Re: Please help fix lintian hardening-no-relro problem
On Thu, 28 Aug 2014 14:32:32 +0600, Andrey Rahmatullin wrote:
> On Thu, Aug 28, 2014 at 12:50:23AM +0000, T o n g wrote:
>> >> Please help me fix the lintian "hardening-no-relro" problem. My code
>> >> is at https://github.com/suntong001/histring (it is *very* small).
>> > The proper way is just to bump debian/compat to 9.
>> >
>> >> I tried to ...
>> >> +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk
>> >> +CFLAGS += -Wextra +
>> >> all: histring
>> >>
>> >> histring: histring.c getopt.c getopt1.c getopt.h
>> > These lines are for debian/rules, not for the upstream Makefile (they
>> > are unnecessary when using dh(1) with compat 9 though).
>>
>> I bumped up the compat level to 9,
>> https://github.com/suntong001/histring/commits/master
>> https://github.com/suntong001/histring/
>> commit/6708b109133d63fec73f8113b8b644390adfeb4e but am still getting
>> the "hardening-no-relro" problem.
>>
>> The build environment is latest sid. Is there anything else?
> Please show the build log or publish a source package so that other
> people could reproduce the build.
Ok, just for problem-solving purpose, the source package is at
http://mentors.debian.net/debian/pool/main/h/histring/histring_1.1.0-2.dsc
This is a minimum-fixed version, ie, there are still lots of issues
unfixed, but source package is available. I do have the maximum-fixed
version, at https://github.com/suntong001/histring/, where only the
hardening-no-relro problem is left unfixed (for the binary package). Make
your pick.
For the minimum-fixed version, the one from source package, here is the
binary package build log:
$ debuild -i -us -uc -b
dpkg-buildpackage -rfakeroot -D -us -uc -i -b
dpkg-buildpackage: warning: using a gain-root-command while being root
dpkg-buildpackage: source package histring
dpkg-buildpackage: source version 1.1.0-1
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Michael Prokop <mika@grml.org>
dpkg-source -i --before-build histring-1.1.0
dpkg-buildpackage: host architecture amd64
fakeroot debian/rules clean
dh_testdir
dh_testroot
rm -f build-stamp
# Add here commands to clean up after the build process.
/usr/bin/make distclean
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0'
make[1]: *** No rule to make target 'distclean'. Stop.
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0'
debian/rules:41: recipe for target 'clean' failed
make: [clean] Error 2 (ignored)
dh_clean
debian/rules build
dh_testdir
# Add here commands to configure the package.
./configure --host=x86_64-linux-gnu --build=x86_64-linux-gnu
creating cache ./config.cache
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... missing
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking how to run the C preprocessor... gcc -E
checking for a BSD compatible install... /usr/bin/install -c
checking for getopt_long... yes
checking for string.h... yes
checking for unistd.h... yes
checking for stdlib.h... yes
checking for errno.h... yes
checking for ctype.h... yes
checking for getopt.h... yes
checking for stdio.h... yes
checking for string.h... (cached) yes
checking for regex.h... yes
checking for getopt... yes
checking for getopt_long... (cached) yes
checking whether user wants debugging support... no
updating cache ./config.cache
creating ./config.status
creating Makefile
creating config.h
dh_testdir
# Add here commands to compile the package.
/usr/bin/make
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0'
gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -c histring.c
gcc -g -O2 -o histring histring.o
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0'
touch build-stamp
fakeroot debian/rules binary
dh_testdir
dh_testroot
dh_clean -k
dh_clean: dh_clean -k is deprecated; use dh_prep instead
dh_installdirs usr/bin
# Add here commands to install the package into debian/histring.
install -m 755 histring debian/histring/usr/bin/histring
dh_testdir
dh_testroot
dh_installchangelogs
dh_installdocs README
dh_installexamples
dh_installman debian/histring.1
dh_link
dh_strip
dh_compress
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `histring' in `../histring_1.1.0-1_amd64.deb'.
dpkg-genchanges -b >../histring_1.1.0-1_amd64.changes
dpkg-genchanges: binary-only upload - not including any source code
dpkg-source -i --after-build histring-1.1.0
dpkg-buildpackage: binary-only upload (no source included)
Now running lintian...
warning: the authors of lintian do not recommend running it with root
privileges!
W: histring: hardening-no-relro usr/bin/histring
W: ...
For the maximum-fixed version, the one from github, here is the binary
package build log:
$ debuild -i -us -uc -b
dpkg-buildpackage -rfakeroot -D -us -uc -i -b
dpkg-buildpackage: warning: using a gain-root-command while being root
dpkg-buildpackage: source package histring
dpkg-buildpackage: source version 1.1.0-2
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Tong Sun
<suntong001@users.sourceforge.net>
dpkg-source -i --before-build histring-1.1.0
dpkg-buildpackage: host architecture amd64
fakeroot debian/rules clean
dh clean
dh_testdir
dh_auto_clean
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0'
rm -f *.o *~
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0'
dh_clean
debian/rules build
dh build
dh_testdir
dh_auto_configure
dh_auto_build
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0'
dh_auto_test
fakeroot debian/rules binary
dh binary
dh_testroot
dh_prep
dh_auto_install
make[1]: Entering directory '/export/build/pkg/histring/bld/
histring-1.1.0'
/usr/bin/install -c -m 755 -d /export/build/pkg/histring/bld/
histring-1.1.0/debian/histring/usr/bin
/usr/bin/install -c -m 755 -d /export/build/pkg/histring/bld/
histring-1.1.0/debian/histring/usr/share/man/man1
/usr/bin/install -c -m 755 -s histring /export/build/pkg/histring/bld/
histring-1.1.0/debian/histring/usr/bin
/usr/bin/install -c -m 644 debian/histring.1 /export/build/pkg/histring/
bld/histring-1.1.0/debian/histring/usr/share/man/man1
make[1]: Leaving directory '/export/build/pkg/histring/bld/
histring-1.1.0'
dh_installdocs
dh_installchangelogs
dh_installman
dh_perl
dh_link
dh_compress
dh_fixperms
dh_strip
dh_makeshlibs
dh_shlibdeps
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `histring' in `../histring_1.1.0-2_amd64.deb'.
dpkg-genchanges -b >../histring_1.1.0-2_amd64.changes
dpkg-genchanges: binary-only upload - not including any source code
dpkg-source -i --after-build histring-1.1.0
dpkg-buildpackage: binary-only upload (no source included)
Now running lintian...
warning: the authors of lintian do not recommend running it with root
privileges!
W: histring: hardening-no-relro usr/bin/histring
Finished running lintian.
Thanks for your help!
Reply to: