signify icon indicating copy to clipboard operation
signify copied to clipboard

Published 20 hours ago verified publisher icon aperezdc

signify-31/signify.c:249: undefined reference to `freezero'

Open robert-scheck opened this issue 3 years ago • 4 comments

Trying to build signify 31 for all active Fedora releases (and EPEL, for RHEL/CentOS 7, 8 and 9) fails like this:

[…]
gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection  -isystem /usr/include/bsd -DLIBBSD_OVERLAY  -Wall -Wno-pointer-sign -include compat.h  -c -o signify.o signify.c
signify.c: In function 'writekeyfile':
signify.c:249:9: warning: implicit declaration of function 'freezero' [-Wimplicit-function-declaration]
  249 |         freezero(header, strlen(header));
      |         ^~~~~~~~
gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -Wl,-dT,/builddir/build/BUILD/signify-31/.package_note-signify-31-1.fc37.x86_64.ld  -o signify crypto_api.o mod_ed25519.o mod_ge25519.o fe25519.o sc25519.o bcrypt_pbkdf.o timingsafe_bcmp.o blowfish.o base64.o sha2.o sha256hl.o sha512hl.o sha512_256hl.o signify.o zsig.o pledge_noop.o ohash.o -lbsd  
/usr/bin/ld: /tmp/cc1IXw05.ltrans0.ltrans.o: in function `writekeyfile.constprop.0':
/builddir/build/BUILD/signify-31/signify.c:249: undefined reference to `freezero'
collect2: error: ld returned 1 exit status
make: *** [Makefile:150: signify] Error 1

Yes, Fedora is still on libbsd 0.10.0 (if that's the reason), but the signify documentation still says "libbsd 0.8 or newer".

robert-scheck avatar May 28 '22 23:05 robert-scheck

@robert-scheck: Ouch, I see that freezero was added to libbsd after version 0.10, version 0.11.0 is the first one that includes the function, and I forgot to update the README to reflect this.

Would you consider building Signify with BUNDLED_LIBBSD=1? If you would rather not do that, let me know and I can try to arrange things to build the local copy of libbsd/freezero.c when the version of libbsd provided by the system is <0.11

aperezdc avatar May 30 '22 08:05 aperezdc

Good question…using BUNDLED_LIBBSD=1 is likely the approach that the Fedora Packaging Guidelines enjoy the least. I've now asked the package maintainer about updating to libbsd 0.11.x on all active Fedora and EPEL branches.

robert-scheck avatar May 30 '22 18:05 robert-scheck

@robert-scheck I do my fair share of packaging myself and I can empathize with not wanting to use bundled dependencies. Let's see if the update to 0.11.x can happen, but if that is not a good option, rest assured that before making you need to use BUNDLED_LIBBSD=1 I will be glad to make signify again buildable against 0.8.x.

FWIW, I reckon there is value in being able to produce a static signify binary easily from this source repository (e.g. using the Musl libc) without needing to manually build static libraries of external dependencies, which is the main reason why I keep here a copy of the few needed files from libbsd.

aperezdc avatar May 30 '22 21:05 aperezdc

Given libbsd 0.11.x is finally on the way to all active Fedora and EPEL branches, fixing the documentation is good enough for me.

robert-scheck avatar Nov 24 '22 00:11 robert-scheck