Ubuntu
nut package

Merge ~paelzer/ubuntu/+source/nut:artful-bug-1540008-udevd-name-changed into ~usd-import-team/ubuntu/+source/nut:ubuntu/devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/nut
  3. artful-bug-1540008-udevd-name-changed
  4. Merge into ubuntu/devel
Proposed by ChristianEhrhardt on 2017-08-16
Status: Merged
Merge reported by: Nish Aravamudan
Merged at revision: 5988ef43db83433c4ef38c9611b5cd67cc50e5cd
Proposed branch: ~paelzer/ubuntu/+source/nut:artful-bug-1540008-udevd-name-changed
Merge into: ~usd-import-team/ubuntu/+source/nut:ubuntu/devel
Diff against target: 112 lines (+65/-3)
5 files modified
debian/changelog (+16/-0)
debian/libnutclient0.symbols (+2/-2)
debian/nut-server.postinst (+1/-1)
debian/patches/fix-snmp-driver-compile-options.patch (+45/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Nish Aravamudan 2017-08-16 Approve on 2017-08-16
Review via email: mp+329119@code.launchpad.net

This proposal supersedes a proposal from 2017-08-09.

Description of the Change

This got some follow on fixes after our discussion.
Please pick up the tags and content from this branch to fix those.

To post a comment you must log in.
Nish Aravamudan (nacc) : Posted in a previous version of this proposal
review: Approve
Nish Aravamudan (nacc) wrote : Posted in a previous version of this proposal

Upload tagged and sponsored.

Nish Aravamudan (nacc) wrote : Posted in a previous version of this proposal

Note this failed to build in Artful. I think it is probably unrelated to your change, but related to gcc changes? Can you check it out?

ChristianEhrhardt (paelzer) wrote : Posted in a previous version of this proposal
Download full text (6.4 KiB)

Yeah since it is a postinst only change I doubt we affected the compilation with the upload.
Also it was building a week ago, so likely gcc7 as you expect, taking a look ...

View might first fall on:
al175.c:400:28: warning: ‘%2X’ directive output may be truncated writing between 2 and 4 bytes into a region of size between 3 and 5 [-Wformat-truncation=]

But that is only a warning due to:
-Wformat-truncation being default on -Wall now [1]

But the actual "break" are errors like:
/usr/bin/ld: al175.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC

Actually -fPIC was used on parts of the build pre and post gcc-7 as seen in the buildlogs [2] [3].
The root cause seems in a change that dropped the former:
"-fPIE"
options and replaced them with
-specs=/usr/share/dpkg/no-pie-compile.specs

Since no change was made to nut this likely is from the toolchain upgrade.
This is kind of inverse to what I knew - like [4] where it is about enabling pie.
Did we intentionally drop that - I don't think so?

When analyzing the build it seems there are two times hardning options.
- The first one got the no-pie spec
- And the second lost the -fPIE

--- old 2017-08-16 09:14:46.667114832 +0200
+++ new 2017-08-16 09:14:47.275115931 +0200
@@ -1,15 +1,15 @@
 gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -I../include -DNETSNMP_ENABLE_IPV6 -fno-strict-aliasing -g -O2 -fdebug-prefix-map=/build/net-snmp=.
-
+-specs=/usr/share/dpkg/no-pie-compile.specs
 -fstack-protector-strong -Wformat -Werror=format-security -DNETSNMP_USE_INLINE -Ulinux -Dlinux=linux -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/lib/x86_64-linux-gnu/perl/5.2 -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include -I/usr/include/neon -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=.
--fPIE
--fstack-protector-strong -Wformat -Werror=format-security -Wall -Wsign-compare -c -o al175.o al175.c
-/bin/bash ../libtool --tag=CC --mode=link gcc -I../include -DNETSNMP_ENABLE_IPV6 -fno-strict-aliasing -g -O2 -fdebug-prefix-map=/build/net-snmp=.

It almost seems to have two hardening entries one behaving one and one the other way.
I've found the source (form nut's POV) of both changes:
1. loosing -fPIE is the actual configure call changing from
CFLAGS="-g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fPIE -fstack-protector-strong [...]
to
CFLAGS="-g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong [...]
This can be checked when comparing zesty with artful calling:
$ DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags --get CFLAGS
(Lets assume for now it is dropped because it is considered default anyway?)

2. gaining the no-pie spec is from net-snmp by configure
checking for Net-SNMP cflags... [...] -specs=/usr/share/dpkg/no-pie-compile.specs [...]
checking for Net-SNMP libs... [...] -specs=/usr/share/dpkg/no-pie-compile.specs [...]
While in the past this was without pie reference at all.

The options of #2 come later than #1 and so even if #1 would have -fPIE it would be disabled again.
The real source for the change ...

Read more...

ChristianEhrhardt (paelzer) wrote : Posted in a previous version of this proposal

Ok, I rechecked an all arch build on top of all I did and it is good now.
@nacc - please review the extra changes and upload the new version if you agree.

ChristianEhrhardt (paelzer) wrote : Posted in a previous version of this proposal

Ah I see you merged this already - do you want/need a new MP or should we operate on this one reopening it?

Nish Aravamudan (nacc) wrote : Posted in a previous version of this proposal

If you send a new one, based upon your current one, the history will work correctly (as I've already pushed your ubuntu3 as a upload tag and dputted). So propose a new ubuntu4, please.

Nish Aravamudan (nacc) :
review: Approve
Nish Aravamudan (nacc) wrote :

Upload tagged and sponsored.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 2cbaf23..e92c04e 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,19 @@
6+nut (2.7.4-5ubuntu4) artful; urgency=medium
7+
8+ * d/p/fix-snmp-driver-compile-options.patch: fix cflags/ldflags
9+ mismatch (LP: #1711092).
10+ * d/libnutclient0.symbols: fix symbols in regard to gcc-7 (LP: #1711091).
11+
12+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 16 Aug 2017 12:44:26 +0200
13+
14+nut (2.7.4-5ubuntu3) artful; urgency=medium
15+
16+ * debian/nut-server.postinst: The udevd process is called systemd-udevd
17+ for quite sometimes already, properly detect whether it's running or not,
18+ this should fix the devices permissions for USB UPS's (LP: #1540008).
19+
20+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 Aug 2017 10:16:38 +0200
21+
22 nut (2.7.4-5ubuntu2) zesty; urgency=medium
23
24 * debian/libnutclient0.symbols: Correct symbols file for ppc64el.
25diff --git a/debian/libnutclient0.symbols b/debian/libnutclient0.symbols
26index 48a4c4b..bc4dc8f 100644
27--- a/debian/libnutclient0.symbols
28+++ b/debian/libnutclient0.symbols
29@@ -187,8 +187,8 @@ libnutclient.so.0 libnutclient0 #MINVER#
30 (c++)"typeinfo name for nut::TcpClient@Base" 2.7.3
31 (c++)"typeinfo name for nut::TimeoutException@Base" 2.7.3
32 (c++)"typeinfo name for nut::UnknownHostException@Base" 2.7.3
33- (c++)"void std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_emplace_back_aux<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@Base" 2.7.3
34- (c++)"void std::vector<std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::allocator<std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >::_M_emplace_back_aux<std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&&)@Base" 2.7.3
35+ _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRKS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_@Base 2.7.4
36+ _ZNSt6vectorIS_INSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EESaIS7_EE17_M_realloc_insertIJS7_EEEvN9__gnu_cxx17__normal_iteratorIPS7_S9_EEDpOT_@Base 2.7.4
37 (c++)"vtable for nut::Client@Base" 2.7.3
38 (c++)"vtable for nut::IOException@Base" 2.7.3
39 (c++)"vtable for nut::NotConnectedException@Base" 2.7.3
40diff --git a/debian/nut-server.postinst b/debian/nut-server.postinst
41index 7af7af9..8a152d2 100644
42--- a/debian/nut-server.postinst
43+++ b/debian/nut-server.postinst
44@@ -62,7 +62,7 @@ case "$1" in
45 fi
46
47 # ask udev to check for new udev rules
48- [ -x /etc/init.d/udev ] && pidof udevd > /dev/null \
49+ [ -x /etc/init.d/udev ] && pidof systemd-udevd > /dev/null \
50 && udevadm trigger --subsystem-match=usb --action=change
51
52 # 557178 udevadm trigger --subsystem-match=usb
53diff --git a/debian/patches/fix-snmp-driver-compile-options.patch b/debian/patches/fix-snmp-driver-compile-options.patch
54new file mode 100644
55index 0000000..4a97f7e
56--- /dev/null
57+++ b/debian/patches/fix-snmp-driver-compile-options.patch
58@@ -0,0 +1,45 @@
59+Description: fix snmp driver cflags/ldflags mismatch
60+
61+There are a few cflags/ldflags which need to be symetric and -fPIE
62+is one of them.
63+Due to the change of PIE now being default it is no more generated
64+into CFLAGS. Instead if disabled it adds a spec file to disable
65+ -specs=/usr/share/dpkg/no-pie-compile.specs, but that needs to go
66+in sync with no-pie-link.specs on the link step which it doesn't.
67+
68+This was due to
69+"# Avoid per-target CFLAGS, because this will preventre-use of object
70+# files. In any case, CFLAGS are only -I options, so there is no harm,
71+# but only add them if we really use the target.
72+AM_CFLAGS = -I$(top_srcdir)/include $(am__append_1) $(am__append_2) \
73+ $(am__append_3) $(am__append_4) $(am__append_5)"
74+
75+But obviously that now is an issue and a fix was created to only add
76+the snmp cflags to the right target (as it was already done for other
77+drivers like nutdrv_qx)
78+
79+Forwarded: yes (https://github.com/networkupstools/nut/issues/463)
80+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
81+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1711092
82+Last-Update: 2017-08-16
83+--- a/drivers/Makefile.am
84++++ b/drivers/Makefile.am
85+@@ -16,9 +16,6 @@
86+ if WITH_USB
87+ AM_CFLAGS += $(LIBUSB_CFLAGS)
88+ endif
89+-if WITH_SNMP
90+- AM_CFLAGS += $(LIBNETSNMP_CFLAGS)
91+-endif
92+ if WITH_NEON
93+ AM_CFLAGS += $(LIBNEON_CFLAGS)
94+ endif
95+@@ -202,6 +199,8 @@
96+ ietf-mib.c mge-mib.c netvision-mib.c powerware-mib.c raritan-pdu-mib.c \
97+ bestpower-mib.c cyberpower-mib.c delta_ups-mib.c xppc-mib.c huawei-mib.c \
98+ eaton-ats-mib.c apc-ats-mib.c
99++snmp_ups_CFLAGS = $(AM_CFLAGS)
100++snmp_ups_CFLAGS += $(LIBNETSNMP_CFLAGS)
101+ snmp_ups_LDADD = $(LDADD_DRIVERS) $(LIBNETSNMP_LIBS)
102+
103+ # NEON XML/HTTP
104diff --git a/debian/patches/series b/debian/patches/series
105index 0b7915d..e8f1403 100644
106--- a/debian/patches/series
107+++ b/debian/patches/series
108@@ -4,3 +4,4 @@
109 0006-ups-conf-maxretry.patch
110 0008-drop-w3c-icons.patch
111 0009-fix-nutshutdown-install.patch
112+fix-snmp-driver-compile-options.patch

Subscribers

People subscribed via source and target branches