[pkg-apparmor] Bug#984582: apparmor FTCBFS: many different reasons

Helmut Grohne helmut at subdivi.de
Fri Mar 5 12:07:45 GMT 2021 

Source: apparmor
Version: 2.13.6-9
Tags: patch
User: debian-cross at lists.debian.org
Usertags: cross-satisfiability ftcbfs

apparmor fails to cross build from source for a pile of reasons. We
won't make it cross buildable today, but here goes the stuff that I
figured out:

1. Build-Depends are a problem. perl is not installable for the host
   architecture. perl is used here to build a perl extension. As such it
   should instead depend on perl-xs-dev (which currently is a virtual
   package). We're in the process of transitioning all perl extensions
   to this dependency and apparmor is till missing. Simple, right?

2. Build-Depends: python3 is not installable either. The usual way here
   is to replace python(.*)-dev with libpython\1-dev, python\1-dev:any
   and annotating the interpreter dependencies :any.

Once these two are fixed, one can actually attempt to cross build
apparmor. Unfortunately, it does not get very far.

3. The PERL_VENDORARCH variable is computed for the build architecture.
   The snippet is common to many perl extensions and the replacement is
   not nice. We're in the process of moving this to a more central
   place, but in the mean time please include the snippet from the
   attached patch to mae it use the host's perl config.

4. Then it uses AC_CHECK_FILE to locate a header. Bad idea.
   AC_CHECK_FILE is for host files, not for build files. Please use test
   -e instead.

5. In the end, I couldn't figure out how to make the perl extension
   cross buildable. Instead, I offer the addition of a noperl build
   profile to make any progress here.

6. The configure script assumes that $PYTHON-config is right.
   Unfortunately, the Python interpreter is not usually prefixed with a
   triplet whereas the -config tool is. Thus we get the build
   architecture python-config here, but we should use the host one.
   AC_PATH_TOOL is required here.

7. It fails linking -lz. This is an issue with python3.9 actually and
   reported separately as #984580.

So I have a longer patch fixing 1-6 attached. Please consider applying
it. I guess this is post-bullseye material though. Of course you can
give some feedback pre-bullseye to move this forward.

Helmut
-------------- next part --------------
diff --minimal -Nru apparmor-2.13.6/debian/changelog apparmor-2.13.6/debian/changelog
--- apparmor-2.13.6/debian/changelog	2021-02-06 18:07:35.000000000 +0100
+++ apparmor-2.13.6/debian/changelog	2021-03-01 12:22:43.000000000 +0100
@@ -1,3 +1,16 @@
+apparmor (2.13.6-9.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Improve cross build support: (Closes: #-1)
+    + Build-Depend on perl-xs-dev for building a perl extension.
+    + Consult the host architecture perl config to compute PERL_VENDORARCH.
+    + cross.patch: Do not abuse AC_CHECK_FILE for build system files.
+    + Make perl bindings optional via a noperl build profile.
+    + Multiarchify python Build-Depends.
+    + cross.patch: Use AC_PATH_TOOL to locate python-config.
+
+ -- Helmut Grohne <helmut at subdivi.de>  Mon, 01 Mar 2021 12:22:43 +0100
+
 apparmor (2.13.6-9) unstable; urgency=medium
 
   * usr.lib.dovecot.script-login: don't include non-existent local override file
diff --minimal -Nru apparmor-2.13.6/debian/control apparmor-2.13.6/debian/control
--- apparmor-2.13.6/debian/control	2021-02-06 18:07:35.000000000 +0100
+++ apparmor-2.13.6/debian/control	2021-03-01 12:22:43.000000000 +0100
@@ -16,13 +16,14 @@
                flex,
                liblocale-gettext-perl <!nocheck>,
                libpam-dev,
+               libpython3-all-dev,
                libtool,
-               perl,
+               perl-xs-dev <!noperl>,
                pkg-config,
                po-debconf,
-               python3,
-               python3-all,
-               python3-all-dev,
+               python3:any,
+               python3-all:any,
+               python3-all-dev:any,
                swig
 Standards-Version: 4.5.1
 Vcs-Browser: https://salsa.debian.org/apparmor-team/apparmor/tree/debian/master
@@ -107,6 +108,7 @@
 Architecture: linux-any
 Multi-Arch: same
 Section: perl
+Build-Profiles: <!noperl>
 Depends: ${misc:Depends},
          ${perl:Depends},
          ${shlibs:Depends}
diff --minimal -Nru apparmor-2.13.6/debian/patches/cross.patch apparmor-2.13.6/debian/patches/cross.patch
--- apparmor-2.13.6/debian/patches/cross.patch	1970-01-01 01:00:00.000000000 +0100
+++ apparmor-2.13.6/debian/patches/cross.patch	2021-03-01 12:22:43.000000000 +0100
@@ -0,0 +1,41 @@
+--- apparmor-2.13.6.orig/libraries/libapparmor/configure.ac
++++ apparmor-2.13.6/libraries/libapparmor/configure.ac
+@@ -58,7 +58,7 @@
+    AC_PATH_PROG(PERL, perl)
+    test -z "$PERL" && AC_MSG_ERROR([perl is required when enabling perl bindings])
+    perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
+-   AC_CHECK_FILE($perl_includedir/perl.h, enable_perl=yes, enable_perl=no)
++   AS_IF([test -e "$perl_includedir/perl.h"],[enable_perl=yes],[enable_perl=no])
+ fi
+ 
+ 
+--- apparmor-2.13.6.orig/libraries/libapparmor/m4/ac_python_devel.m4
++++ apparmor-2.13.6/libraries/libapparmor/m4/ac_python_devel.m4
+@@ -75,12 +75,14 @@
+                 PYTHON_VERSION=""
+         fi
+ 
++        AC_PATH_TOOL([PYTHON_CONFIG],[`basename $PYTHON`-config])
++
+         #
+         # Check for Python include path
+         #
+         AC_MSG_CHECKING([for Python include path])
+-        if type $PYTHON-config; then
+-                PYTHON_CPPFLAGS=`$PYTHON-config --includes`
++        if test -n "$PYTHON_CONFIG"; then
++                PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
+         fi
+         if test -z "$PYTHON_CPPFLAGS"; then
+                 python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
+@@ -97,8 +99,8 @@
+         # Check for Python library path
+         #
+         AC_MSG_CHECKING([for Python library path])
+-        if type $PYTHON-config; then
+-                PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
++        if test -n "$PYTHON_CONFIG"; then
++                PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
+         fi
+         if test -z "$PYTHON_LDFLAGS"; then
+                 # (makes two attempts to ensure we've got a version number
diff --minimal -Nru apparmor-2.13.6/debian/patches/series apparmor-2.13.6/debian/patches/series
--- apparmor-2.13.6/debian/patches/series	2021-02-06 18:07:35.000000000 +0100
+++ apparmor-2.13.6/debian/patches/series	2021-03-01 12:22:43.000000000 +0100
@@ -21,3 +21,4 @@
 debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
 # ubuntu/libnss-systemd.patch
 # ubuntu/stop-loading-snapd-profiles.patch
+cross.patch
diff --minimal -Nru apparmor-2.13.6/debian/rules apparmor-2.13.6/debian/rules
--- apparmor-2.13.6/debian/rules	2021-02-06 18:07:35.000000000 +0100
+++ apparmor-2.13.6/debian/rules	2021-03-01 12:22:43.000000000 +0100
@@ -4,9 +4,11 @@
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
 
-export DEB_HOST_ARCH_OS   ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
+include /usr/share/dpkg/architecture.mk
+export DEB_HOST_ARCH_OS
 
-export PERL_VENDORARCH := $(shell perl -MConfig -e 'print substr($$Config{vendorarch},1)' )
+PERLVER := $(shell perl -MConfig -e 'print $$Config{version}')
+export PERL_VENDORARCH := $(shell perl -I/usr/lib/$(DEB_HOST_MULTIARCH)/perl/cross-config-$(PERLVER) -MConfig -e 'print substr($$Config{vendorarch},1)' )
 export PYTHON=/usr/bin/python3
 export PYTHON_VERSION=3
 export PYTHON_VERSIONS=python3
@@ -17,7 +19,7 @@
 
 override_dh_auto_configure:
 	cd libraries/libapparmor && sh ./autogen.sh
-	dh_auto_configure -D libraries/libapparmor -- --with-perl
+	dh_auto_configure -D libraries/libapparmor -- --with$(if $(filter noperl,$(DEB_BUILD_PROFILES)),out)-perl
 
 
 override_dh_auto_build:

More information about the pkg-apparmor-team mailing list