crypto-utils failed to build from source in Fedora rawhide/f30 http://koji.fedoraproject.org/koji/taskinfo?taskID=32374254 For details on the mass rebuild see: http://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Please fix crypto-utils at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, crypto-utils will be orphaned. Before branching of Fedora 31, crypto-utils will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: http://fedoraproject.org/wiki/Fails_to_build_from_source
Created attachment 1529618 [details] build.log file build.log too big, will only attach last 1024 bytes
Created attachment 1529619 [details] root.log file root.log too big, will only attach last 1024 bytes
Created attachment 1529620 [details] state.log
Dear Maintainer, your package has not been built successfully in f30. Action is required from you. If you can fix your package to build, perform a build in koji, and either create an update in bodhi, or close this bug without creating an update, if updating is not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to acknowledge this. Following the latest policy for such packages [2], your package can be orphaned if this bug remains in NEW state more than 8 weeks. [1] http://fedoraproject.org/wiki/Updates_Policy [2] http://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
+ cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=implicit-function-declaration -Werror -I/usr/include/nspr4 -I/usr/include/nss3 certwatch.c pemutil.c -o certwatch -lnspr4 -lnss3 BUILDSTDERR: In file included from /usr/include/string.h:494, BUILDSTDERR: from /usr/include/nss3/secport.h:45, BUILDSTDERR: from /usr/include/nss3/seccomon.h:27, BUILDSTDERR: from /usr/include/nss3/nss.h:34, BUILDSTDERR: from certwatch.c:77: BUILDSTDERR: In function 'strncpy', BUILDSTDERR: inlined from 'get_common_name' at certwatch.c:249:5, BUILDSTDERR: inlined from 'check_cert' at certwatch.c:289:9, BUILDSTDERR: inlined from 'main' at certwatch.c:387:12: BUILDSTDERR: /usr/include/bits/string_fortified.h:106:10: error: '__builtin___strncpy_chk' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] BUILDSTDERR: 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); BUILDSTDERR: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BUILDSTDERR: certwatch.c: In function 'main': BUILDSTDERR: certwatch.c:246:15: note: length computed here BUILDSTDERR: 246 | namelen = strlen(name); BUILDSTDERR: | ^~~~~~~~~~~~ BUILDSTDERR: cc1: all warnings being treated as errors BUILDSTDERR: error: Bad exit status from /var/tmp/rpm-tmp.DGeE6A (%build) BUILDSTDERR: Bad exit status from /var/tmp/rpm-tmp.DGeE6A (%build)
Same problem was fixed for NSS upstream by using memcpy, see http://bugzilla.mozilla.org/show_bug.cgi?id=1438426 and the fix as picked up for JSS, see http://pagure.io/jss/issue/21
Created attachment 1570560 [details] certwatch: use memcpy in get_common_name Possible fix based on what was done for upstream NSS. scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=34913261
Dear Maintainer, your package has not been built successfully in 30. Action is required from you. If you can fix your package to build, perform a build in koji, and either create an update in bodhi, or close this bug without creating an update, if updating is not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to acknowledge this. Following the latest policy for such packages [2], your package can be orphaned if this bug remains in NEW state more than 8 weeks. A week before the mass branching of Fedora 31 according to the schedule [3], any packages which still have open FTBFS bugs from Fedora 30 will be retired. [1] http://fedoraproject.org/wiki/Updates_Policy [2] http://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/ [3] http://fedoraproject.org/wiki/Releases/31/Schedule
Dear Rel-Eng Robot, For the record, I've orphaned the package and am happy for it to be retired this if nobody else takes it on (nobody has indicated willingness).
Note the Fedora installation guide uses tools from crypto-utils: http://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/servers/Web_Servers/ There is also this wiki page which includes similar language: http://fedoraproject.org/wiki/Https However, RH *did* remove crypto-utils from RHEL 8, so we don't have to worry about downstream. The RHEL 8 migration text for it seems to be: "crypto-utils have been removed The crypto-utils packages have been removed from RHEL 8. You can use tools provided by the openssl, gnutls-utils, and nss-tools packages instead." e.g. http://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index . crypto-utils is also listed as a default component of the web-server group in comps, so if it is retired (or possibly even if it is not), that should be changed. On the other hand, no other package depends on it at run or build time AFAICS, so that's good. I'm marking this bug as an automatic F31 blocker, because as the package stands it is not installable due to unsatisfied dependencies on perl 5.28, and as it's in the web-server group it's in the Fedora Server DVD, and that makes this an automatic blocker per the policy: "Unresolved dependencies on a release-blocking DVD-style (offline installer) image (failures of QA:Testcase_Mediakit_Repoclosure)" - http://fedoraproject.org/wiki/QA:SOP_blocker_bug_process#Automatic_blockers . Also tagging the docs team for the documentation issues here.
I'll submit some PRS for the docs, it would be better to document using certbot or mod_md to get Let's Encrypt certs here anyway.
Adam, thanks for tagging us, we'll track the removal in the repo's issues: http://pagure.io/fedora-docs/system-administrators-guide/issue/35 Joe, a docs update would be definitely appreciated. Let me know if you have any questions about contributing to our docs; you can reach me by mail (on this address or on docs.org), or in #fedora-docs on Freenode.
The package was retired.