Project

General

Profile

Bug #491

dh_strip breaking integrity test checksums

Added by Jonathan Davies over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Start date:
17.01.2014
Due date:
Estimated time:
Affected version:
dr|rc|master
Resolution:
Fixed

Description

Hello,

It would seem that integrity tests are not compatiable with the dh_strip component of Debian packaging:

https://launchpadlibrarian.net/162584546/buildlog_ubuntu-trusty-amd64.strongswan_5.1.2~dr3-0ubuntu1_UPLOADING.txt.gz

This is reported on build:

...
integrity test data:
module name,            file size / checksum   segment size / checksum
"libstrongswan",          1761630 / 0x07f7322e       290364 / 0x885c7c3d
...

However, the integrity checks later fail with:

$ charon-cmd
00[LIB]   invalid 'libstrongswan' file size: 321208 bytes, expected 1761630 bytes
00[LIB] integrity check of libstrongswan failed

This is what's reported at the end of the package build:

chroot-autobuild/build/buildd/libstrongswan_5.1.2~dr3-0ubuntu1_amd64.deb:
...
-rw-r--r-- root/root    321208 2014-01-15 23:23 ./usr/lib/ipsec/libstrongswan.so.0.0.0
...

It would seem that dh_strip is responsible for this:

- http://manpages.debian.net/cgi-bin/man.cgi?query=dh_strip

I tested that disabled nostrip makes integrity tests work. However, the only reason I'm filing this is as dh_strip significantly brings down the size of the final packages:

$ ls -lh
total 4.5M
-rw-rw-r-- 1 ubuntu ubuntu 318K Jan 15 23:28 libstrongswan_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 1.5M Jan 17 06:16 libstrongswan_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu 179K Jan 15 23:28 strongswan-ike_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 1.2M Jan 17 06:16 strongswan-ike_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu  22K Jan 15 23:28 strongswan-plugin-lookip_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 128K Jan 17 06:16 strongswan-plugin-lookip_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu  41K Jan 15 23:28 strongswan-plugin-openssl_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 238K Jan 17 06:16 strongswan-plugin-openssl_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu 237K Jan 15 23:28 strongswan-starter_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 746K Jan 17 06:16 strongswan-starter_5.1.2~dr3-0ubuntu2_amd64.deb

Is there a way I regenerate checksum.so after dh_strip runs? Looking at Makefile.am, I can't see any easy target to run in my debian/rules file.


Related issues

Related to Issue #512: checksum.so regen doesn't workClosed

Associated revisions

Revision a40c6619 (diff)
Added by Tobias Brunner over 6 years ago

checksum: Read executables from DESTDIR

This allows to recreate the checksums after the installed binaries have
been modified e.g. with strip.

Fixes #491.

History

#1 Updated by Tobias Brunner over 6 years ago

  • Tracker changed from Issue to Bug
  • Status changed from New to Resolved
  • Assignee set to Tobias Brunner
  • Target version set to 5.1.2
  • Resolution set to Fixed

Is there a way I regenerate checksum.so after dh_strip runs?

dh_strip seems to run after make install, which is when the checksums are generated. To recreate the checksums afterwards you could run something like make -C src/checksum clean install DESTDIR=..., if that's possible to do (optionally followed by another call to dh_strip or strip <DESTDIR/ipseclibdir>/libchecksum.so manually (saves about 5 KB, so might not be worth the effort).

One problem with the above is that executables were not read from DESTDIR but the build directory. The associated commit fixes that.

#2 Updated by Tobias Brunner over 6 years ago

  • Related to Issue #512: checksum.so regen doesn't work added

#3 Updated by Tobias Brunner over 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF