Bug #491

dh_strip breaking integrity test checksums

Added by Jonathan Davies over 8 years ago. Updated over 8 years ago.

Target version:
Start date:
Due date:
Estimated time:
Affected version:



It would seem that integrity tests are not compatiable with the dh_strip component of Debian packaging:

This is reported on build:

integrity test data:
module name,            file size / checksum   segment size / checksum
"libstrongswan",          1761630 / 0x07f7322e       290364 / 0x885c7c3d

However, the integrity checks later fail with:

$ charon-cmd
00[LIB]   invalid 'libstrongswan' file size: 321208 bytes, expected 1761630 bytes
00[LIB] integrity check of libstrongswan failed

This is what's reported at the end of the package build:

-rw-r--r-- root/root    321208 2014-01-15 23:23 ./usr/lib/ipsec/

It would seem that dh_strip is responsible for this:


I tested that disabled nostrip makes integrity tests work. However, the only reason I'm filing this is as dh_strip significantly brings down the size of the final packages:

$ ls -lh
total 4.5M
-rw-rw-r-- 1 ubuntu ubuntu 318K Jan 15 23:28 libstrongswan_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 1.5M Jan 17 06:16 libstrongswan_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu 179K Jan 15 23:28 strongswan-ike_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 1.2M Jan 17 06:16 strongswan-ike_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu  22K Jan 15 23:28 strongswan-plugin-lookip_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 128K Jan 17 06:16 strongswan-plugin-lookip_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu  41K Jan 15 23:28 strongswan-plugin-openssl_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 238K Jan 17 06:16 strongswan-plugin-openssl_5.1.2~dr3-0ubuntu2_amd64.deb
-rw-rw-r-- 1 ubuntu ubuntu 237K Jan 15 23:28 strongswan-starter_5.1.2~dr3-0ubuntu1_amd64.deb
-rw-r--r-- 1 ubuntu ubuntu 746K Jan 17 06:16 strongswan-starter_5.1.2~dr3-0ubuntu2_amd64.deb

Is there a way I regenerate after dh_strip runs? Looking at, I can't see any easy target to run in my debian/rules file.

Related issues

Related to Issue #512: regen doesn't workClosed

Associated revisions

Revision a40c6619 (diff)
Added by Tobias Brunner over 8 years ago

checksum: Read executables from DESTDIR

This allows to recreate the checksums after the installed binaries have
been modified e.g. with strip.

Fixes #491.


#1 Updated by Tobias Brunner over 8 years ago

  • Tracker changed from Issue to Bug
  • Status changed from New to Resolved
  • Assignee set to Tobias Brunner
  • Target version set to 5.1.2
  • Resolution set to Fixed

Is there a way I regenerate after dh_strip runs?

dh_strip seems to run after make install, which is when the checksums are generated. To recreate the checksums afterwards you could run something like make -C src/checksum clean install DESTDIR=..., if that's possible to do (optionally followed by another call to dh_strip or strip <DESTDIR/ipseclibdir>/ manually (saves about 5 KB, so might not be worth the effort).

One problem with the above is that executables were not read from DESTDIR but the build directory. The associated commit fixes that.

#2 Updated by Tobias Brunner over 8 years ago

  • Related to Issue #512: regen doesn't work added

#3 Updated by Tobias Brunner over 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF