[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing fcrypt causes Lintian test failure

On 2020-01-05 09:43, Felix Lechner wrote:
> Hi Aurelien,
> 
> On Sun, Dec 8, 2019 at 3:08 PM Aurelien Jarno <aurelien@aurel32.net> wrote:
> >
> > Hi,
> >
> > On 2019-12-07 13:42, Felix Lechner wrote:
> > > Hi,
> > >
> > > Starting in `libc6 2.29-5`, the Lintian test
> > > `t/tags/checks/binaries/binaries-obsolete-des` fails in `unstable`:
> > >
> > > cc -g -O2 -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> > > -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro
> > > -Wl,-z,now uses-fcrypt.o -o uses-fcrypt -lcrypt
> > > /usr/bin/ld: uses-fcrypt.o: in function `main':
> > > ./uses-fcrypt.c:19: undefined reference to `fcrypt'
> > > collect2: error: ld returned 1 exit status
> > > make[2]: *** [Makefile:34: uses-fcrypt] Error 1
> >
> > Sorry about breaking lintian with that change.
> 
> Your suggestion worked great for two weeks, but now the fix for
> #946396 seems to have broken it again. As you can see from this build
> log, libcrypt-dev is installed in unstable, but not libcrypt1-dev:
> 
>     https://salsa.debian.org/lintian/lintian/-/jobs/484947/raw
> 
> > > Perhaps is it time to remove the test (and the tag
> > > `obsolete-des-encryption`). Was `fcrypt` dropped entirely, or is it
> > > still provided by `libcrypt`?
> >
> > Yes, fcrypt is still provided by libcrypt, and like libc it is
> > not available to newly linked binaries, just for old binaries. That's
> > why you need some tricks to link against it.
> >
> > > I do not understand the impact of this commit:
> > >
> > >     https://salsa.debian.org/glibc-team/glibc/commit/e1dc23943b0a5c9e0612f8e1364a37f12b6710ef
> > >
> > > Here is the code that did not link:
> > >
> > > /* This program uses the obsolete function 'fcrypt',
> > >    which is an alias for 'crypt'.  */
> > >
> > > #include <crypt.h>
> > > #include <stdio.h>
> > >
> > > /* The prototype may already have been removed from crypt.h.  */
> > > extern char *fcrypt(const char *, const char *);
> > >
> > > /* It may already not be possible to link new programs that use
> > >    'fcrypt' without special magic.  */
> > > #ifdef SYMVER
> > > __asm__ (".symver fcrypt, fcrypt@" SYMVER);
> > > #endif
> > >
> > > int
> > > main(void)
> > > {
> > >     puts(fcrypt("password", "Dn"));
> > >     return 0;
> > > }
> >
> > The code itself works. However for that it needs to have SYMVER defined
> > to the correct version. This is done in the Makefile, and it assumes
> > that libcrypto.so is provided by libc6. The following patch makes the
> > code to link correctly:
> >
> > --- t/tags/checks/binaries/binaries-obsolete-des/orig/Makefile.orig     2019-12-08 23:05:20.520887001 +0000
> > +++ t/tags/checks/binaries/binaries-obsolete-des/orig/Makefile  2019-12-08 23:05:11.092888400 +0000
> > @@ -5,7 +5,7 @@
> >  # around, but we have to know the exact "symbol version" associated with
> >  # the obsolete functions, which has to be dug out of libcrypt.so with nm.
> >
> > -LIBCRYPT_FILE := $(shell dpkg -L libc6-dev | grep 'libcrypt\.so$$')
> > +LIBCRYPT_FILE := $(shell dpkg -L libcrypt1-dev | grep 'libcrypt\.so$$')
> >  SYMVER := $(shell nm --dynamic --with-symbol-versions $(LIBCRYPT_FILE) | \
> >      grep ' setkey@' | cut -d@ -f2)
> 
> Because the package libcrypt1-dev is not installed in unstable (only
> libcrypt-dev is), your suggestion now errors out with:
> 
>    dh_auto_build
> make -j1 "INSTALL=install --strip-program=true"
> make[2]: Entering directory
> '/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0'
> dpkg-query: package 'libcrypt1-dev' is not installed
> Use dpkg --contents (= dpkg-deb --contents) to list archive files contents.
> nm: 'a.out': No such file
> <builtin>: update target 'uses-fcrypt.o' due to: uses-fcrypt.c
> cc -g -O2 -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
> -D_FORTIFY_SOURCE=2 -USYMVER  -c -o uses-fcrypt.o uses-fcrypt.c
> Makefile:38: update target 'uses-fcrypt' due to: uses-fcrypt.o
> cc -g -O2 -fdebug-prefix-map=/builds/lintian/lintian/debian/test-out/packages/tags/checks/binaries/binaries-obsolete-des/binaries-obsolete-des-1.0=.
> -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro
> -Wl,-z,now uses-fcrypt.o -o uses-fcrypt -lcrypt
> /usr/bin/ld: uses-fcrypt.o: in function `main':
> ./uses-fcrypt.c:19: undefined reference to `fcrypt'
> collect2: error: ld returned 1 exit status
> make[2]: *** [Makefile:38: uses-fcrypt] Error 1
> 
> Is the solution to replace libcrypt1-dev in your suggestion in the
> Makefile with libcrypt-dev?

Yes, at the end libcrypt1-dev has been removed into libcrypt-dev, so
this is the right thing to do. I don't think you need to keep
libcrypt1-dev in your check, now that everything has been migrated to
testing, I don't expect things to change again.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: