[pkg-apparmor] Bug#919705: move libapparmor.so to /lib/<triplet>

Fri Jan 18 18:59:31 GMT 2019

Package: libapparmor-dev
Version: 2.13.2-3
Tags: patch
User: helmutg at debian.org
Usertags: rebootstrap
Control: affects -1 + src:libvirt

I tried cross building libvirt. It still has a few issues, but one of
the issues is that it fails to find libapparmor (not immediately
visible). In the end, I was able to reduce the libvirt's check to the
following command:

echo 'main(){return aa_change_profile();}' | $CC -x c - -o /dev/null -lapparmor

If $CC is a native compiler, it just works. If $CC is a cross compiler
(e.g. for arm64), you get an error:

/usr/lib/gcc-cross/aarch64-linux-gnu/8/../../../../aarch64-linux-gnu/bin/ld: /lib/aarch64-linux-gnu/libapparmor.a(kernel.o): in function `aa_query_label@@APPARMOR_2.9':
(.text+0x1248): undefined reference to `pthread_once'

What you can see here is that for some reason gcc is preferring the
static library over the dynamic one. So I started looking and compared
$CC -print-search-dirs. Indeed, for native toolchains /usr/lib/<triplet>
comes before /lib/<triplet>. For Debian's cross toolchains, this order
is reversed for some reason. I'm not sure whether that's a bug in the
cross toolchains. However, it causes gcc to prefer the static library
over the dynamic one.

I've concluded that regardless of whether this is a bug in gcc, it is a
bug in libapparmor-dev. I think that putting static and dynamic
libraries in different directories is a recipe for breakage. You really
should put them in the same directory. That can be either /lib/<triplet>
or /usr/lib/<triplet>. Implementing the former is easier so that's what
my patch does. Would you be so kind and fix this on the apparmor side?

Helmut
-------------- next part --------------
diff --minimal -Nru apparmor-2.13.2/debian/changelog apparmor-2.13.2/debian/changelog

--- apparmor-2.13.2/debian/changelog	2019-01-01 19:03:54.000000000 +0100
+++ apparmor-2.13.2/debian/changelog	2019-01-18 19:48:04.000000000 +0100
@@ -1,3 +1,10 @@
+apparmor (2.13.2-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Move libapparmor.so to /lib/<triplet>. (Closes: #-1)
+
+ -- Helmut Grohne <helmut at subdivi.de>  Fri, 18 Jan 2019 19:48:04 +0100
+
 apparmor (2.13.2-3) unstable; urgency=medium
 
   * Update upstream MR!252 backport to fix initscript (Closes: #917874)
diff --minimal -Nru apparmor-2.13.2/debian/rules apparmor-2.13.2/debian/rules
--- apparmor-2.13.2/debian/rules	2019-01-01 19:03:54.000000000 +0100
+++ apparmor-2.13.2/debian/rules	2019-01-18 19:48:01.000000000 +0100
@@ -176,7 +176,7 @@
 	# Create unversioned link in /usr to the shared library
 	MY_DSO=$$(basename $$(readlink $(CURDIR)/debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libapparmor.so)); \
 	ln -sf /lib/$(DEB_HOST_MULTIARCH)/$${MY_DSO} \
-	    $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libapparmor.so
+	    $(CURDIR)/debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libapparmor.so
 
 override_dh_installinit:
 	dh_installinit --no-start --no-restart-on-upgrade --error-handler=true
