[Pkg-zsh-devel] Bug#769448: Bug#769450: zsh-static unsets $USERNAME

Axel Beckert abe at debian.org
Fri Nov 14 08:47:48 UTC 2014

tag 354633 + confirmed
retitle 354633 zsh-static: %n in prompt expansion no longer set as root with 4.3.0-dev-5-1
retitle 354631 zsh-static: error in compaudit with 4.3.0-dev-5-1 as root
forcemerge 354631 354633 769448 769450


Vincent Lefevre wrote:
> On 2014-11-14 01:46:40 +0100, Axel Beckert wrote:
> [...]
> > And USE_GETPWUID is not set in the static build. It's disabled in
> > debian/rules:
> > 
> >    STATICFLAGS += --disable-dynamic-nss
> > 
> > This is probably the way how https://bugs.debian.org/207218 (changes
> > in libc cause zsh-static to immediately segfault) was fixed.
> The ChangeLog says:
>   Run dpkg-shlibdebs on /lib/libnss_files.so.* for zsh-static
>   to help avoid segfaults due to continually-changing glibc NSS ABI.

Yep. That's how I got the idea to look at --disable-dynamic-nss.

> But if the NSS ABI changes in an incompatible manner, the soname
> should change, i.e. this was probably a bug in libc6.

Indeed. But see below, that's no bug in libc6 as the SONAME does

Additionally, that mentioned dpkg-shlibdebs call is no more there. But
there's no other changelog entry which mentions dpkg-shlibdebs again.

Maybe this one from 4.3.0-dev-4-3 is the one where it got removed again:

  * For zsh-static, don't link against anything that requires NSS.

> > I wonder if #207218 would reappear nowadays, if we remove that line
> > above from debian/rules.
> > 
> > Removing that line definitely solves this issue, I just tried it.
> Does this mean that zsh-static wouldn't really be a static build
> because using the dynamic NSS library?

That's another question I wondered about, too. At least that's no more
the case:

→ ldd /bin/zsh-static
        not a dynamic executable

Even not with disabling that line:

→ ldd obj-static/Src/zsh
        not a dynamic executable

But then again I found https://bugs.debian.org/354631 and
https://bugs.debian.org/354633 already reported back in 2006. It's
currently blocked by https://bugs.debian.org/471208 (libncurses5:
ncurses+dietlibc) since Clint's plan seems to have been to use the NSS
routines from dietlibc for the static build. But I don't expect this
to happen anytime soon.

In #354631 is stated that the "compaudit:$linenumber: unknown group"
issue first shows up in compaudit:107: unknown group. Actually I think
it was already present in 4.3.0-dev-4-3 uploaded one day before,
because that's the one this changelog entry: "For zsh-static, don't
link against anything that requires NSS."

It also claims that this only happens as root. But at least on Wheezy
I also get it as normal user. But I suspect that only happens because
the reporter likely uses zsh-static as root, but only zsh as user. A
strong indication for this is at

In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354631#27 Clint

  [...] the problem is that user/group lookups are disabled in the
  -static build because glibc's NSS ABI is unstable and static
  binaries still need to load NSS modules dynamically.

  If we re-enable lookups, then zsh-static will segfault on any major
  libc upgrade. I don't know what the best solution here is.

That IMHO explains well why a statically complied binary still needs
dynamically linked libraries -- which may change their ABI _with_ an
SONAME bump, so no bug in libc6, but zsh-static should likely depend

  libc6 (>= $current_glibc_upstream_version), libc6 (<< $next_glibc_upstream_version)

if we remove "STATICFLAGS += --disable-dynamic-nss" from debian/rules.

So I'm no more sure if removing that line is really a good idea.

OTOH: We are thinking about dropping the zsh-static package after
Jessie anyways. Popcon's "vote" is around 25 and such issues don't
seem to have bothered people too much since 2006.

So if anyone wants to keep zsh-static and is reading this, please
_tell_ us!

		Regards, Axel
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

More information about the Pkg-zsh-devel mailing list