Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signify-31/signify.c:249: undefined reference to `freezero' #35

Open
robert-scheck opened this issue May 28, 2022 · 4 comments
Open

signify-31/signify.c:249: undefined reference to `freezero' #35

robert-scheck opened this issue May 28, 2022 · 4 comments
Assignees
@aperezdc
Labels
bug

Comments

@robert-scheck
Copy link
Contributor

Trying to build signify 31 for all active Fedora releases (and EPEL, for RHEL/CentOS 7, 8 and 9) fails like this:

[…]
gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection  -isystem /usr/include/bsd -DLIBBSD_OVERLAY  -Wall -Wno-pointer-sign -include compat.h  -c -o signify.o signify.c
signify.c: In function 'writekeyfile':
signify.c:249:9: warning: implicit declaration of function 'freezero' [-Wimplicit-function-declaration]
  249 |         freezero(header, strlen(header));
      |         ^~~~~~~~
gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -Wl,-dT,/builddir/build/BUILD/signify-31/.package_note-signify-31-1.fc37.x86_64.ld  -o signify crypto_api.o mod_ed25519.o mod_ge25519.o fe25519.o sc25519.o bcrypt_pbkdf.o timingsafe_bcmp.o blowfish.o base64.o sha2.o sha256hl.o sha512hl.o sha512_256hl.o signify.o zsig.o pledge_noop.o ohash.o -lbsd  
/usr/bin/ld: /tmp/cc1IXw05.ltrans0.ltrans.o: in function `writekeyfile.constprop.0':
/builddir/build/BUILD/signify-31/signify.c:249: undefined reference to `freezero'
collect2: error: ld returned 1 exit status
make: *** [Makefile:150: signify] Error 1

Yes, Fedora is still on libbsd 0.10.0 (if that's the reason), but the signify documentation still says "libbsd 0.8 or newer".
@aperezdc aperezdc added the bug label May 30, 2022
@aperezdc aperezdc self-assigned this May 30, 2022
@aperezdc
Copy link
Owner

@robert-scheck: Ouch, I see that freezero was added to libbsd after version 0.10, version 0.11.0 is the first one that includes the function, and I forgot to update the README to reflect this.

Would you consider building Signify with BUNDLED_LIBBSD=1? If you would rather not do that, let me know and I can try to arrange things to build the local copy of libbsd/freezero.c when the version of libbsd provided by the system is <0.11

@robert-scheck
Copy link
Contributor Author

Good question…using BUNDLED_LIBBSD=1 is likely the approach that the Fedora Packaging Guidelines enjoy the least. I've now asked the package maintainer about updating to libbsd 0.11.x on all active Fedora and EPEL branches.

@aperezdc
Copy link
Owner

@robert-scheck I do my fair share of packaging myself and I can empathize with not wanting to use bundled dependencies. Let's see if the update to 0.11.x can happen, but if that is not a good option, rest assured that before making you need to use BUNDLED_LIBBSD=1 I will be glad to make signify again buildable against 0.8.x.

FWIW, I reckon there is value in being able to produce a static signify binary easily from this source repository (e.g. using the Musl libc) without needing to manually build static libraries of external dependencies, which is the main reason why I keep here a copy of the few needed files from libbsd.

@robert-scheck
Copy link
Contributor Author

Given libbsd 0.11.x is finally on the way to all active Fedora and EPEL branches, fixing the documentation is good enough for me.

@robert-scheck robert-scheck mentioned this issue Jun 8, 2023
Merged
pld-gitsync pushed a commit to pld-linux/signify-openbsd that referenced this issue Jul 14, 2023
@jpalus
new
d18b61b 
- link patch that orders LDFLAGS correctly so there are no undefined
  symbols with --as-needed
- Makefile checks for libbsd >= 0.7, README claims dependency on
  libbsd >= 0.8 but in fact signify uses symbols from libbsd >= 0.11
  (freezero) see also: aperezdc/signify#35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aperezdc aperezdc

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aperezdc @robert-scheck