[Pkg-zsh-devel] Bug#769448: Bug#769450: zsh-static unsets $USERNAME
abe at debian.org
Fri Nov 14 08:47:48 UTC 2014
tag 354633 + confirmed
retitle 354633 zsh-static: %n in prompt expansion no longer set as root with 4.3.0-dev-5-1
retitle 354631 zsh-static: error in compaudit with 4.3.0-dev-5-1 as root
forcemerge 354631 354633 769448 769450
Vincent Lefevre wrote:
> On 2014-11-14 01:46:40 +0100, Axel Beckert wrote:
> > And USE_GETPWUID is not set in the static build. It's disabled in
> > debian/rules:
> > STATICFLAGS += --disable-dynamic-nss
> > This is probably the way how https://bugs.debian.org/207218 (changes
> > in libc cause zsh-static to immediately segfault) was fixed.
> The ChangeLog says:
> Run dpkg-shlibdebs on /lib/libnss_files.so.* for zsh-static
> to help avoid segfaults due to continually-changing glibc NSS ABI.
Yep. That's how I got the idea to look at --disable-dynamic-nss.
> But if the NSS ABI changes in an incompatible manner, the soname
> should change, i.e. this was probably a bug in libc6.
Indeed. But see below, that's no bug in libc6 as the SONAME does
Additionally, that mentioned dpkg-shlibdebs call is no more there. But
there's no other changelog entry which mentions dpkg-shlibdebs again.
Maybe this one from 4.3.0-dev-4-3 is the one where it got removed again:
* For zsh-static, don't link against anything that requires NSS.
> > I wonder if #207218 would reappear nowadays, if we remove that line
> > above from debian/rules.
> > Removing that line definitely solves this issue, I just tried it.
> Does this mean that zsh-static wouldn't really be a static build
> because using the dynamic NSS library?
That's another question I wondered about, too. At least that's no more
→ ldd /bin/zsh-static
not a dynamic executable
Even not with disabling that line:
→ ldd obj-static/Src/zsh
not a dynamic executable
But then again I found https://bugs.debian.org/354631 and
https://bugs.debian.org/354633 already reported back in 2006. It's
currently blocked by https://bugs.debian.org/471208 (libncurses5:
ncurses+dietlibc) since Clint's plan seems to have been to use the NSS
routines from dietlibc for the static build. But I don't expect this
to happen anytime soon.
In #354631 is stated that the "compaudit:$linenumber: unknown group"
issue first shows up in compaudit:107: unknown group. Actually I think
it was already present in 4.3.0-dev-4-3 uploaded one day before,
because that's the one this changelog entry: "For zsh-static, don't
link against anything that requires NSS."
It also claims that this only happens as root. But at least on Wheezy
I also get it as normal user. But I suspect that only happens because
the reporter likely uses zsh-static as root, but only zsh as user. A
strong indication for this is at
In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354631#27 Clint
[...] the problem is that user/group lookups are disabled in the
-static build because glibc's NSS ABI is unstable and static
binaries still need to load NSS modules dynamically.
If we re-enable lookups, then zsh-static will segfault on any major
libc upgrade. I don't know what the best solution here is.
That IMHO explains well why a statically complied binary still needs
dynamically linked libraries -- which may change their ABI _with_ an
SONAME bump, so no bug in libc6, but zsh-static should likely depend
libc6 (>= $current_glibc_upstream_version), libc6 (<< $next_glibc_upstream_version)
if we remove "STATICFLAGS += --disable-dynamic-nss" from debian/rules.
So I'm no more sure if removing that line is really a good idea.
OTOH: We are thinking about dropping the zsh-static package after
Jessie anyways. Popcon's "vote" is around 25 and such issues don't
seem to have bothered people too much since 2006.
So if anyone wants to keep zsh-static and is reading this, please
,''`. | Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
More information about the Pkg-zsh-devel