Bug 1674777 - crypto-utils: FTBFS in F30: certwatch.c:77: error: '__builtin___strncpy_chk' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] [NEEDINFO]
Summary: crypto-utils: FTBFS in F30: certwatch.c:77: error: '__builtin___strncpy_chk' ...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: crypto-utils
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Fedora Extras Quality Assurance
URL: https://bugzilla.mozilla.org/show_bug...
Whiteboard: AcceptedBlocker openqa
Depends On: BetaBlocker, F31BetaBlocker
Blocks: F30FTBFS
TreeView+ depends on / blocked
 
Reported: 2019-02-11 17:00 UTC by Fedora Release Engineering
Modified: 2019-08-08 13:37 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-08 13:37:35 UTC
releng: needinfo? (jorton)


Attachments (Terms of Use)
build.log (1.00 KB, text/plain)
2019-02-11 17:01 UTC, Fedora Release Engineering
no flags Details
root.log (1.00 KB, text/plain)
2019-02-11 17:01 UTC, Fedora Release Engineering
no flags Details
state.log (633 bytes, text/plain)
2019-02-11 17:01 UTC, Fedora Release Engineering
no flags Details
certwatch: use memcpy in get_common_name (1.46 KB, patch)
2019-05-18 15:58 UTC, Elio Maldonado Batiz
elio.maldonado.batiz: review? (jorton)
Details | Diff

Description Fedora Release Engineering 2019-02-11 17:00:59 UTC
crypto-utils failed to build from source in Fedora rawhide/f30

https://koji.fedoraproject.org/koji/taskinfo?taskID=32374254


For details on the mass rebuild see:

https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Please fix crypto-utils at your earliest convenience and set the bug's status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
crypto-utils will be orphaned. Before branching of Fedora 31,
crypto-utils will be retired, if it still fails to build.

For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source

Comment 1 Fedora Release Engineering 2019-02-11 17:01:02 UTC
Created attachment 1529618 [details]
build.log

file build.log too big, will only attach last 1024 bytes

Comment 2 Fedora Release Engineering 2019-02-11 17:01:03 UTC
Created attachment 1529619 [details]
root.log

file root.log too big, will only attach last 1024 bytes

Comment 3 Fedora Release Engineering 2019-02-11 17:01:05 UTC
Created attachment 1529620 [details]
state.log

Comment 4 Fedora Release Engineering 2019-04-26 23:26:26 UTC
Dear Maintainer,

your package has not been built successfully in f30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/

Comment 5 Petr Pisar 2019-05-17 11:27:56 UTC
+ cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=implicit-function-declaration -Werror -I/usr/include/nspr4 -I/usr/include/nss3 certwatch.c pemutil.c -o certwatch -lnspr4 -lnss3
BUILDSTDERR: In file included from /usr/include/string.h:494,
BUILDSTDERR:                  from /usr/include/nss3/secport.h:45,
BUILDSTDERR:                  from /usr/include/nss3/seccomon.h:27,
BUILDSTDERR:                  from /usr/include/nss3/nss.h:34,
BUILDSTDERR:                  from certwatch.c:77:
BUILDSTDERR: In function 'strncpy',
BUILDSTDERR:     inlined from 'get_common_name' at certwatch.c:249:5,
BUILDSTDERR:     inlined from 'check_cert' at certwatch.c:289:9,
BUILDSTDERR:     inlined from 'main' at certwatch.c:387:12:
BUILDSTDERR: /usr/include/bits/string_fortified.h:106:10: error: '__builtin___strncpy_chk' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
BUILDSTDERR:   106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
BUILDSTDERR:       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BUILDSTDERR: certwatch.c: In function 'main':
BUILDSTDERR: certwatch.c:246:15: note: length computed here
BUILDSTDERR:   246 |     namelen = strlen(name);
BUILDSTDERR:       |               ^~~~~~~~~~~~
BUILDSTDERR: cc1: all warnings being treated as errors
BUILDSTDERR: error: Bad exit status from /var/tmp/rpm-tmp.DGeE6A (%build)
BUILDSTDERR:     Bad exit status from /var/tmp/rpm-tmp.DGeE6A (%build)

Comment 6 Elio Maldonado Batiz 2019-05-18 15:38:06 UTC
Same problem was fixed for NSS upstream by using memcpy, see https://bugzilla.mozilla.org/show_bug.cgi?id=1438426
and the fix as picked up for JSS, see https://pagure.io/jss/issue/21

Comment 7 Elio Maldonado Batiz 2019-05-18 15:58:55 UTC
Created attachment 1570560 [details]
certwatch: use memcpy in get_common_name

Possible fix based on what was done for upstream NSS. 
scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=34913261

Comment 8 Fedora Release Engineering 2019-06-03 21:41:54 UTC
Dear Maintainer,

your package has not been built successfully in f30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/

Comment 9 Fedora Release Engineering 2019-06-17 20:48:30 UTC
Dear Maintainer,

your package has not been built successfully in f30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/

Comment 10 Fedora Release Engineering 2019-07-02 11:13:30 UTC
Dear Maintainer,

your package has not been built successfully in 30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 31 according to the schedule [3],
any packages which still have open FTBFS bugs from Fedora 30 will be retired.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/31/Schedule

Comment 11 Fedora Release Engineering 2019-07-02 13:29:55 UTC
Dear Maintainer,

your package has not been built successfully in 30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 31 according to the schedule [3],
any packages which still have open FTBFS bugs from Fedora 30 will be retired.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/31/Schedule

Comment 12 Joe Orton 2019-07-02 15:03:25 UTC
Dear Rel-Eng Robot,

For the record, I've orphaned the package and am happy for it to be retired this if nobody else takes it on (nobody has indicated willingness).

Comment 13 Adam Williamson 2019-07-10 00:18:24 UTC
Note the Fedora installation guide uses tools from crypto-utils:

https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/servers/Web_Servers/

There is also this wiki page which includes similar language:

https://fedoraproject.org/wiki/Https

However, RH *did* remove crypto-utils from RHEL 8, so we don't have to worry about downstream. The RHEL 8 migration text for it seems to be:

"crypto-utils have been removed

The crypto-utils packages have been removed from RHEL 8. You can use tools provided by the openssl, gnutls-utils, and nss-tools packages instead."

e.g. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index .

crypto-utils is also listed as a default component of the web-server group in comps, so if it is retired (or possibly even if it is not), that should be changed. On the other hand, no other package depends on it at run or build time AFAICS, so that's good.

I'm marking this bug as an automatic F31 blocker, because as the package stands it is not installable due to unsatisfied dependencies on perl 5.28, and as it's in the web-server group it's in the Fedora Server DVD, and that makes this an automatic blocker per the policy: "Unresolved dependencies on a release-blocking DVD-style (offline installer) image (failures of QA:Testcase_Mediakit_Repoclosure)" - https://fedoraproject.org/wiki/QA:SOP_blocker_bug_process#Automatic_blockers .

Also tagging the docs team for the documentation issues here.

Comment 14 Joe Orton 2019-07-10 13:00:12 UTC
I'll submit some PRS for the docs, it would be better to document using certbot or mod_md to get Let's Encrypt certs here anyway.

Comment 15 Petr Bokoc 2019-07-18 07:42:43 UTC
Adam, thanks for tagging us, we'll track the removal in the repo's issues: https://pagure.io/fedora-docs/system-administrators-guide/issue/35

Joe, a docs update would be definitely appreciated. Let me know if you have any questions about contributing to our docs; you can reach me by mail (on this address or on docs@lists.fedoraproject.org), or in #fedora-docs on Freenode.

Comment 16 Fedora Release Engineering 2019-07-24 12:27:04 UTC
Dear Maintainer,

your package has not been built successfully in 30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 31 according to the schedule [3],
any packages which still have open FTBFS bugs from Fedora 30 will be retired.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/31/Schedule

Comment 17 Fedora Release Engineering 2019-07-24 13:25:04 UTC
Dear Maintainer,

your package has not been built successfully in 30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 31 according to the schedule [3],
any packages which still have open FTBFS bugs from Fedora 30 will be retired.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/31/Schedule

Comment 18 Fedora Release Engineering 2019-07-28 04:24:22 UTC
Dear Maintainer,

your package has not been built successfully in 30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 31 according to the schedule [3],
any packages which still have open FTBFS bugs from Fedora 30 will be retired.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/31/Schedule

Comment 19 Fedora Release Engineering 2019-08-04 04:24:21 UTC
Dear Maintainer,

your package has not been built successfully in 30. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
can be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 31 according to the schedule [3],
any packages which still have open FTBFS bugs from Fedora 30 will be retired.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/31/Schedule

Comment 20 Fedora Release Engineering 2019-08-08 13:37:35 UTC
The package was retired.


Note You need to log in before you can comment on or make changes to this bug.