On Tue, 25 Feb 2025 11:27:36 +0100 Yves-Alexis Perez <cor...@debian.org> wrote:
On Tue, Feb 25, 2025 at 11:26:58AM +0100, Yves-Alexis Perez wrote:
> On Tue, Feb 25, 2025 at 11:13:40AM +0100, Yves-Alexis Perez wrote:
> > On Tue, Feb 25, 2025 at 10:03:37AM +0000, Luca Boccassi wrote:
> > > On Tue, 25 Feb 2025 at 09:57, Yves-Alexis Perez <cor...@debian.org> wrote:
> > > Would you be able to provide a patch that fixes them?
> >
> > Unfortunately no, but I only discovered the bug today while trying to
> > use KeyTool.efi and not finding it. Is upstream aware of the issue?
>
> So I did a quick test by reverting the changes to the Makefile disabling
> the EFI binaries build and it *seems* to actually work just fine, at
> least here on my box.
>
> It's really a smoke test but I'm not sure how well the Ubuntu changes
> have been checked. It seems to me they did a lot of work to fix the
> FTBFS but the "stop building EFI binaries" might be unrelated.
Here's the (trivial) patch I used.
--
Yves-Alexis Perez
Hello, I took your patch to simplify the other one coming from Ubuntu.
I also did some test in ppa, and the reason for the build to fail in Ubuntu
was a missing symbol related to stack guards during build.
I disabled stack-protector and uploaded in sid, now we should have everything
back!
cheers,
Gianfranco
diff -Nru efitools-1.9.2/debian/changelog efitools-1.9.2/debian/changelog
--- efitools-1.9.2/debian/changelog 2025-02-24 23:19:32.000000000 +0100
+++ efitools-1.9.2/debian/changelog 2025-03-12 21:35:47.000000000 +0100
@@ -1,3 +1,16 @@
+efitools (1.9.2-3.3) unstable; urgency=medium
+
+ [ Gianfranco Costamagna ]
+ * Non-maintainer upload.
+ * Tweak Yves patch to actually elide fix-ftbfs-lp2083030.patch
+ * Add patch to force no-stack-protector, fixing build failure where it is
+ enabled
+
+ [ Yves-Alexis Perez <cor...@debian.org> ]
+ * revert not building files (Closes: #1069410)
+
+ -- Gianfranco Costamagna <locutusofb...@debian.org> Wed, 12 Mar 2025
21:35:47 +0100
+
efitools (1.9.2-3.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru efitools-1.9.2/debian/patches/fix-build-stack-protector.patch
efitools-1.9.2/debian/patches/fix-build-stack-protector.patch
--- efitools-1.9.2/debian/patches/fix-build-stack-protector.patch
1970-01-01 01:00:00.000000000 +0100
+++ efitools-1.9.2/debian/patches/fix-build-stack-protector.patch
2025-03-12 21:35:47.000000000 +0100
@@ -0,0 +1,29 @@
+Description: Make sure stack-protector is disabled, it breaks builds
+
+cc -o cert-to-efi-sig-list cert-to-efi-sig-list.o -g -O3
-Werror=implicit-function-declaration -fno-omit-frame-pointer
-mno-omit-leaf-frame-pointer -ffile-prefix-map=/efitools-1.9.2=. -flto=auto
-ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat
-Werror=format-security -fcf-protection
-fdebug-prefix-map=/efitools-1.9.2=/usr/src/efitools-1.9.2-3.3ubuntu5
-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now
lib/lib.a -lcrypto
+# check we have no undefined symbols
+nm -D HelloWorld.so | grep ' U ' && exit 1 || exit 0
+ U __stack_chk_fail
+make[1]: *** [Make.rules:79: HelloWorld.so] Error 1
+rm KeyTool.o DB1.crt ShimReplace.o ReadVars.o SetNull.o HelloWorld.o
UpdateVars.o HashTool.o Loader.o DB2.crt
+make[1]: Leaving directory '/efitools-1.9.2'
+dh_auto_build: error: make -j4 "INSTALL=install --strip-program=true" returned
exit code 2
+make: *** [debian/rules:13: binary] Error 2
+dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
+root@Unimatrix04-Noble:/efitools-1.9.2# nm -D HelloWorld.so | grep ' U '
+ U __stack_chk_fail
+
+Author: Gianfranco Costamagna <locutusofb...@debian.org>
+Last-Update: 2025-03-12
+
+--- efitools-1.9.2.orig/Make.rules
++++ efitools-1.9.2/Make.rules
+@@ -19,7 +19,7 @@ $(error unknown architecture $(ARCH))
+ endif
+ INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi
-I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
+ CPPFLAGS = -DCONFIG_$(ARCH)
+-CFLAGS = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar
-fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700
++CFLAGS = -O2 -g $(ARCH3264) -fno-stack-protector -fpic -Wall
-fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700
+ LDFLAGS = -nostdlib
+ CRTOBJ = crt0-efi-$(ARCH).o
+ CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64
/usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi
diff -Nru efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch
efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch
--- efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch 2025-02-24
23:19:27.000000000 +0100
+++ efitools-1.9.2/debian/patches/fix-ftbfs-lp2083030.patch 2025-03-12
21:35:47.000000000 +0100
@@ -12,7 +12,7 @@
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/Make.rules
+++ b/Make.rules
-@@ -17,7 +17,7 @@
+@@ -19,7 +19,7 @@
endif
INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi
-I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
CPPFLAGS = -DCONFIG_$(ARCH)
@@ -219,22 +219,3 @@
} oid_t;
extern const oid_t oid_names[];
---- a/Makefile
-+++ b/Makefile
-@@ -30,15 +30,13 @@
-
- EFISIGNED = $(patsubst %.efi,%-signed.efi,$(EFIFILES))
-
--all: $(EFISIGNED) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
-+all: $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
- $(KEYUPDATEAUTH) $(KEYBLACKLISTAUTH) $(KEYHASHBLACKLISTAUTH)
-
-
- install: all
- $(INSTALL) -m 755 -d $(MANDIR)
- $(INSTALL) -m 644 $(MANPAGES) $(MANDIR)
-- $(INSTALL) -m 755 -d $(EFIDIR)
-- $(INSTALL) -m 755 $(EFIFILES) $(EFIDIR)
- $(INSTALL) -m 755 -d $(BINDIR)
- $(INSTALL) -m 755 $(BINARIES) $(BINDIR)
- $(INSTALL) -m 755 mkusb.sh $(BINDIR)/efitool-mkusb
