Jeremy Bícha <jeremy.bi...@canonical.com> writes: > Source: tillitis-tkey-device-signer > Version: 1.0.2-2 > X-Debbugs-CC: si...@josefsson.org > > tillitis-tkey-device-signer fails to build on Ubuntu. Perhaps the > build is too sensitive to the exact version of dependencies it uses? > > https://launchpad.net/ubuntu/+source/tillitis-tkey-device-signer/1.0.2-2
Looking at the log it fails on the SHA512 checksum comparison of the generated app blob. That probably means your clang-19 generate different RISCV32 object code than clang-19 in Debian, which were cross-checked with clang-19 on ArchLinux and Ubuntu 24.04 before uploading this package version. Building on clang-19 on the Ubuntu 25.05 docker images works fine for me, though: I get the expected SHA512 of "b0b08e5...". So it must be something that is more specific to your build servers. See snippet below on how I was able to get the right checksum on 25.05. I'll bring this up with upstream, but if we can't reproduce it, I'm not sure there is much to do. The SHA512 checksum check is there to catch these problems -- the rationale is that it is better to fail than to produce a different Tkey app binary in this situation. A different app leads to different Ed25519 private keys for users. So moving the same Tkey from a Debian to Ubuntu machine would change your Ed25519 private keys, pretty much making things not very usable. So I'm quite happy we added back this checksum change, or we wouldn't have caught this situation. /Simon jas@kaka:~$ podman run -it --rm ubuntu:25.04 root@ce78c848c99c:/# apt-get update && apt-get install -y -qq --no-install-recommends make clang-19 lld-19 llvm-19 git ca-certificates | tail -5 Get:1 http://archive.ubuntu.com/ubuntu plucky InRelease [249 kB] Get:2 http://security.ubuntu.com/ubuntu plucky-security InRelease [110 kB] Get:3 http://archive.ubuntu.com/ubuntu plucky-updates InRelease [110 kB] Get:4 http://archive.ubuntu.com/ubuntu plucky-backports InRelease [110 kB] Get:5 http://archive.ubuntu.com/ubuntu plucky/multiverse amd64 Packages [307 kB] Get:6 http://archive.ubuntu.com/ubuntu plucky/universe amd64 Packages [19.9 MB] Get:7 http://archive.ubuntu.com/ubuntu plucky/main amd64 Packages [1882 kB] Get:8 http://archive.ubuntu.com/ubuntu plucky/restricted amd64 Packages [63.1 kB] Fetched 22.7 MB in 3s (7405 kB/s) Reading package lists... Done debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 79, <STDIN> line 76.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC entries checked: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.40.0 /usr/local/share/perl/5.40.0 /usr/lib/x86_64-linux-gnu/perl5/5.40 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.40 /usr/share/perl/5.40 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 8, <STDIN> line 76.) debconf: falling back to frontend: Teletype Processing triggers for ca-certificates (20241223) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. root@ce78c848c99c:/# cd root@ce78c848c99c:~# git clone https://github.com/tillitis/tkey-libs Cloning into 'tkey-libs'... remote: Enumerating objects: 500, done. remote: Counting objects: 100% (211/211), done. remote: Compressing objects: 100% (77/77), done. remote: Total 500 (delta 152), reused 158 (delta 127), pack-reused 289 (from 1) Receiving objects: 100% (500/500), 202.28 KiB | 3.02 MiB/s, done. Resolving deltas: 100% (283/283), done. root@ce78c848c99c:~# cd tkey-libs/ root@ce78c848c99c:~/tkey-libs# make CC="clang-19" AR="llvm-ar-19" clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -mno-relax -c -o libcrt0/crt0.o libcrt0/crt0.S llvm-ar-19 -qc libcrt0.a libcrt0/crt0.o clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/assert.o libcommon/assert.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/blake2s.o libcommon/blake2s.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/led.o libcommon/led.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/lib.o libcommon/lib.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/proto.o libcommon/proto.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/touch.o libcommon/touch.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o libcommon/qemu_debug.o libcommon/qemu_debug.c llvm-ar-19 -qc libcommon.a libcommon/assert.o libcommon/blake2s.o libcommon/led.o libcommon/lib.o libcommon/proto.o libcommon/touch.o libcommon/qemu_debug.o clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o monocypher/monocypher.o monocypher/monocypher.c clang-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -Wall -Werror=implicit-function-declaration -I include -I . -D QEMU_DEBUG -c -o monocypher/monocypher-ed25519.o monocypher/monocypher-ed25519.c llvm-ar-19 -qc libmonocypher.a monocypher/monocypher.o monocypher/monocypher-ed25519.o root@ce78c848c99c:~/tkey-libs# cd .. root@ce78c848c99c:~# git clone https://github.com/tillitis/tkey-device-signer Cloning into 'tkey-device-signer'... remote: Enumerating objects: 1695, done. remote: Counting objects: 100% (238/238), done. remote: Compressing objects: 100% (117/117), done. remote: Total 1695 (delta 120), reused 219 (delta 105), pack-reused 1457 (from 1) Receiving objects: 100% (1695/1695), 650.24 KiB | 4.75 MiB/s, done. Resolving deltas: 100% (947/947), done. root@ce78c848c99c:~# cd tkey-device-signer/ root@ce78c848c99c:~/tkey-device-signer# make CC="clang-19 -fuse-ld=lld-19" AR=llvm-ar-19 OBJCOPY=llvm-objcopy-19 clang-19 -fuse-ld=lld-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -g -Wall -Werror=implicit-function-declaration -I /root/tkey-device-signer/../tkey-libs/include -I /root/tkey-device-signer/../tkey-libs -c -o signer/main.o signer/main.c clang-19: warning: argument unused during compilation: '-fuse-ld=lld-19' [-Wunused-command-line-argument] clang-19 -fuse-ld=lld-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -g -Wall -Werror=implicit-function-declaration -I /root/tkey-device-signer/../tkey-libs/include -I /root/tkey-device-signer/../tkey-libs -c -o signer/app_proto.o signer/app_proto.c clang-19: warning: argument unused during compilation: '-fuse-ld=lld-19' [-Wunused-command-line-argument] clang-19 -fuse-ld=lld-19 -target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -g -Wall -Werror=implicit-function-declaration -I /root/tkey-device-signer/../tkey-libs/include -I /root/tkey-device-signer/../tkey-libs signer/main.o signer/app_proto.o -T /root/tkey-device-signer/../tkey-libs/app.lds -L /root/tkey-device-signer/../tkey-libs -lcommon -lcrt0 -L /root/tkey-device-signer/../tkey-libs/monocypher -lmonocypher -I /root/tkey-device-signer/../tkey-libs -o signer/app.elf llvm-objcopy-19 --input-target=elf32-littleriscv --output-target=binary signer/app.elf signer/app.bin chmod a-x signer/app.bin Device app digest: b0b08e5b50fd60003f91f60e0cc676a065a6a93d0fea091d605c311d012083fe27d7b2fd6921a28843873d115ff7322135086d5567061b2bb2964c78f52efc76 signer/app.bin Expected device app digest: fe4458e4125966885d9b745a25422948d76e60371165b97729fce1b423f22b87929c684b4381f2220aa0c94266ba035730d5f08a6e6e0aab7d7bf15165d2fff6 signer/app.bin sha512sum -c signer/app.bin.sha512 signer/app.bin: FAILED sha512sum: WARNING: 1 computed checksum did NOT match make: *** [Makefile:60: check-signer-hash] Error 1 root@ce78c848c99c:~/tkey-device-signer#
signature.asc
Description: PGP signature
