search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.65k stars 556 forks source link

build: failure due to invalid --date option (ChromeOS) #6403

Closed Zopolis4 closed 1 month ago

Zopolis4 commented 1 month ago 
make[1]: Entering directory '/usr/local/tmp/crew/firejail.20240711052527.dir/src/libpostexecseccomp'
x86_64-cros-linux-gnu-gcc -ggdb  -O2 -DVERSION='"0.9.72"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fPIC -O2 -pipe -ffat-lto-objects -fPIC  -fuse-ld=mold  -flto=auto  -c libpostexecseccomp.c -o libpostexecseccomp.o
x86_64-cros-linux-gnu-gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -flto=auto  -o libpostexecseccomp.so libpostexecseccomp.o  -ldl
make[1]: Leaving directory '/usr/local/tmp/crew/firejail.20240711052527.dir/src/libpostexecseccomp'
make -C src/libtrace/
make[1]: Entering directory '/usr/local/tmp/crew/firejail.20240711052527.dir/src/libtrace'
x86_64-cros-linux-gnu-gcc -ggdb  -O2 -DVERSION='"0.9.72"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fPIC -O2 -pipe -ffat-lto-objects -fPIC  -fuse-ld=mold  -flto=auto  -c libtrace.c -o libtrace.o
x86_64-cros-linux-gnu-gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -flto=auto  -o libtrace.so libtrace.o  -ldl
make[1]: Leaving directory '/usr/local/tmp/crew/firejail.20240711052527.dir/src/libtrace'
make -C src/libtracelog/
make[1]: Entering directory '/usr/local/tmp/crew/firejail.20240711052527.dir/src/libtracelog'
x86_64-cros-linux-gnu-gcc -ggdb  -O2 -DVERSION='"0.9.72"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fPIC -O2 -pipe -ffat-lto-objects -fPIC  -fuse-ld=mold  -flto=auto  -c libtracelog.c -o libtracelog.o
x86_64-cros-linux-gnu-gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -flto=auto  -o libtracelog.so libtracelog.o  -ldl
make[1]: Leaving directory '/usr/local/tmp/crew/firejail.20240711052527.dir/src/libtracelog'
./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- '-'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1

Steps to Reproduce

Checked out from version 0.9.72.

Configured with CFLAGS="-O2 -pipe -ffat-lto-objects -fPIC -fuse-ld=mold -flto=auto" CXXFLAGS="-O2 -pipe -ffat-lto-objects -fPIC -fuse-ld=mold -flto=auto" FCFLAGS="-O2 -pipe -ffat-lto-objects -fPIC -fuse-ld=mold -flto=auto" FFLAGS="-O2 -pipe -ffat-lto-objects -fPIC -fuse-ld=mold -flto=auto" LD_LIBRARY_PATH="/usr/local/lib64" LDFLAGS="-flto=auto " ./configure --prefix=/usr/local --libdir=/usr/local/lib64 --mandir=/usr/local/share/man --disable-dependency-tracking --build=x86_64-cros-linux-gnu --host=x86_64-cros-linux-gnu --target=x86_64-cros-linux-gnu --program-prefix='' --program-suffix=''

Environment

Docker container satmandu/crewbuild:amd64.

kmk3 commented 1 month ago

Docker container satmandu/crewbuild:amd64.

What is the distribution and version?

./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- '-'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1

What date version is this?

Which package provides it?

Does it work with the following patch?

diff --git a/mkman.sh b/mkman.sh
--- a/mkman.sh
+++ b/mkman.sh
@@ -6,7 +6,7 @@
 set -e

 sed "s/VERSION/$1/g" "$2" > "$3"
-MONTH="$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%b)"
+MONTH="$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%b)"
 sed -i "s/MONTH/$MONTH/g" "$3"
-YEAR="$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y)"
+YEAR="$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y)"
 sed -i "s/YEAR/$YEAR/g" "$3"
Zopolis4 commented 1 month ago

What is the distribution and version?

ChromeOS M125, with chromebrew as the package manager.

What date version is this?

Unsure:

chronos@9cc6cef1e4a4 ~> date -v
date: invalid option -- 'v'
date: usage: date [-u] [-c] [-r seconds] [+format]
chronos@9cc6cef1e4a4 ~ [1]> date --version
date: invalid option -- '-'
date: usage: date [-u] [-c] [-r seconds] [+format]
chronos@9cc6cef1e4a4 ~ [1]> readelf -V /usr/local/bin/date

No version information found in this file.

Which package provides it?

zoneinfo (version 2024a)

Does it work with the following patch?

No:

make[1]: Leaving directory '/home/chronos/user/firejail/src/libtrace'
make -C src/libtracelog/
make[1]: Entering directory '/home/chronos/user/firejail/src/libtracelog'
x86_64-cros-linux-gnu-gcc -ggdb  -O2 -DVERSION='"0.9.72"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fPIC -O2 -pipe -ffat-lto-objects -fPIC  -fuse-ld=mold  -flto=auto  -c libtracelog.c -o libtracelog.o
x86_64-cros-linux-gnu-gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -flto=auto  -o libtracelog.so libtracelog.o  -ldl
make[1]: Leaving directory '/home/chronos/user/firejail/src/libtracelog'
./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- 'd'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1
kmk3 commented 1 month ago

Does it work with the following patch?

No:

make[1]: Leaving directory '/home/chronos/user/firejail/src/libtrace'
make -C src/libtracelog/
make[1]: Entering directory '/home/chronos/user/firejail/src/libtracelog'
x86_64-cros-linux-gnu-gcc -ggdb  -O2 -DVERSION='"0.9.72"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -fPIC -O2 -pipe -ffat-lto-objects -fPIC  -fuse-ld=mold  -flto=auto  -c libtracelog.c -o libtracelog.o
x86_64-cros-linux-gnu-gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -flto=auto  -o libtracelog.so libtracelog.o  -ldl
make[1]: Leaving directory '/home/chronos/user/firejail/src/libtracelog'
./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- 'd'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1

Hmm that's unfortunate, but -d / --date is not POSIX and seems to be there just to support using SOURCE_DATE_EPOCH anyway.

I suppose that we could try to detect and only use -d if it is supported.

If you just remove the --date="@${SOURCE_DATE_EPOCH:-$(date +%s)} arguments, does it work?

Zopolis4 commented 1 month ago

If you just remove the --date="@${SOURCE_DATE_EPOCH:-$(date +%s)} arguments, does it work?

Assuming you mean this, then yes, that works.

diff --git a/mkman.sh b/mkman.sh
index 79ad16252..bf9ea74db 100755
--- a/mkman.sh
+++ b/mkman.sh
@@ -6,7 +6,7 @@
 set -e

 sed "s/VERSION/$1/g" "$2" > "$3"
-MONTH="$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%b)"
+MONTH="$(LC_ALL=C date -u +%b)"
 sed -i "s/MONTH/$MONTH/g" "$3"
-YEAR="$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y)"
+YEAR="$(LC_ALL=C date -u +%Y)"
 sed -i "s/YEAR/$YEAR/g" "$3"
kmk3 commented 1 month ago

If you just remove the --date="@${SOURCE_DATE_EPOCH:-$(date +%s)} arguments, does it work?

Assuming you mean this, then yes, that works.

diff --git a/mkman.sh b/mkman.sh
index 79ad16252..bf9ea74db 100755
--- a/mkman.sh
+++ b/mkman.sh
@@ -6,7 +6,7 @@
 set -e

 sed "s/VERSION/$1/g" "$2" > "$3"
-MONTH="$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%b)"
+MONTH="$(LC_ALL=C date -u +%b)"
 sed -i "s/MONTH/$MONTH/g" "$3"
-YEAR="$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y)"
+YEAR="$(LC_ALL=C date -u +%Y)"
 sed -i "s/YEAR/$YEAR/g" "$3"

Alright, should be fixed by #6404.

For clarity, is this date program installed by default on ChromeOS or is it from chromebrew?

Also, I think that this is the first bug report involving ChromeOS, so congratulations :)

Out of curiosity, does firejail work well on ChromeOS?

Zopolis4 commented 1 month ago

Ok, so I looked at this a little further-- /bin/date is provided by ChromeOS itself, and that works.

/usr/local/bin/date, which is used by default, is provided by zoneinfo via chromebrew, and does not work.

I'll try and track down if this is a chromebrew issue or a zoneinfo issue.

Zopolis4 commented 1 month ago

Looking at https://reproducible-builds.org/docs/source-date-epoch/, it seems the problem is that the date from zoneinfo is being used instead of the one from coreutils, busybox or uutils. Given that, I'm not sure whether this issue actually merits a fix, or if its just an incorrect environment.

Zopolis4 commented 1 month ago

I suppose it is a matter of maintaining POSIX compatibility or not, even though the issue could be resolved by using a different date command.