search

aperezdc / signify

OpenBSD tool to sign and verify signatures on files. Portable version.
ISC License
272 stars 16 forks source link

signify-31/signify.c:249: undefined reference to `freezero' #35

Open robert-scheck opened 2 years ago

robert-scheck commented 2 years ago

Trying to build signify 31 for all active Fedora releases (and EPEL, for RHEL/CentOS 7, 8 and 9) fails like this:

[…]
gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection  -isystem /usr/include/bsd -DLIBBSD_OVERLAY  -Wall -Wno-pointer-sign -include compat.h  -c -o signify.o signify.c
signify.c: In function 'writekeyfile':
signify.c:249:9: warning: implicit declaration of function 'freezero' [-Wimplicit-function-declaration]
  249 |         freezero(header, strlen(header));
      |         ^~~~~~~~
gcc -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -Wl,-dT,/builddir/build/BUILD/signify-31/.package_note-signify-31-1.fc37.x86_64.ld  -o signify crypto_api.o mod_ed25519.o mod_ge25519.o fe25519.o sc25519.o bcrypt_pbkdf.o timingsafe_bcmp.o blowfish.o base64.o sha2.o sha256hl.o sha512hl.o sha512_256hl.o signify.o zsig.o pledge_noop.o ohash.o -lbsd  
/usr/bin/ld: /tmp/cc1IXw05.ltrans0.ltrans.o: in function `writekeyfile.constprop.0':
/builddir/build/BUILD/signify-31/signify.c:249: undefined reference to `freezero'
collect2: error: ld returned 1 exit status
make: *** [Makefile:150: signify] Error 1

Yes, Fedora is still on libbsd 0.10.0 (if that's the reason), but the signify documentation still says "libbsd 0.8 or newer".

aperezdc commented 2 years ago

@robert-scheck: Ouch, I see that freezero was added to libbsd after version 0.10, version 0.11.0 is the first one that includes the function, and I forgot to update the README to reflect this.

Would you consider building Signify with BUNDLED_LIBBSD=1? If you would rather not do that, let me know and I can try to arrange things to build the local copy of libbsd/freezero.c when the version of libbsd provided by the system is <0.11

robert-scheck commented 2 years ago

Good question…using BUNDLED_LIBBSD=1 is likely the approach that the Fedora Packaging Guidelines enjoy the least. I've now asked the package maintainer about updating to libbsd 0.11.x on all active Fedora and EPEL branches.

aperezdc commented 2 years ago

@robert-scheck I do my fair share of packaging myself and I can empathize with not wanting to use bundled dependencies. Let's see if the update to 0.11.x can happen, but if that is not a good option, rest assured that before making you need to use BUNDLED_LIBBSD=1 I will be glad to make signify again buildable against 0.8.x.

FWIW, I reckon there is value in being able to produce a static signify binary easily from this source repository (e.g. using the Musl libc) without needing to manually build static libraries of external dependencies, which is the main reason why I keep here a copy of the few needed files from libbsd.

robert-scheck commented 1 year ago

Given libbsd 0.11.x is finally on the way to all active Fedora and EPEL branches, fixing the documentation is good enough for me.