[MDEV-9735] cracklib plugin built statically breaks debian builds Created: 2016-03-15  Updated: 2016-03-17  Resolved: 2016-03-17

Status: Closed
Project: MariaDB Server
Component/s: Packaging
Affects Version/s: 10.1.12
Fix Version/s: 10.1.13

Type: Bug Priority: Major
Reporter: Kolbe Kegel (Inactive) Assignee: Kolbe Kegel (Inactive)
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

Debian


 Description   

I made this change:

plugin/cracklib_password_check/CMakeLists.txt
 
 @@ -8,6 +8,7 @@ CHECK_INCLUDE_FILES (crack.h HAVE_CRACK_H)
 
  
  IF (HAVE_ALLOCA_H AND HAVE_CRACK_H AND HAVE_LIBCRACK AND HAVE_MEMCPY)
 
    MYSQL_ADD_PLUGIN(cracklib_password_check cracklib_password_check.c
 
 -                   LINK_LIBRARIES crack MODULE_ONLY
 
 -                   COMPONENT cracklib-password-check)
 
 +                   LINK_LIBRARIES crack
 
 +                   COMPONENT cracklib-password-check
 
 +                   DEFAULT)
 
  ENDIF()

This causes the cracklib plugin to be built statically into the server. This works great for RPMs. This completely breaks Debian packaging.

dh_movefiles: debian/tmp/usr/lib/mysql/plugin/cracklib_password_check.so not found (supposed to put it in mariadb-cracklib-password-check-10.1)
 
	(cd debian/tmp >/dev/null ; tar --create --files-from=/home/buildbot/buildbot/build/mariadb-10.1.12/debian/movelist --file -) | (cd debian/mariadb-cracklib-password-check-10.1 >/dev/null ;tar xpf -)
 
tar: /home/buildbot/buildbot/build/mariadb-10.1.12/debian/movelist: Cannot stat: No such file or directory
 
tar: Error is not recoverable: exiting now
 
tar: This does not look like a tar archive
 
tar: Exiting with failure status due to previous errors
 
dh_movefiles: (cd debian/tmp >/dev/null ; tar --create --files-from=/home/buildbot/buildbot/build/mariadb-10.1.12/debian/movelist --file -) | (cd debian/mariadb-cracklib-password-check-10.1 >/dev/null ;tar xpf -) returned exit code 2
 
debian/rules:119: recipe for target 'install' failed
 
make: *** [install] Error 2
 
dpkg-buildpackage: error: debian/rules binary gave error exit status 2



 Comments   
Comment by Kolbe Kegel (Inactive) [ 2016-03-15 ]

otto do you have any suggestions about how this should be handled for Debian builds? Do I need to manually edit some control file(s)? Edit autobake.sh?

Or for Debian, instead of building this statically, should I keep it in a separate package and find some way to require that package to be installed when I install the "server" package? If that's the right way, can you advise what I'd need to change to correctly set up that dependency relationship?

Comment by Otto Kekäläinen [ 2016-03-15 ]

It tries to add a file to the package that does not exist anymore (as it is statically linked?): debian/tmp/usr/lib/mysql/plugin/cracklib_password_check.so

Grep in debian/ for cracklib_password_check.so to see where it is defined and remove it as a separate file and even as a separate package.

This bug report does not reference why cracklib now is to be built statically. You need to choose either static or dynamic, and if static, then clean away all references to a separate library file.

Comment by Kolbe Kegel (Inactive) [ 2016-03-15 ]

otto, I want to build MariaDB Enterprise with cracklib as a statically-linked plugin, so that it's enabled by default. I think it's a reasonable goal to make things like this flexible for end users who might try to build the software.

So far, there are 3 files in debian/ that refer to libcrack/cracklib. Maintaining information about individual plugins in global package configuration files is really unappealing to me. It seems like this will be virtually impossible to maintain in the long run.

Can you offer any advice instead about how I might change the existing Debian packaging scripts/files to simply cause the main server package to also install the separate cracklib plugin package?

Comment by Kolbe Kegel (Inactive) [ 2016-03-17 ]

To build the cracklib plugin statically and successfully build .debs, I had to do three things:

1. Remove the mariadb-cracklib-password-check-10.1 package entirely from debian/control
2. Add a conditional dependency on libcrack to the mariadb-server-core-10.1 package in debian/control
3. Add logic to debian/autobake-deb.sh to handle the libcrack-dev build dependency and libcrack package dependency separately.

We should try to improve our Debian packaging so that it is more flexible. This litany of hardcoded control files and the reliance on a fragile shell script make it impossible to dynamically cope with an otherwise very flexible build system.

diff --git a/debian/autobake-deb.sh b/debian/autobake-deb.sh
 
index f304e98..737b0b1 100755
 
--- a/debian/autobake-deb.sh
 
+++ b/debian/autobake-deb.sh
 
@@ -38,10 +38,12 @@ then
 
   # Anything in MARIADB_OPTIONAL_DEBS is omitted from the resulting
 
   # packages by snipped in rules file
 
   MARIADB_OPTIONAL_DEBS="${MARIADB_OPTIONAL_DEBS} cracklib-password-check-10.1"
 
-  sed -i -e "/\\\${MAYBE_LIBCRACK}/d" debian/control
 
+  sed -i -e "/\\\${MAYBE_LIBCRACK}/d" -e "/\\\${MAYBE_LIBCRACK_DEV}/d" debian/control
 
 else
 
-  MAYBE_LIBCRACK='libcrack2-dev (>= 2.9.0),'
 
-  sed -i -e "s/\\\${MAYBE_LIBCRACK}/${MAYBE_LIBCRACK}/g" debian/control
 
+  MAYBE_LIBCRACK_DEV='libcrack2-dev (>= 2.9.0),'
 
+  MAYBE_LIBCRACK='libcrack2 (>= 2.9.0),'
 
+  sed -i -e "s/\\\${MAYBE_LIBCRACK_DEV}/${MAYBE_LIBCRACK_DEV}/g" \
 
+         -e "s/\\\${MAYBE_LIBCRACK}/${MAYBE_LIBCRACK}/g" debian/control
 
 fi
 
 
 
 # Adjust changelog, add new version.
 
diff --git a/debian/control b/debian/control
 
index 210fe93..4a1179b 100644
 
--- a/debian/control
 
+++ b/debian/control
 
@@ -21,7 +21,7 @@ Build-Depends: bison,
 
                po-debconf,
 
                psmisc,
 
                zlib1g-dev (>= 1:1.1.3-5~),
 
-               ${MAYBE_LIBCRACK}
 
+               ${MAYBE_LIBCRACK_DEV}
 
                libjemalloc-dev (>= 3.0.0~) [linux-any]
 
 Standards-Version: 3.8.2
 
 Homepage: http://mariadb.org/
 
@@ -238,6 +238,7 @@ Package: mariadb-server-core-10.1
 
 Architecture: any
 
 Depends: libmariadbclient18 (>= ${binary:Version}),
 
          mariadb-common (>= ${source:Version}),
 
+         ${MAYBE_LIBCRACK}
 
          ${misc:Depends},
 
          ${shlibs:Depends}
 
 Provides: mysql-server-core,
 
@@ -400,10 +401,3 @@ Description: MariaDB database regression test suite (metapackage for the latest
 
  mariadb-test (currently mariadb-test-10.1), as determined by the MariaDB
 
  maintainers.
 
-Package: mariadb-cracklib-password-check-10.1
 
-Section: database
 
-Architecture: any
 
-Depends: libcrack2 (>= 2.9.0), mariadb-server-10.1
 
-Description: CrackLib Password Validation Plugin for MariaDB
 
- This password validation plugin uses cracklib to allow only
 
- sufficiently secure (as defined by cracklib) user passwords in MariaDB.

Generated at Thu Feb 08 07:36:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.