedef struct {
+-    u_char octet;
+-    u_int  next;
+-    u_int  down;
+-    u_int  level;
+-    const u_char *name;
++    unsigned char octet;
++    unsigned int  next;
++    unsigned int  down;
++    unsigned int  level;
++    const unsigned char *name;
+ } oid_t;
+ 
+ extern const oid_t oid_names[];
+--- a/Makefile
++++ b/Makefile
+@@ -30,15 +30,13 @@
+ 
+ EFISIGNED = $(patsubst %.efi,%-signed.efi,$(EFIFILES))
+ 
+-all: $(EFISIGNED) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
++all: $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
+ 	$(KEYUPDATEAUTH) $(KEYBLACKLISTAUTH) $(KEYHASHBLACKLISTAUTH)
+ 
+ 
+ install: all
+ 	$(INSTALL) -m 755 -d $(MANDIR)
+ 	$(INSTALL) -m 644 $(MANPAGES) $(MANDIR)
+-	$(INSTALL) -m 755 -d $(EFIDIR)
+-	$(INSTALL) -m 755 $(EFIFILES) $(EFIDIR)
+ 	$(INSTALL) -m 755 -d $(BINDIR)
+ 	$(INSTALL) -m 755 $(BINARIES) $(BINDIR)
+ 	$(INSTALL) -m 755 mkusb.sh $(BINDIR)/efitool-mkusb
diff -Nru efitools-1.9.2/debian/patches/sbat-compat.patch efitools-1.9.2/debian/patches/sbat-compat.patch
--- efitools-1.9.2/debian/patches/sbat-compat.patch	1970-01-01 01:00:00.000000000 +0100
+++ efitools-1.9.2/debian/patches/sbat-compat.patch	2023-11-21 05:39:12.000000000 +0100
@@ -0,0 +1,84 @@
+diff --git a/include/pecoff.h b/include/pecoff.h
+index 537d134..6ac57d1 100644
+--- a/include/pecoff.h
++++ b/include/pecoff.h
+@@ -1,7 +1,8 @@
+ #include <PeImage.h>
+ 
+ EFI_STATUS
+-pecoff_read_header(PE_COFF_LOADER_IMAGE_CONTEXT *context, void *data);
++pecoff_read_header(PE_COFF_LOADER_IMAGE_CONTEXT *context, void *data,
++		   UINTN size);
+ EFI_STATUS
+ pecoff_relocate(PE_COFF_LOADER_IMAGE_CONTEXT *context, void **data);
+ EFI_STATUS
+diff --git a/lib/pecoff.c b/lib/pecoff.c
+index 26d9dcf..96878b9 100644
+--- a/lib/pecoff.c
++++ b/lib/pecoff.c
+@@ -69,7 +69,7 @@
+ #include <buildefi.h>
+ 
+ EFI_STATUS
+-pecoff_read_header(PE_COFF_LOADER_IMAGE_CONTEXT *context, void *data)
++pecoff_read_header(PE_COFF_LOADER_IMAGE_CONTEXT *context, void *data, UINTN size)
+ {
+ 	EFI_IMAGE_DOS_HEADER *DosHdr = data;
+ 	EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data;
+@@ -116,7 +116,7 @@ pecoff_read_header(PE_COFF_LOADER_IMAGE_CONTEXT *context, void *data)
+ 	context->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+ 	context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));
+ 
+-	if (context->SecDir->VirtualAddress >= context->ImageSize) {
++	if (context->SecDir->VirtualAddress >= size) {
+ 		Print(L"Malformed security header\n");
+ 		return EFI_INVALID_PARAMETER;
+ 	}
+@@ -404,7 +404,7 @@ pecoff_execute_image(EFI_FILE *file, CHAR16 *name, EFI_HANDLE image,
+ 	}
+ 
+ 	Print(L"Read %d bytes from %s\n", DataSize, name);
+-	efi_status = pecoff_read_header(&context, buffer);
++	efi_status = pecoff_read_header(&context, buffer, DataSize);
+ 	if (efi_status != EFI_SUCCESS) {
+ 		Print(L"Failed to read header\n");
+ 		goto out;
+diff --git a/lib/pkcs7verify.c b/lib/pkcs7verify.c
+index 06701fd..2bdadbe 100644
+--- a/lib/pkcs7verify.c
++++ b/lib/pkcs7verify.c
+@@ -172,7 +172,7 @@ pkcs7verify_allow(VOID *data, UINTN len)
+ 	EFI_STATUS status;
+ 	int i;
+ 
+-	status = pecoff_read_header(&context, data);
++	status = pecoff_read_header(&context, data, len);
+ 	if (status != EFI_SUCCESS)
+ 		goto out;
+ 
+diff --git a/lib/sha256.c b/lib/sha256.c
+index 180fa16..9ca1c21 100644
+--- a/lib/sha256.c
++++ b/lib/sha256.c
+@@ -290,7 +290,7 @@ sha256_get_pecoff_digest_mem(void *buffer, UINTN DataSize,
+ 	 * filled to the end of the page */
+ 	DataSize = ALIGN_VALUE(DataSize, 8);
+ 
+-	efi_status = pecoff_read_header(&context, buffer);
++	efi_status = pecoff_read_header(&context, buffer, DataSize);
+ 	if (efi_status != EFI_SUCCESS) {
+ 		Print(L"Failed to read header\n");
+ 		return efi_status;
+diff --git a/lib/shim_protocol.c b/lib/shim_protocol.c
+index a735aa1..9ef4a20 100644
+--- a/lib/shim_protocol.c
++++ b/lib/shim_protocol.c
+@@ -13,7 +13,7 @@
+ static EFI_STATUS shimprotocol_context(void *data, unsigned int size,
+ 				       PE_COFF_LOADER_IMAGE_CONTEXT *context)
+ {
+-	return pecoff_read_header(context, data);
++	return pecoff_read_header(context, data, size);
+ }
+ 
+ static EFI_STATUS shimprotocol_verify(void *buffer, UINT32 size)
diff -Nru efitools-1.9.2/debian/patches/series efitools-1.9.2/debian/patches/series
--- efitools-1.9.2/debian/patches/series	2024-09-27 16:09:33.000000000 +0200
+++ efitools-1.9.2/debian/patches/series	2024-10-15 09:19:03.000000000 +0200
@@ -2,3 +2,5 @@
 fix-deps.patch
 allow-riscv64-build.patch
 efitools-add-build-support-for-loongarch64.patch
+sbat-compat.patch
+fix-ftbfs-lp2083030.patch
diff -Nru efitools-1.9.2/debian/rules efitools-1.9.2/debian/rules
--- efitools-1.9.2/debian/rules	2022-05-24 19:48:58.000000000 +0200
+++ efitools-1.9.2/debian/rules	2024-10-12 23:46:59.000000000 +0200
@@ -7,5 +7,6 @@
 override_dh_auto_install:
 	dh_auto_install -- EFIDIR="debian/efitools/usr/lib/efitools/${DEB_TARGET_MULTIARCH}"
 
+# Building 0.9.2 with parallel=8 failed.
 %:
-	dh $@
+	dh $@ --no-parallel

Reply to:

Prev by Date: fwupd_1.9.26-2_source.changes ACCEPTED into unstable
Next by Date: Processed: Re: efitools: please add support for loong64
Previous by thread: fwupd_1.9.26-2_source.changes ACCEPTED into unstable
Next by thread: Bug#1060031: efitools: please add support for loong64
Index(es):
- Date
- Thread