Broken build
Closed this issue ยท 6 comments
Hello,
I had an error when trying to build the engine.
From what I understand, the engine have a dependency called liblzma, as listed below:
I had an error when building liblzma:
So I dug a bit deeper, tried to download the file that vcpkg failed to download, and discovered that xy repo was disabled.
I used google, and found out that there was a backdoor in xy that was discovered yesterday. More details here: https://tukaani.org/xz-backdoor/
So for now, I guess the build is broken? And you might want to check if the version of liblzma you installed on your machine is affected ^^'
The versions of xz that were backdoored were specifically the release tarballs of 5.6.0 and 5.6.1 (please correct me if wrong.) That means that this project is safe.
If you want to still build while the xz GitHub is down, follow this to switch from tukaani-project to bminor:
microsoft/vcpkg#37839
The versions of xz that were backdoored were specifically the release tarballs of 5.6.0 and 5.6.1 (please correct me if wrong.) That means that this project is safe.
The project is safe anyway. The back-door explicitly targeted the SSH daemon and only releases destined to be compiled into the linux kernel were maliciously modified. It was part of the kernel build system and a clean source build would never be affected.
I'm not sure what dep even uses lzma
VCPKG itself uses liblzma directly in order to decompress upstream packages. Removing this dependency would fix the issue ๐
Thanks for the answers :) I guess I'll keep this issue open as long as xy is down, so that other users that are not on discord can find the temporary fix?
https://github.com/tukaani-project/xz/ is back online.