Bug#583387: closed by Bastian Blank <waldi at debian.org> (Re: Bug#583387: no longer shipping static libraries causes cryptsetup FTBFS)

Jonas Meurer jonas at freesources.org
Thu May 27 17:13:01 UTC 2010 

hey,

On 27/05/2010 Bastian Blank wrote:
> On Thu, May 27, 2010 at 04:00:59PM +0200, Jonas Meurer wrote:
> > cryptsetup staticly links against libdevmapper,
> 
> This is not allowed under normal circumstances. Does the security team
> know about?
> 
> >                                                 as the library is
> > located in /usr/lib, and cryptsetup needs to be invoked before /usr is
> > mounted. please either bring brack the static library, or move the
> > dynamic library to /lib.
> 
> Please show evidence for this behaviour. Both lvm2 and dmsetup uses this
> library and works fine without /usr available and all the versions I
> know have the lib in /lib.
> 
> Closing as no bug.

sorry, you're right. cryptsetup doesn't even link staticly against
devmapper libraries, it only does so for libgcrypt and libgpg-error.
security team is aware of that.

but still the most recent update of libdevmapper broke cryptsetup build.
see the build logs at https://buildd.debian.org/pkg.cgi?pkg=cryptsetup:

make[3]: Entering directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1/src'
gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../lib -DDATADIR=\""/usr/share"\" -DLOCALEDIR=\""/usr/share/locale"\" -DLIBDIR=\""/usr/lib"\" -DPREFIX=\""/usr"\" -DSYSCONFDIR=\""/usr/etc"\" -DVERSION=\""1.1.1"\" -D_GNU_SOURCE   -Wall -Wall -g -O2 -MT cryptsetup-cryptsetup.o -MD -MP -MF .deps/cryptsetup-cryptsetup.Tpo -c -o cryptsetup-cryptsetup.o `test -f 'cryptsetup.c' || echo './'`cryptsetup.c
mv -f .deps/cryptsetup-cryptsetup.Tpo .deps/cryptsetup-cryptsetup.Po
/bin/sh ../libtool --tag=CC   --mode=link gcc -Wall -Wall -g -O2 -all-static  -o cryptsetup cryptsetup-cryptsetup.o ../lib/libcryptsetup.la -lgcrypt -lgpg-error -lselinux -lsepol  -lpopt  
libtool: link: gcc -Wall -Wall -g -O2 -static -o cryptsetup cryptsetup-cryptsetup.o  ../lib/.libs/libcryptsetup.a -luuid -L/lib -ldevmapper -lpthread /usr/lib/libgcrypt.a /usr/lib/libgpg-error.a -lselinux -lsepol /usr/lib/libpopt.a
/usr/bin/ld: cannot find -ldevmapper
collect2: ld returned 1 exit status
make[3]: *** [cryptsetup] Error 1
make[3]: Leaving directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1'
make: *** [build-stamp] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2

i can reproduce this bug with libdevmapper-dev 2:1.02.47-1.

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-lvm-maintainers/attachments/20100527/18be4b9f/attachment.pgp>

More information about the pkg-lvm-maintainers mailing list