| Message ID | b5fef166-72c3-25ac-2427-e4255b68f2db@gmail.com |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | Debugging gnupg2 unsafe search path error (was Re: [PATCH] Revert "package/gnupg2: bump to version 2.4.0") | expand |
Hi Bagas, On 18/02/2023 14:45, Bagas Sanjaya wrote: > On 2/18/23 18:13, Julien Olivain wrote: >> In my first proposal of gnupg2 version 2.4.0 bump [1], I initially >> proposed >> to add Buildroot staging bin dir in PATH, to make sure we won't have >> such >> host/br-staging confusion: >> >> GNUPG2_CONF_ENV = PATH=$(STAGING_DIR)/usr/bin:$(BR_PATH) >> >> Bagas, could you try on your side if this solve the issue? >> >> [1] >> https://patchwork.ozlabs.org/project/buildroot/patch/20230103193649.7488-5-ju.o@free.fr/ >> > > Hi Julien, > > I applied your suggestion on top of master as: > > ---- >8 ---- > diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk > index 5935ce6939..55917912a8 100644 > --- a/package/gnupg2/gnupg2.mk > +++ b/package/gnupg2/gnupg2.mk > @@ -15,6 +15,9 @@ GNUPG2_SELINUX_MODULES = gpg > GNUPG2_DEPENDENCIES = zlib libgpg-error libgcrypt libassuan libksba > libnpth \ > $(if $(BR2_PACKAGE_LIBICONV),libiconv) host-pkgconf > > +# Let's see if staging GNUPG2_CONF_ENV here works. > +GNUPG2_CONF_ENV = PATH=$(STAGING_DIR)/usr/bin:$(BR_PATH) > + > GNUPG2_CONF_OPTS = \ > --disable-rpath \ > --with-libgpg-error-prefix=$(STAGING_DIR)/usr \ > > > Unfortunately, the build error still occurs with your suggestion. Thank you for testing. I still can't reproduce the issue on my side. Compilation works fine on my system (with and without a /usr/bin/gpgrt-config script), and also in the Buildroot utils/docker-run (which does not include a /usr/bin/gpgrt-config script). My system has the same libgpg-error version 1.46 as Buildroot. Could you tell me what is the distribution of your host system (or what is the version of the libgpg-error on the host)? I'll try the same environment in a docker. Another way to force the gpgrt-config path without putting the full staging usr bin in the PATH (as Thomas recommended not to do) would be to add the following: GNUPG2_CONF_ENV += GPGRT_CONFIG=$(STAGING_DIR)/usr/bin/gpgrt-config While compiling gnupg2 in Buildroot, you should see in the configuration log: ... checking for gpg-error-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpg-error-config checking for gpgrt-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpgrt-config ... Without this line, if the host contains a gpgrt-config, you should see: checking for gpg-error-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpg-error-config checking for gpgrt-config... /usr/bin/gpgrt-config and if the host does not not contain a gpgrt-config, you should see: checking for gpg-error-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpg-error-config checking for gpgrt-config... no I still suspect the root cause is the presence of a /usr/bin/gpgrt-config of a specific/older libgpg-error version on the host. Best regards, Julien.
On Sat, Feb 18, 2023 at 06:40:35PM +0100, Julien Olivain wrote: > Thank you for testing. > > I still can't reproduce the issue on my side. Compilation works fine on my > system > (with and without a /usr/bin/gpgrt-config script), and also in the Buildroot > utils/docker-run (which does not include a /usr/bin/gpgrt-config script). My > system > has the same libgpg-error version 1.46 as Buildroot. > > Could you tell me what is the distribution of your host system (or what is > the version > of the libgpg-error on the host)? I'll try the same environment in a > docker. > > Another way to force the gpgrt-config path without putting the full staging > usr bin > in the PATH (as Thomas recommended not to do) would be to add the following: > > GNUPG2_CONF_ENV += GPGRT_CONFIG=$(STAGING_DIR)/usr/bin/gpgrt-config > Hi Julien, My setup is Debian 11. For the host GnuPG, I compiled GnuPG 2.4.0 with libgpg-error 1.46. I source a script (gnupg-setup) to initialize the compiled version into my ~/.bashrc. The script is: ---- >8 ---- if ! (systemctl --user is-active -q dirmngr-local.socket); then systemctl --user start {dirmngr,gpg-agent,gpg-agent-ssh,gpg-agent-browser,gpg-agent-extra}-local.socket fi export PATH=$HOME/.local/gnupg/bin:$PATH The actual .socket unit files are copied from GnuPG sources but I add Conflicts= against corresponding system-provided socket units. For your suggestion above, the build successed only when the initialization script above isn't sourced. However, when the script is sourced, the build search for host version of libraries instead (and thus FTBFS). > While compiling gnupg2 in Buildroot, you should see in the configuration > log: > > ... > checking for gpg-error-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpg-error-config > checking for gpgrt-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpgrt-config > ... > > Without this line, if the host contains a gpgrt-config, you should see: > > checking for gpg-error-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpg-error-config > checking for gpgrt-config... /usr/bin/gpgrt-config > > and if the host does not not contain a gpgrt-config, you should see: > > checking for gpg-error-config... /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/gpg-error-config > checking for gpgrt-config... no Yes, I see the message above in my build log. Thanks.
Hi Bagas, On 19/02/2023 05:26, Bagas Sanjaya wrote: > On Sat, Feb 18, 2023 at 06:40:35PM +0100, Julien Olivain wrote: >> Thank you for testing. >> >> I still can't reproduce the issue on my side. Compilation works fine >> on my >> system >> (with and without a /usr/bin/gpgrt-config script), and also in the >> Buildroot >> utils/docker-run (which does not include a /usr/bin/gpgrt-config >> script). My >> system >> has the same libgpg-error version 1.46 as Buildroot. >> >> Could you tell me what is the distribution of your host system (or >> what is >> the version >> of the libgpg-error on the host)? I'll try the same environment in a >> docker. >> >> Another way to force the gpgrt-config path without putting the full >> staging >> usr bin >> in the PATH (as Thomas recommended not to do) would be to add the >> following: >> >> GNUPG2_CONF_ENV += GPGRT_CONFIG=$(STAGING_DIR)/usr/bin/gpgrt-config >> > > Hi Julien, > > My setup is Debian 11. > > For the host GnuPG, I compiled GnuPG 2.4.0 with libgpg-error 1.46. I > source a script (gnupg-setup) to initialize the compiled version into > my > ~/.bashrc. > > The script is: > > ---- >8 ---- > if ! (systemctl --user is-active -q dirmngr-local.socket); then > systemctl --user start > {dirmngr,gpg-agent,gpg-agent-ssh,gpg-agent-browser,gpg-agent-extra}-local.socket > fi > > export PATH=$HOME/.local/gnupg/bin:$PATH > > The actual .socket unit files are copied from GnuPG sources but I add > Conflicts= against corresponding system-provided socket units. > > For your suggestion above, the build successed only when the > initialization > script above isn't sourced. However, when the script is sourced, the > build > search for host version of libraries instead (and thus FTBFS). Thanks for the tests and feedback. I am now able to reproduce the issue by installing the libgpg-error-dev package in the Buildroot Docker image (which also happen to be a Debian 11). I'll send my patch proposal to fix autobuild failures. Right now, I don't see why your sourced file would prevent this fix to work. Is it possible the same issue happen in other gnupg2 friend packages? (such as libassuan, libgcrypt, libksba, ...) which I believe are all using the AM_PATH_GPG_ERROR() macro from libgpg-error gpg-error.m4. Best regards, Julien.
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk index 5935ce6939..55917912a8 100644 --- a/package/gnupg2/gnupg2.mk +++ b/package/gnupg2/gnupg2.mk @@ -15,6 +15,9 @@ GNUPG2_SELINUX_MODULES = gpg GNUPG2_DEPENDENCIES = zlib libgpg-error libgcrypt libassuan libksba libnpth \ $(if $(BR2_PACKAGE_LIBICONV),libiconv) host-pkgconf +# Let's see if staging GNUPG2_CONF_ENV here works. +GNUPG2_CONF_ENV = PATH=$(STAGING_DIR)/usr/bin:$(BR_PATH) + GNUPG2_CONF_OPTS = \ --disable-rpath \ --with-libgpg-error-prefix=$(STAGING_DIR)/usr \