Source: shim Version: 15.8-1 Severity: important Tags: ftbfs Justification: FTBFS X-Debbugs-Cc: ni...@thykier.net User: ni...@thykier.net Usertags: rrr-no-as-default-issue
Dear maintainer, During a test rebuild for building packages with `Rules-Requires-Root: no` as the default in `dpkg`, shim failed to rebuild. Log Summary: ------------------------------------------------------------------------------- [...]aarch64-linux-gnu-gcc-12 -I/<<PKGBUILDDIR>>/gnu-efi//gnuefi -I/<<PKGBUILDDIR>>/gnu-efi/inc -I/<<PKGBUILDDIR>>/gnu-efi/inc/aarch64 -I/<<PKGBUILDDIR>>/gnu-efi/inc/protocol -std=gnu11 -ggdb -ffreestanding -fmacro-prefix-map=/<<PKGBUILDDIR>>/= -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -Os -Wall -Wextra -Wno-missing-field-initializers -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align -Werror -nostdinc -I/<<PKGBUILDDIR>>/Cryptlib -I/<<PKGBUILDDIR>>/Cryptlib/Include -I/<<PKGBUILDDIR>>/gnu-efi/inc -I/<<PKGBUILDDIR>>/gnu-efi/inc/aarch64 -I/<<PKGBUILDDIR>>/gnu-efi/inc/protocol -I/<<PKGBUILDDIR>>/include -iquote /<<PKGBUILDDIR>> -iquote /<<PKGBUILDDIR>> -isystem /<<PKGBUILDDIR>>/include/system -isystem /usr/lib/gcc/aarch64-linux-gnu/12/include -DDEFAULT_LOADER='L"\\\\grubaa64.efi"' -DDEFAULT_LOADER_CHAR='"\\\\grubaa64.efi"' -DEFI_ARCH='L"aa64"' -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/aa64-15.8-15.8/"' -DVENDOR_CERT_FILE=\"debian/debian-uefi-ca.der\" -DVENDOR_DBX_FILE=\"dbx.esl\" -DSBAT_AUTOMATIC_DATE=2024010900 -DGNU_EFI_USE_EXTERNAL_STDARG -Wno-error=pragmas -fpic -Os -Wall -Wextra -Wno-missing-field-initializers -Werror -fshort-wchar -fno-strict-aliasing -ffreestanding -fno-stack-protector -fno-stack-check -nostdinc -isystem /<<PKGBUILDDIR>>/gnu-efi/../include/system -isystem /usr/lib/gcc/aarch64-linux-gnu/12/include -fno-merge-all-constants -Wno-error=pragmas -fpic -Os -Wall -Wextra -Wno-missing-field-initializers -Werror -fshort-wchar -fno-strict-aliasing -ffreestanding -fno-stack-protector -fno-stack-check -nostdinc -isystem /<<PKGBUILDDIR>>/gnu-efi/../include/system -isystem /usr/lib/gcc/aarch64-linux-gnu/12/include -fno-merge-all-constants -fno-jump-tables -Wdate-time -D_FORTIFY_SOURCE=2 -DCONFIG_aarch64 -DCONFIG_aarch64 -c /<<PKGBUILDDIR>>/gnu-efi//gnuefi/reloc_aarch64.c -o reloc_aarch64.o
/<<PKGBUILDDIR>>/gnu-efi//gnuefi/crt0-efi-aarch64.S: Assembler messages:/<<PKGBUILDDIR>>/gnu-efi//gnuefi/crt0-efi-aarch64.S:54: Warning: setting incorrect section attributes for .note.GNU-stack
aarch64-linux-gnu-gcc-ar rv -U libgnuefi.a reloc_aarch64.o /usr/bin/ar: creating libgnuefi.a a - reloc_aarch64.o make: Leaving directory '/<<PKGBUILDDIR>>/gnu-efi/aarch64/gnuefi' make: Leaving directory '/<<PKGBUILDDIR>>/gnu-efi'aarch64-linux-gnu-ld -o shimaa64.so --hash-style=sysv -nostdlib -znocombreloc -T /<<PKGBUILDDIR>>/elf_aarch64_efi.lds -shared -Bsymbolic -Lgnu-efi/aarch64/gnuefi -Lgnu-efi/aarch64/lib -LCryptlib -LCryptlib/OpenSSL gnu-efi/aarch64/gnuefi/crt0-efi-aarch64.o --build-id=sha1 --no-undefined shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o pe-relocate.o httpboot.o csv.o load-options.o Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a gnu-efi/aarch64/lib/libefi.a gnu-efi/aarch64/gnuefi/libgnuefi.a -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group /usr/lib/gcc/aarch64-linux-gnu/12/libgcc.a lib/lib.a aarch64-linux-gnu-ld: warning: shimaa64.so has a LOAD segment with RWX permissions
aarch64-linux-gnu-objcopy -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .rodata -j .rel* \ -j .rela* -j .dyn -j .reloc -j .eh_frame \ -j .vendor_cert -j .sbat -j .sbatlevel \ --target efi-app-aarch64 shimaa64.so shimaa64.efi ./post-process-pe -vv shimaa64.efi aarch64-linux-gnu-objcopy -D -j .text -j .sdata -j .data \ -j .dynamic -j .rodata -j .rel* \ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ -j .sbatlevel \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -j .debug_line -j .debug_str -j .debug_ranges \ -j .note.gnu.build-id \ shimaa64.so shimaa64.efi.debugaarch64-linux-gnu-ld -o mmaa64.so --hash-style=sysv -nostdlib -znocombreloc -T /<<PKGBUILDDIR>>/elf_aarch64_efi.lds -shared -Bsymbolic -Lgnu-efi/aarch64/gnuefi -Lgnu-efi/aarch64/lib -LCryptlib -LCryptlib/OpenSSL gnu-efi/aarch64/gnuefi/crt0-efi-aarch64.o --build-id=sha1 --no-undefined MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a gnu-efi/aarch64/lib/libefi.a gnu-efi/aarch64/gnuefi/libgnuefi.a -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group /usr/lib/gcc/aarch64-linux-gnu/12/libgcc.a lib/lib.a aarch64-linux-gnu-ld: warning: mmaa64.so has a LOAD segment with RWX permissions
aarch64-linux-gnu-objcopy -D -j .text -j .sdata -j .data \ -j .dynamic -j .rodata -j .rel* \ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ -j .sbatlevel \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -j .debug_line -j .debug_str -j .debug_ranges \ -j .note.gnu.build-id \ mmaa64.so mmaa64.efi.debugaarch64-linux-gnu-ld -o fbaa64.so --hash-style=sysv -nostdlib -znocombreloc -T /<<PKGBUILDDIR>>/elf_aarch64_efi.lds -shared -Bsymbolic -Lgnu-efi/aarch64/gnuefi -Lgnu-efi/aarch64/lib -LCryptlib -LCryptlib/OpenSSL gnu-efi/aarch64/gnuefi/crt0-efi-aarch64.o --build-id=sha1 --no-undefined fallback.o tpm.o errlog.o sbat_data.o globals.o Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a gnu-efi/aarch64/lib/libefi.a gnu-efi/aarch64/gnuefi/libgnuefi.a -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group /usr/lib/gcc/aarch64-linux-gnu/12/libgcc.a lib/lib.a
aarch64-linux-gnu-objcopy -D -j .text -j .sdata -j .data \ -j .dynamic -j .rodata -j .rel* \ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ -j .sbatlevel \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -j .debug_line -j .debug_str -j .debug_ranges \ -j .note.gnu.build-id \ fbaa64.so fbaa64.efi.debug aarch64-linux-gnu-objcopy -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .rodata -j .rel* \ -j .rela* -j .dyn -j .reloc -j .eh_frame \ -j .vendor_cert -j .sbat -j .sbatlevel \ --target efi-app-aarch64 mmaa64.so mmaa64.efi ./post-process-pe -vv mmaa64.efi aarch64-linux-gnu-objcopy -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .rodata -j .rel* \ -j .rela* -j .dyn -j .reloc -j .eh_frame \ -j .vendor_cert -j .sbat -j .sbatlevel \ --target efi-app-aarch64 fbaa64.so fbaa64.efi ./post-process-pe -vv fbaa64.efigcc -I/usr/include -Og -g3 -Wall -Werror -Wextra -o buildid /<<PKGBUILDDIR>>/buildid.c -lelf
Making BOOTAA64.CSV install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp/install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp//usr/lib/debug/boot/efi/EFI/debian// install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp//usr/src/debug//shim-15.8-15.8 find /<<PKGBUILDDIR>> -type f -a '(' -iname '*.c' -o -iname '*.h' -o -iname '*.S' ')' | while read file ; do \
outfile=$(echo ${file} | sed -e "s,^/<<PKGBUILDDIR>>,,") ; \install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp//usr/src/debug//shim-15.8-15.8/$(dirname ${outfile}) ; \ install -m 0644 ${file} /<<PKGBUILDDIR>>/debian/tmp//usr/src/debug//shim-15.8-15.8/${outfile} ; \
done install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp/ install -d -m 0700 /<<PKGBUILDDIR>>/debian/tmp/boot/efi/ install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/BOOT/ install -d -m 0755 /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/debian/install -m 0644 shimaa64.efi /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/BOOT//BOOTAA64.EFI install -m 0644 shimaa64.efi /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/debian// install -m 0644 BOOTAA64.CSV /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/debian//
install -m 0644 fbaa64.efi /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/BOOT// install -m 0644 mmaa64.efi /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/BOOT// install -m 0644 mmaa64.efi /<<PKGBUILDDIR>>/debian/tmp/boot/efi/EFI/debian// make: Leaving directory '/<<PKGBUILDDIR>>' # Remove the copy of the source that's installed - we have git # already... rm -rf debian/tmp/usr # And remove the extra removable-media copy of shim too, it's # not needed for our build and causes debhelper to complain rm -f debian/tmp/boot/efi/EFI/BOOT/BOOT*.EFI install -m 644 debian/debian-uefi-ca.der debian/shim-unsigned/usr/share/shim # Generate the template packages that we'll use for SB signing later ./debian/signing-template.generateinstall: cannot change owner and permissions of ‘debian/shim-helpers-arm64-signed-template/usr/share/code-signing/shim-helpers-arm64-signed-template’: Operation not permitted
make[1]: *** [debian/rules:93: override_dh_auto_install] Error 1 make[1]: Leaving directory '/<<PKGBUILDDIR>>' make: *** [debian/rules:69: binary] Error 2dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
-------------------------------------------------------------------------------- Build finished at 2024-11-18T14:43:48Z ------------------------------------------------------------------------------- The above is just how the build ends and not necessarily the most relevant part. If required, the full build log is available here: https://people.debian.org/~nthykier/rrr-no-as-default/logs/1044526.gz You can find common solutions at https://people.debian.org/~nthykier/rrr-no-as-default/docs/solutions.md If this is really a bug in one of the build-depends, please use reassign and affects, so that this is still visible in the BTS web page for this package. If this package is listed in https://people.debian.org/~nthykier/rrr-no-as-default/docs/static-ownership.list, then please just set `Rules-Requires-Root: binary-targets` to the source stanza of `debian/control` as a fix to this bug. If this package is listed in https://people.debian.org/~nthykier/rrr-no-as-default/docs/maybe-misbuilds.list, then the package was deemed at risk for misbuilding (having wrong ownership) but had a FTBFS problem we tested it. Please test whether the package works with `Rules-Requires-Root: no` validating that the resulting deb has the correct ownership for all paths in the deb. The goal is to have the default changed in `dpkg` either in `Trixie` or `Forky`, depending on progress and feasibility with the release schedule for Trixie. For more information on this bug filing, please see: https://lists.debian.org/debian-dpkg/2024/11/msg00016.html Thanks, PS: The builds were performed in mid-November. If you fixed the problem between between then and this bug being filed, then please just close the bug with the version it was fixed in.
OpenPGP_signature.asc
Description: OpenPGP digital signature