Description of problem: ldns-config doesn't work at all Version-Release number of selected component (if applicable): ldns-devel-1.6.17-7.fc20.x86_64 How reproducible: 100 % Steps to Reproduce: $ ldns-config Actual results: /bin/ldns-config: line 50: unexpected EOF while looking for matching `"' /bin/ldns-config: line 53: syntax error: unexpected end of file Additional info: It used to work with ldns-devel-1.6.16-7.fc20.x86_64.
hi! I think I've found the problem. It's because of http://pkgs.fedoraproject.org/cgit/ldns.git/tree/ldns-1.6.17-multilib.patch?h=f20 In the last line there is an " missing. Instead of +LDFLAGS_SEC="@LDFL it should be +LDFLAGS_SEC="@LDFL" Cheers, Flo
Created attachment 942826 [details] Add the missing quotation mark I hope I'm doing it right.
oops. actually it looks badly truncated
I was not sure if I should fix the patch or the patched file. As you can see in attachment #942826 [details], I have finally decided to patch the patch.
the patch I used is: diff --git a/ldns-1.6.17-multilib.patch b/ldns-1.6.17-multilib.patch index 7708be2..0a565d3 100644 --- a/ldns-1.6.17-multilib.patch +++ b/ldns-1.6.17-multilib.patch @@ -54,7 +54,7 @@ diff -Naur ldns-1.6.17-orig/packaging/ldns-config.in ldns-1.6.17/packaging/ldns- +esac + +LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR -l@PYTHON_LIB@" -+LDFLAGS_SEC="@LDFL ++LDFLAGS_SEC="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR_SEC -l@PYTHON_LIB@" for arg in $@ do
ldns-1.6.17-8.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/ldns-1.6.17-8.fc21
ldns-1.6.17-8.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/ldns-1.6.17-8.fc20
ldns-1.6.17-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/ldns-1.6.17-1.el6
This update doesn't work for me, ldns-config now prints empty string insted of syntax error. This prevents OpenDNSSEC from configuring correctly. Please compare the output with version ldns-devel-1.6.16-7.fc20.x86_64.
I'm not sure I understand: [root@nic ~]# rpm -hiv ldns-* Preparing... ################################# [100%] Updating / installing... 1:ldns-utils-1.6.17-8.fc20 ################################# [ 33%] 2:ldns-1.6.17-8.fc20 ################################# [ 67%] 3:ldns-devel-1.6.17-8.fc20 ################################# [100%] [root@nic ~]# ldns-config --libs -Wl,-z,relro,-z,now -pie -L/usr/lib64 -lpython2.7 -L/usr/lib64 -lcrypto -ldl -lldns [root@nic ~]# ldns-config --libs_sec -Wl,-z,relro,-z,now -pie -L/usr/lib -lpython2.7 -L/usr/lib -lcrypto -ldl -lldns [root@nic ~]# ldns-config --cflags -I/usr/include What is not working?
I'm sorry for not being clear. Let me reproduce the issue - I will try to configure opendnssec 1.4.6: # Let's start with 16-7: $ rpm -qa 'ldns*' ldns-1.6.16-7.fc20.x86_64 ldns-devel-1.6.16-7.fc20.x86_64 $ cd /tmp/opendnssec-1.4.6 $ ./configure -> This finishes correctly. # Let's upgrade ldns to 17-8: $ dnf upgrade 'ldns*' $ rpm -qa 'ldns*' ldns-utils-1.6.17-8.fc20.x86_64 ldns-1.6.17-8.fc20.x86_64 ldns-devel-1.6.17-8.fc20.x86_64 $ cd /tmp/opendnssec-1.4.6 $ ./configure checking for ldns-config... /bin/ldns-config checking what are the ldns includes... -I/usr/include checking what are the ldns libs... -Wl,-z,relro,-z,now -pie -L/usr/lib64 -lpython2.7 -L/usr/lib64 -lcrypto -ldl -lldns checking for ldns_rr_new in -lldns... no configure: error: Can't find ldns library Apparently ldns-config has some output but it still doesn't work. I can reproduce this constantly by downgrading and upgrading packages. $ rpm -qV ldns ldns-devel ldns ... outputs nothing so there should be no problem with data on my filesystem.
Hi! In http://pkgs.fedoraproject.org/cgit/ldns.git/tree/ldns-1.6.17-multilib.patch in line 52 there is an / missing in front of usr. Instead of LIBDIR_SEC="usr/lib64" it should be LIBDIR_SEC="/usr/lib64" Am i right? But I'm not sure if this is the reason.
Package ldns-1.6.17-1.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing ldns-1.6.17-1.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3060/ldns-1.6.17-1.el6 then log in and leave karma (feedback).
Looks like this change fixes it: #LDFLAGS="-Wl,-z,relro,-z,now -pie -L$LIBDIR -lpython2.7" #LDFLAGS_SEC="-Wl,-z,relro,-z,now -pie -L$LIBDIR_SEC -lpython2.7" LDFLAGS="-Wl,-z,relro -Wl,-z,now -pie -L$LIBDIR -lpython2.7" LDFLAGS_SEC="-Wl,-z,relro -Wl,-z,now -pie -L$LIBDIR_SEC -lpython2.7" note 1.6.16 had: LDFLAGS="-Wl,-z,relro -L$LIBDIR -lpython2.7" LDFLAGS_SEC="-Wl,-z,relro -L$LIBDIR_SEC -lpython2.7"
Actually I had a test error using LDNS_CONFIG= is override. the actual problem is the addition of -pie
Petr, Can you confirm the rawhide build resolves your issue? I'm pretty sure, but I'd like a second opinion. The problem was that the multilib patch bled our hardening options into the ldns-config script. But it only leaked into --libs (eg the -pie option) but not in the --cflags option (eg the -fPIC). So compilation in ./configure of the test program for ldns failed to compile causing configure in opendnssec to reject the ldns install. I checked a bunch of /usr/bin/*-config output, and none show any hardening flags. So the rawhide build now also filters those out in ldns-config. I also noticed that pkg-config calls failed, and I will update the build to properly install the .pc file so that software using pkg-config --libs ldns will also work.
I confirm that I'm able to configure & build opendnssec-1.4.6 if I install ldns-1.6.17-9.src.rpm from Koji and rebuild it on Fedora 20.
hi Paul! Could you please merge the changes to the other branches like f19,f20 and f21? Cheers, Flo
ldns-1.6.17-8.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
ldns-1.6.17-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
ldns-1.6.17-9.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/ldns-1.6.17-9.fc20
ldns-1.6.17-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.