buildd file owner/group for shared libraries
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | debhelper (Debian) |
New
|
Unknown
|
||
| | debhelper (Ubuntu) |
Wishlist
|
Unassigned | ||
| | fakeroot (Ubuntu) |
Critical
|
Unassigned | ||
Bug Description
fakeroot with glibc broke dpkg-deb for packages that do not use "Rules-
binutils stopped preserving permissions from objcopy & strip, leading to incorrect permissions of files after stripping.
fakeroot is now patched with better glibc 2.33 support. TODO upstream changes.
binutils is not fixed, as upstream changes are still being discussed. Instead we have worked around objcopy/strip in debhelper to call those tools from dh_strip in a safe manner.
We also rebuilt binutils against glibc 2.32, to avoid this new behaviour. However, we need to resolve bintuils in a better way, one way or another.
--
the current state of -proposed creates deb packages with buildd file owner/group for shared libraries.
reported at least for kwayland-
$ dpkg -c kwayland-
-rw-r--r-- doko/doko 18984 2021-01-21 23:44 ./usr/lib/
-rw-r--r-- doko/doko 85392 2021-01-21 23:44 ./usr/lib/
-rw-r--r-- doko/doko 35536 2021-01-21 23:44 ./usr/lib/
- in a release pocket, rebuild binutils from proposed. correctly
restores the file ownership
- in a release pocket, update glibc from proposed. then rebuild
binutils from proposed. shows the wrong ownership
| Changed in glibc (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| Matthias Klose (doko) wrote : | #1 |
| affects: | glibc (Ubuntu) → fakeroot (Ubuntu) |
| Matthias Klose (doko) wrote : | #2 |
fakeroot needs an update for glibc-2.33, see
https:/
not just the build fix from
https://<email address hidden>
discussions of tools not preserving file ownership/
https:/
binutils discussion:
https:/
make the packaging helper more robust:
https:/
| Matthias Klose (doko) wrote : | #3 |
also why is the dh sequencer calling dh_fixperms before doing modifications on files (e.g. dh_strip)?
| Matthias Klose (doko) wrote : | #4 |
currently building binutils against the release pocket to mitigate the immediate issue
| Launchpad Janitor (janitor) wrote : | #5 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in binutils (Ubuntu): | |
| status: | New → Confirmed |
| Changed in debhelper (Ubuntu): | |
| status: | New → Confirmed |
| Changed in glibc (Ubuntu): | |
| status: | New → Confirmed |
| Changed in binutils (Ubuntu): | |
| importance: | Undecided → High |
| tags: | added: rls-hh-incoming |
| Alex Murray (alexmurray) wrote : | #8 |
This is currently affecting snapd 2.49+21.04 which is in hirsute-proposed - https:/
| Alex Murray (alexmurray) wrote : | #9 |
Oh I see - this was for shared libraries but I suspect it is also affecting setuid binaries as well?
| Alex Murray (alexmurray) wrote : | #10 |
$ dpkg -c snapd_2.
-rwxr-xr-x buildd/buildd 30952 2021-02-10 20:17 ./lib/systemd/
-rwxr-xr-x buildd/buildd 19558008 2021-02-10 20:17 ./usr/bin/snap
-rwxr-xr-x buildd/buildd 43304 2021-02-10 20:17 ./usr/bin/snapfuse
-rwxr-xr-x buildd/buildd 11012584 2021-02-10 20:17 ./usr/lib/
-rwsr-xr-x buildd/buildd 134216 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 35048 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 3086648 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 3352968 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 18664 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 18664 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 7602312 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 7566920 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 8760296 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 2530704 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 4535424 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 6447800 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 23371432 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 921504 2021-02-10 20:17 ./usr/lib/
-rwxr-xr-x buildd/buildd 22760 2021-02-10 20:17 ./usr/lib/
| Michael Vogt (mvo) wrote : | #11 |
Fwiw, mysql-8.0 is also affected:
$ dpkg -c libmysqlclient2
drwxr-xr-x buildd/buildd 0 2021-02-11 10:32 ./
[many more]
And some more:
$ dpkg -c libqt5xdg3_
-rw-r--r-- buildd/buildd 268440 2021-02-11 21:58 ./usr/lib/
But it seems to have stopped around Saturday, not sure if something was done on the buildds maybe?
| Dimitri John Ledkov (xnox) wrote : | #12 |
@mvo we know, we are tracing them all.
| Changed in fakeroot (Ubuntu): | |
| importance: | High → Critical |
| Matthias Klose (doko) wrote : | #13 |
that's the proposed patch to dh_strip to keep permissions and owners independent of strip/objcopy keeping these.
@xnox: To fill your list: https:/
| tags: | added: patch |
| Changed in glibc (Ubuntu): | |
| status: | Confirmed → Invalid |
| Changed in debhelper (Ubuntu): | |
| importance: | Undecided → Wishlist |
| Dimitri John Ledkov (xnox) wrote : | #15 |
fakeroot with glibc broke dpkg-deb for packages that do not use "Rules-
binutils stopped preserving permissions from objcopy & strip, leading to incorrect permissions of files after stripping.
fakeroot is now patched with better glibc 2.33 support. TODO upstream changes.
binutils is not fixed, as upstream changes are still being discussed. Instead we have worked around objcopy/strip in debhelper to call those tools from dh_strip in a safe manner.
We also rebuilt binutils against glibc 2.32, to avoid this new behaviour. However, we need to resolve bintuils in a better way, one way or another.
| description: | updated |
| Changed in debhelper (Ubuntu): | |
| status: | Confirmed → Fix Committed |
| Changed in fakeroot (Ubuntu): | |
| status: | Confirmed → Fix Committed |
| Changed in binutils (Ubuntu): | |
| status: | Confirmed → Invalid |
| no longer affects: | binutils (Ubuntu) |
| no longer affects: | glibc (Ubuntu) |
| Launchpad Janitor (janitor) wrote : | #16 |
This bug was fixed in the package debhelper - 13.3.3ubuntu2
---------------
debhelper (13.3.3ubuntu2) hirsute; urgency=medium
* objcopy/strip changed in 2.36.1, not keeping file attributes of the
original file. Work around that in dh_strip to write to a temporary
file and cat'ing this to the original file to keep the original attributes.
LP: #1915250.
The sequencer could also be changed to call dh_fixperms after calling
dh_strip, but that might introduces other issues. See #982457.
-- Matthias Klose <email address hidden> Tue, 16 Feb 2021 15:30:21 +0100
| Changed in debhelper (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #17 |
This bug was fixed in the package fakeroot - 1.25.3-1.1ubuntu2
---------------
fakeroot (1.25.3-1.1ubuntu2) hirsute; urgency=medium
* Fix riscv64.
* Enable testsuite on riscv64.
-- Dimitri John Ledkov <email address hidden> Wed, 17 Feb 2021 10:57:44 +0000
| Changed in fakeroot (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Changed in debhelper (Debian): | |
| status: | Unknown → New |
that's not seen for every package. ownership for most packages is correct. xz-utils in proposed is an example where things go wrong (on all architectures).