Bug#1089378: logtool: Supporting rootless builds by default

Niels Thykier Sat, 07 Dec 2024 11:42:18 -0800

Source: logtool
Version: 1.2.8-13
Severity: important
Tags: ftbfs
Justification: FTBFS
X-Debbugs-Cc: [email protected]
User: [email protected]
Usertags: rrr-no-as-default-issue


Dear maintainer,

During a test rebuild for building packages with
`Rules-Requires-Root: no` as the default in `dpkg`,
logtool failed to rebuild.

Log Summary:
-------------------------------------------------------------------------------
[...]

regex.c: In function ‘lt_load_regex’:

regex.c:123:33: warning: ‘strncat’ specified bound depends on the length of the source argument [-Wstringop-overflow=] 123 | strncat(*dest, tmp, strlen(tmp) + 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

regex.c:123:53: note: length computed here

123 | strncat(*dest, tmp, strlen(tmp) + 1);

      |                                                     ^~~~~~~~~~~

regex.c:119:33: warning: ‘strncat’ specified bound depends on the length of the source argument [-Wstringop-overflow=] 119 | strncat(*dest, tmp, strlen(tmp) + 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

regex.c:119:53: note: length computed here

119 | strncat(*dest, tmp, strlen(tmp) + 1);

      |                                                     ^~~~~~~~~~~

gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H main.c -o main.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H ncurses.c -o ncurses.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H env.c -o env.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H gethost.c -o gethost.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H mod_snort.c -o mod_snort.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H mod_syslog.c -o mod_syslog.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H mod_unknown.c -o mod_unknown.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H mod_iptables.c -o mod_iptables.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H mod_common.c -o mod_common.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H mod_sound.c -o mod_sound.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H output.c -o output.o

mod_syslog.c: In function ‘ltm_syslog’:

mod_syslog.c:42:30: warning: ‘%s’ directive writing up to 8095 bytes into a region of size between 7840 and 8095 [-Wformat-overflow=] 42 | sprintf(msg_tmp, " %s%s%s", event.pcolor, event.message, "\033e");

      |                              ^~                   ~~~~~~~~~~~~~

mod_syslog.c:42:9: note: ‘sprintf’ output between 4 and 8354 bytes into a destination of size 8096 42 | sprintf(msg_tmp, " %s%s%s", event.pcolor, event.message, "\033e"); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H loop.c -o loop.o gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H parse_pmsg.c -o parse_pmsg.o

mod_snort.c: In function ‘ltm_snort_pproc.part.0’:

mod_snort.c:87:63: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=] 87 | sprintf(tmp_str, "%s%c", tmp_str, pproc[i]);

      |                                                               ^

mod_snort.c:87:41: note: ‘sprintf’ output between 2 and 8097 bytes into a destination of size 8096 87 | sprintf(tmp_str, "%s%c", tmp_str, pproc[i]); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcc -c -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H defs.c -o defs.o

mod_snort.c: In function ‘ltm_snort’:

mod_snort.c:330:29: warning: ‘%s’ directive writing up to 8095 bytes into a region of size between 7841 and 8096 [-Wformat-overflow=] 330 | sprintf(msg_tmp, "%s%s%s", event.pcolor, event.message, "\033e");

      |                             ^~                   ~~~~~~~~~~~~~

mod_snort.c:330:9: note: ‘sprintf’ output between 3 and 8353 bytes into a destination of size 8096 330 | sprintf(msg_tmp, "%s%s%s", event.pcolor, event.message, "\033e"); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcc -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -DHAVE_CONFIG_H -o logtool readconf.o getopt.o regex.o parser.o ansi.o ascii.o tai64nfrac.o csv.o html.o raw.o logtool.o main.o ncurses.o env.o gethost.o mod_snort.o mod_syslog.o mod_unknown.o mod_iptables.o mod_common.o mod_sound.o output.o loop.o parse_pmsg.o defs.o make[2]: Leaving directory '/<<PKGBUILDDIR>>/src'

make[1]: Leaving directory '/<<PKGBUILDDIR>>'
   dh_auto_test
   create-stamp debian/debhelper-build-stamp
   dh_prep
   dh_installdirs
   dh_auto_install --destdir=debian/logtool/

make -j8 install DESTDIR=/<<PKGBUILDDIR>>/debian/logtool AM_UPDATE_INFO_DIR=no

make[1]: Entering directory '/<<PKGBUILDDIR>>'
cd src ; make install
make[2]: Entering directory '/<<PKGBUILDDIR>>/src'
mkdir -p /<<PKGBUILDDIR>>/debian/logtool/etc/logtool
mkdir -p /<<PKGBUILDDIR>>/debian/logtool/usr/bin
mkdir -p /<<PKGBUILDDIR>>/debian/logtool/usr/share/man/man1

/usr/bin/install -c -m 0555 -o root logtool /<<PKGBUILDDIR>>/debian/logtool/usr/bin/logtool /usr/bin/install: cannot change ownership of '/<<PKGBUILDDIR>>/debian/logtool/usr/bin/logtool': Operation not permitted

make[2]: *** [Makefile:33: install] Error 1
make[2]: Leaving directory '/<<PKGBUILDDIR>>/src'
make[1]: *** [Makefile:8: install] Error 2
make[1]: Leaving directory '/<<PKGBUILDDIR>>'

dh_auto_install: error: make -j8 install DESTDIR=/<<PKGBUILDDIR>>/debian/logtool AM_UPDATE_INFO_DIR=no returned exit code 2

make: *** [debian/rules:4: binary] Error 25

dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2

--------------------------------------------------------------------------------
Build finished at 2024-11-17T09:22:03Z

-------------------------------------------------------------------------------


The above is just how the build ends and not necessarily the most
relevant part. If required, the full build log is available here:

https://people.debian.org/~nthykier/rrr-no-as-default/logs/1020504.gz

You can find common solutions at
https://people.debian.org/~nthykier/rrr-no-as-default/docs/solutions.md

If this is really a bug in one of the build-depends, please use
reassign and affects, so that this is still visible in the BTS web
page for this package.

If this package is listed in
https://people.debian.org/~nthykier/rrr-no-as-default/docs/static-ownership.list,
then please just set `Rules-Requires-Root: binary-targets` to the source
stanza of `debian/control` as a fix to this bug.

If this package is listed in
https://people.debian.org/~nthykier/rrr-no-as-default/docs/maybe-misbuilds.list,
then the package was deemed at risk for misbuilding (having wrong
ownership) but had a FTBFS problem we tested it. Please test whether the
package works with `Rules-Requires-Root: no` validating that the
resulting deb has the correct ownership for all paths in the deb.

The goal is to have the default changed in `dpkg` either in `Trixie` or
`Forky`, depending on progress and feasibility with the release schedule
for Trixie.

For more information on this bug filing, please see:
https://lists.debian.org/debian-dpkg/2024/11/msg00016.html

Thanks,


PS: The builds were performed in mid-November. If you fixed the problem
between between then and this bug being filed, then please just close
the bug with the version it was fixed in.

OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1089378: logtool: Supporting rootless builds by default

Reply via email to