Your message dated Wed, 08 Jan 2025 07:56:41 +0000
with message-id <e1tvqvh-006apl...@fasolo.debian.org>
and subject line Bug#1089368: fixed in libpam-ccreds 10-10.1
has caused the Debian Bug report #1089368,
regarding libpam-ccreds: Supporting rootless builds by default
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1089368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089368
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libpam-ccreds
Version: 10-10
Severity: important
Tags: ftbfs
Justification: FTBFS
X-Debbugs-Cc: ni...@thykier.net
User: ni...@thykier.net
Usertags: rrr-no-as-default-issue
Dear maintainer,
During a test rebuild for building packages with
`Rules-Requires-Root: no` as the default in `dpkg`,
libpam-ccreds failed to rebuild.
Log Summary:
-------------------------------------------------------------------------------
[...]
automake: warning: autoconf input should be named 'configure.ac', not
'configure.in'
debian/rules override_dh_auto_configure
make[1]: Entering directory '/<<PKGBUILDDIR>>'
dh_auto_configure -- --enable-gcrypt ./configure
--build=aarch64-linux-gnu --prefix=/usr --includedir=\${prefix}/include
--mandir=\${prefix}/share/man --infodir=\${prefix}/share/info
--sysconfdir=/etc --localstatedir=/var --disable-option-checking
--disable-silent-rules --libdir=\${prefix}/lib/aarch64-linux-gnu
--libexecdir=\${prefix}/lib/aarch64-linux-gnu --runstatedir=/run
--disable-maintainer-mode --disable-dependency-tracking --enable-gcrypt
checking build system type... aarch64-unknown-linux-gnu
checking host system type... aarch64-unknown-linux-gnu
checking target system type... aarch64-unknown-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... checking whether we are cross
compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... none
checking how to run the C preprocessor... gcc -E
checking for gpgrt-config... /usr/bin/gpgrt-config
configure: Use gpgrt-config as libgcrypt-config
checking for LIBGCRYPT - version >= 1.2.0... yes (1.11.0)
checking for security/pam_appl.h... yes
checking for security/pam_misc.h... yes
checking for security/pam_modules.h... yes
checking for pam/pam_appl.h... no
checking for pam/pam_misc.h... no
checking for pam/pam_modules.h... no
checking for db.h... yes
checking for main in -ldb... yes
checking for pam_start in -lpam... yes
checking for misc_conv in -lpam_misc... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
dh_auto_build
make -j8
make[1]: Entering directory '/<<PKGBUILDDIR>>'
make all-am
make[2]: Entering directory '/<<PKGBUILDDIR>>'
gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT
-fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -c -o cc_db.o cc_db.c
gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT
-fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -c -o cc_lib.o cc_lib.c
gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT
-fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -c -o cc_pam.o cc_pam.c
gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT
-fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -c -o cc_test.o cc_test.c
gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT
-fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -c -o cc_dump.o cc_dump.c
gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT
-fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -c -o ccreds_chkpwd.o
ccreds_chkpwd.c
cc_lib.c: In function ‘pam_cc_run_helper_binary’:
cc_lib.c:687:25: warning: ignoring return value of ‘write’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
687 | write(fds[1], passwd, strlen(passwd) + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc_lib.c:690:25: warning: ignoring return value of ‘write’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
690 | write(fds[1], "", 1); /* blank
password */
| ^~~~~~~~~~~~~~~~~~~~
gcc -fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -shared -Wl,-Bdynamic
-Wl,--version-script,./exports.linux -Wl,-z,relro -Wl,-z,now -o
pam_ccreds.so cc_db.o cc_lib.o cc_pam.o -L/usr/lib/aarch64-linux-gnu
-lgcrypt -lpam_misc -lpam -ldb gcc -fno-strict-aliasing -g -O2
-Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -Wl,-rpath
-Wl,/usr/lib/aarch64-linux-gnu/security -Wl,-z,relro -Wl,-z,now -o
cc_test cc_test.o pam_ccreds.so -lpam -lpam_misc -lpam_misc -lpam -ldb
gcc -fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -Wl,-rpath
-Wl,/usr/lib/aarch64-linux-gnu/security -Wl,-z,relro -Wl,-z,now -o
cc_dump cc_dump.o pam_ccreds.so -lpam -lpam_misc -lpam_misc -lpam -ldb
gcc -fno-strict-aliasing -g -O2 -Werror=implicit-function-declaration
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security
-mbranch-protection=standard -Wall -fPIC -Wl,-rpath
-Wl,/usr/lib/aarch64-linux-gnu/security -Wl,-z,relro -Wl,-z,now -o
ccreds_chkpwd ccreds_chkpwd.o pam_ccreds.so -lpam -lpam_misc -lpam_misc
-lpam -ldb make[2]: Leaving directory '/<<PKGBUILDDIR>>'
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
dh_auto_test
make -j8 check "TESTSUITEFLAGS=-j8 --verbose" VERBOSE=1
make[1]: Entering directory '/<<PKGBUILDDIR>>'
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
create-stamp debian/debhelper-build-stamp
dh_prep
debian/rules override_dh_auto_install
make[1]: Entering directory '/<<PKGBUILDDIR>>'
dh_auto_install
make -j8 install DESTDIR=/<<PKGBUILDDIR>>/debian/libpam-ccreds
AM_UPDATE_INFO_DIR=no
make[2]: Entering directory '/<<PKGBUILDDIR>>'
make[3]: Entering directory '/<<PKGBUILDDIR>>'
/bin/bash ./mkinstalldirs
/<<PKGBUILDDIR>>/debian/libpam-ccreds/usr/lib/aarch64-linux-gnu/security
make[3]: Nothing to be done for 'install-data-am'.
/usr/bin/mkdir -p '/<<PKGBUILDDIR>>/debian/libpam-ccreds/usr/sbin'
mkdir -p --
/<<PKGBUILDDIR>>/debian/libpam-ccreds/usr/lib/aarch64-linux-gnu/security
/usr/bin/install -c -o root -g root pam_ccreds.so
/<<PKGBUILDDIR>>/debian/libpam-ccreds/usr/lib/aarch64-linux-gnu/security/pam_ccreds.so
/usr/bin/install -c ccreds_chkpwd
'/<<PKGBUILDDIR>>/debian/libpam-ccreds/usr/sbin'
/usr/bin/install: cannot change ownership of
'/<<PKGBUILDDIR>>/debian/libpam-ccreds/usr/lib/aarch64-linux-gnu/security/pam_ccreds.so':
Operation not permitted
make[3]: *** [Makefile:868: install-exec-local] Error 1
make[3]: *** Waiting for unfinished jobs....
make[3]: Leaving directory '/<<PKGBUILDDIR>>'
make[2]: *** [Makefile:735: install-am] Error 2
make[2]: Leaving directory '/<<PKGBUILDDIR>>'
dh_auto_install: error: make -j8 install
DESTDIR=/<<PKGBUILDDIR>>/debian/libpam-ccreds AM_UPDATE_INFO_DIR=no
returned exit code 2
make[1]: *** [debian/rules:17: override_dh_auto_install] Error 25
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
make: *** [debian/rules:11: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit
status 2
--------------------------------------------------------------------------------
Build finished at 2024-11-17T03:53:59Z
-------------------------------------------------------------------------------
The above is just how the build ends and not necessarily the most
relevant part. If required, the full build log is available here:
https://people.debian.org/~nthykier/rrr-no-as-default/logs/1013828.gz
You can find common solutions at
https://people.debian.org/~nthykier/rrr-no-as-default/docs/solutions.md
If this is really a bug in one of the build-depends, please use
reassign and affects, so that this is still visible in the BTS web
page for this package.
If this package is listed in
https://people.debian.org/~nthykier/rrr-no-as-default/docs/static-ownership.list,
then please just set `Rules-Requires-Root: binary-targets` to the source
stanza of `debian/control` as a fix to this bug.
If this package is listed in
https://people.debian.org/~nthykier/rrr-no-as-default/docs/maybe-misbuilds.list,
then the package was deemed at risk for misbuilding (having wrong
ownership) but had a FTBFS problem we tested it. Please test whether the
package works with `Rules-Requires-Root: no` validating that the
resulting deb has the correct ownership for all paths in the deb.
The goal is to have the default changed in `dpkg` either in `Trixie` or
`Forky`, depending on progress and feasibility with the release schedule
for Trixie.
For more information on this bug filing, please see:
https://lists.debian.org/debian-dpkg/2024/11/msg00016.html
Thanks,
PS: The builds were performed in mid-November. If you fixed the problem
between between then and this bug being filed, then please just close
the bug with the version it was fixed in.
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: libpam-ccreds
Source-Version: 10-10.1
Done: Niels Thykier <ni...@thykier.net>
We believe that the bug you reported is fixed in the latest version of
libpam-ccreds, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1089...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <ni...@thykier.net> (supplier of updated libpam-ccreds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 31 Dec 2024 10:30:13 +0000
Source: libpam-ccreds
Architecture: source
Version: 10-10.1
Distribution: unstable
Urgency: medium
Maintainer: Guido Günther <a...@sigxcpu.org>
Changed-By: Niels Thykier <ni...@thykier.net>
Closes: 1089368
Changes:
libpam-ccreds (10-10.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Make requirement for root when building the package explicit.
(Closes: #1089368)
* Reorder some logic in debian/rules to make it easier to make
the package rootless down the line. With these changes, it would
just need a patch to the upstream makefile and
`Rules-Requires-Root` set to `no`.
Checksums-Sha1:
7b5ac2bb5c1368beb15ab78940a98e7b4e735bd4 1599 libpam-ccreds_10-10.1.dsc
9e75e33070be787fff53dfb76042dd69b295c132 7988
libpam-ccreds_10-10.1.debian.tar.xz
71d00c5be8f3da8b069a9dd2af4adcba1cb1e215 5474
libpam-ccreds_10-10.1_source.buildinfo
Checksums-Sha256:
85d5a2710de824f8ec19bacab88124b9b34223ff748aecdb8a0a94bef099b3f5 1599
libpam-ccreds_10-10.1.dsc
cf5de6c454760b0c6072a1d44cc35d7dcf478880f3811a4a782322b14631c547 7988
libpam-ccreds_10-10.1.debian.tar.xz
5f9749a382450ae0d5860c08dc0af4c995bf5fac4f48f8fe7c2a0e96f86e8054 5474
libpam-ccreds_10-10.1_source.buildinfo
Files:
e0a9487ca28266ccfee1ba4f9141cb7d 1599 admin optional libpam-ccreds_10-10.1.dsc
15935f9cb5f8bd4f55f885583f841f3d 7988 admin optional
libpam-ccreds_10-10.1.debian.tar.xz
5c9115748dd6382c1f84cc3702d46443 5474 admin optional
libpam-ccreds_10-10.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCgAwFiEE9ecZmu9eXGflVYc/dA1oiINl0okFAmd3fyISHG5pZWxzQHRo
eWtpZXIubmV0AAoJEHQNaIiDZdKJjMYH/22RCKc79uwEvRd+SBgG+g0Bkx3E5Izj
r/39i2jIt3CSObcDNRCbCWdplTOGi/s0u6a6uDOLojWZu6VE3qladf1EiFk7urLN
fuWNnY+kD2rBRXA603V5g8TLMNySeVXc4ZuUZzYjYeL/zf2pYjKM9ZgJdKCKBuYd
B5e8rweoIik007b0EOrAADnrHvjdAPcdZezxmFQS9ZuI+DQyBEEmoGqjm530+W2o
QTTXTeOkMaNe0MVuMTRw2+GWz1qA1xAXM6aWkI/hBBM3paGrpR9hkn9Ufy1TGcE+
u258aDz0BdRnxCnXVR7Nfvmhip2fZtR9hbrkHjNooVwoZF9CJBYZWV8=
=Xt2D
-----END PGP SIGNATURE-----
pgpRwrmJz56hk.pgp
Description: PGP signature
--- End Message ---
