`./share/containers/fedora.dockerfile` doesn't build
alejandro-colomar opened this issue · 5 comments
$ sudo docker build -f ./share/containers/fedora.dockerfile .
[...]
checking for library containing readpassphrase... no
configure: error: readpassphrase() is missing, either from libc or libbsd
The command '/bin/sh -c ./autogen.sh --enable-shadowgrp --enable-man --with-audit --with-sha-crypt --with-bcrypt --with-yescrypt --with-selinux --without-libcrack --without-libpam --enable-shared --with-group-name-max-length=32 --enable-lastlog --enable-logind=no' returned a non-zero code: 1That is on the master branch.
I removed all the cached images from docker so that it starts from scratch, and I still see the failure. Also, CI started failing for a PR that doesn't touch anything related to readpassphrase(3bsd) or libbsd.
It's failing because the latest stable Fedora has been switched to 39 recently, and this one doesn't containe libbsd dependency.
But Fedora 39 still has libbsd, right? I see it in this page: https://packages.fedoraproject.org/pkgs/libbsd/libbsd/
Did they remove it from the docker container or something?
Or did they drop the package in Fedora 39 recently and forgot to update that page?
Yes, libbsd is still there but it's not recommended to link base packages against libbsd.
The package is available for download, but it has to be installed manually, or via a dependency. I dropped the shadow dependency for this package some time ago for Fedora 39+, but I forgot to update the build configuration options.
Last week Fedora 39 was released and I guess at some point during this time the containers tag for stable was updated from 38 to 39. That's why we can see the error now, and not before.
I think we should prefer linking against libbsd:
- Our programs are not threaded, so being MT-Unsafe (Multi-Thread Unsafe) is not a bug here.
- We already made sure we don't use libbsd's arc4random(3bsd): ac8b81c
- We don't use functions that are incompatible with glibc (fgetln, setproctitle).
A problem of not linking to libbsd is that we use our own definition of readpassphrase(3bsd). Usually, I'd say it's fine to dog-food our own definitions of stuff, but that function scares me, at 141 lines of sensitive code.
But yeah, if Fedora 39 is out there without the dep, I guess this patch is good. Please document in the commit message that libbsd was removed from the shadow deps in Fedora 39, and you have my Reviewed-by: Alejandro Colomar <alx@kernel.org>. :)
I think we should prefer linking against libbsd:
I also prefer it, but shadow is included in the base image, and thus having libbsd as a dependency also makes this package part of the base image. This last part wants to be avoided by Fedora.