greenbone
openvas-scanner errors out at compilation in Arch GNU/Linux
OS: Arch GNU/Linux Medium: AUR package Doc: Follow the Arch wiki I have read and did not find anything related before posting this. also posted here: https://aur.archlinux.org/packages/openvas-scanner
openvas-scanner will not compile :(
-- Found Doxygen: /usr/bin/doxygen (found version "1.12.0") found components: doxygen missing components: dot
-- Configuring done (0.8s)
-- Generating done (0.0s)
-- Build files have been written to: /home/rek2/.cache/paru/clone/openvas-scanner/src/build
make: Entering directory '/home/rek2/.cache/paru/clone/openvas-scanner/src/build'
[ 1%] Building C object misc/CMakeFiles/openvas_misc_shared.dir/bpf_share.c.o
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
make[2]: *** [misc/CMakeFiles/openvas_misc_shared.dir/build.make:76: misc/CMakeFiles/openvas_misc_shared.dir/bpf_share.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:229: misc/CMakeFiles/openvas_misc_shared.dir/all] Error 2
make: *** [Makefile:166: all] Error 2
make: Leaving directory '/home/rek2/.cache/paru/clone/openvas-scanner/src/build'
==> ERROR: A failure occurred in build().
Aborting...
error: failed to build 'openvas-scanner-23.8.5-2':
error: packages failed to build: openvas-scanner-23.8.5-2
I did this manually as well with out using the AUR package and same issue. make -C build
Sorry if this is not the right place, looks like a bug on dependencies or versions
Hi @r3k2 It seems it is fixed and working now. https://aur.archlinux.org/packages/openvas-scanner#comment-989338 Please, close the issue if it is working for you as well. Best regards
@jjnicola Hello, thank you. Yes I saw today, I got out of work a bit earlier and have re-tried with no luck.. :( same error, I deleted the old cache package to force "paru" to repull the source code. :man_shrugging: :crying_cat_face:
I did a bit of research and found out, that we set the FORTIFY_SOURCE to 2 (https://github.com/greenbone/openvas-scanner/blob/main/CMakeLists.txt#L204), which can cause errors, when a user sets this flag to an higher level than 2. As I find out, some compilers set this flag internally, which can cause such errors. Maybe it would help to check, if a higher level is set by the user, like nextcloud did: https://github.com/nextcloud/desktop/pull/4703/files. But as I am not an expert in such cases I am not sure about any side effects this could have.
@Kraemii you nail it!, indeed by default my /etc/makepkg.conf has -D_FORTIFY_SOURCE=3 I am sure I did not modify this file this is the rest of the file in case it helps attached.(hmm says that file type is not supported..to attach sorry)
Hi @r3k2, sorry for the late answer. Did you install openvas-smb before? This should solve the issue here.
Hello @Kraemii no I did not I am following this in the Arch wiki and it mentions no openvas-smb :( https://wiki.archlinux.org/title/OpenVAS I guess I need to tell the current maintainer of the packages to also package openvas-smb :man_shrugging: I will point him to this issue. Thank you! @Kraemii
Ah ok, openvas-smb is not absolutely needed for openvas. It is a module for scanning windows systems. If it is not installed it's functionality is replaced by dummy functions, which seem to cause problems for your compiler. Sorry for the confusion here. They are just warnings, but it seems your compiler is treating warnings as errors. You should also be able to disable this setting, by either changing the cmake command when building from source (https://stackoverflow.com/questions/73215417/cmake-treat-warnings-as-errors) or when calling gcc (https://stackoverflow.com/questions/11561261/how-can-i-compile-without-warnings-being-treated-as-errors)
Hello @Kraemii thanks for the clarification, but now I wonder after I have traid to compile openvas-smb and failed because it required older libs, will the kerberos/smb-samba tests will not be fully run as they are supposed to? :thinking:
@Kraemii this is the flags that get passed by default on the whole system I only see one -Werror= <-- si is not on all cases
#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection \
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
-Wl,-z,pack-relative-relocs"
LTOFLAGS="-flto=auto"
RUSTFLAGS="-Cforce-frame-pointers=yes"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
DEBUG_RUSTFLAGS="-C debuginfo=2"
#
NOTE: I changed fortify to 2 for the reason of the original post in this ticket but it was 4-5 I believe
@Kraemii you nail it!, indeed by default my /etc/makepkg.conf has -D_FORTIFY_SOURCE=3 I am sure I did not modify this file this is the rest of the file in case it helps attached.(hmm says that file type is not supported..to attach sorry)
Only after the pacman 7.0 update I noticed I had a .pacnew around from before, where Arch switched per default to FORTIFY_SOURCE 3 . Therefore no wonder I couldn't reproduce the issue of the author :D I will look into working it around for the PKGBUILD, but on the long run it would be nice if such a thing wasn't needed :)
Edit: Done with stripping -Werror. Warnings on a rolling release distribution are likely and shouldn't necessarily cause the build to fail.
Builds for me on FORTIFY_SOURCE=3
