[sudo-workers] [PATCH] Do not use undocumented Autoconf variables in the AC_SEARCH_LIBS macro
Winchenbach, Samuel
Samuel-Winchenbach at idexx.com
Fri Jan 25 08:12:01 MST 2019
Hi,
We are using autoconf caching and we noticed that lcrypt is not being
linked when sudo is being configured from the cache.
We discovered $ac_lib is not set when autoconf is cached which prevents needed libraries from being linked in.
Steps to reproduce issue:
$ ./configure --config-cache --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--program-prefix="" --disable-nls --disable-static --enable-shared --without-lecture \
--without-sendmail --without-umask --with-logging=syslog --without-interfaces --with-env-editor \
--without-pam --enable-zlib --without-ldap
$ make | grep lcrypt
/bin/sh ../../libtool --tag=disable-static --mode=link gcc -Wl,-z,relro -o sudoers.la sudo_auth.lo getspwuid.lo passwd.lo boottime.lo check.lo editor.lo env.lo env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo goodpath.lo group_plugin.lo interfaces.lo iolog.lo iolog_path.lo locale.lo logging.lo logwrap.lo mkdir_parents.lo parse.lo policy.lo prompt.lo set_perms.lo starttime.lo sudo_nss.lo sudoers.lo timestamp.lo libparsesudoers.la -lcrypt ../../lib/util/libsudo_util.la -lz -module;; \
/bin/sh ../../libtool --tag=disable-static --mode=link gcc -Wl,-z,relro -Wc,-fstack-protector-strong -o sudoers.la sudo_auth.lo getspwuid.lo passwd.lo boottime.lo check.lo editor.lo env.lo env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo goodpath.lo group_plugin.lo interfaces.lo iolog.lo iolog_path.lo locale.lo logging.lo logwrap.lo mkdir_parents.lo parse.lo policy.lo prompt.lo set_perms.lo starttime.lo sudo_nss.lo sudoers.lo timestamp.lo libparsesudoers.la -lcrypt ../../lib/util/libsudo_util.la -lz -module -avoid-version -rpath /usr/libexec/sudo -shrext .so;; \
libtool: link: gcc -shared -fPIC -DPIC .libs/sudo_auth.o .libs/getspwuid.o .libs/passwd.o .libs/boottime.o .libs/check.o .libs/editor.o .libs/env.o .libs/env_pattern.o .libs/file.o .libs/find_path.o .libs/fmtsudoers.o .libs/gc.o .libs/goodpath.o .libs/group_plugin.o .libs/interfaces.o .libs/iolog.o .libs/iolog_path.o .libs/locale.o .libs/logging.o .libs/logwrap.o .libs/mkdir_parents.o .libs/parse.o .libs/policy.o .libs/prompt.o .libs/set_perms.o .libs/starttime.o .libs/sudo_nss.o .libs/sudoers.o .libs/timestamp.o -Wl,--whole-archive ./.libs/libparsesudoers.a -Wl,--no-whole-archive -Wl,-rpath -Wl,/home/swinchen/projects/repos/sudo/lib/util/.libs -Wl,-rpath -Wl,/usr/libexec/sudo -lcrypt ../../lib/util/.libs/libsudo_util.so -lpthread -ldl -lz -Wl,-z -Wl,relro -fstack-protector-strong -Wl,-soname -Wl,sudoers.so -o .libs/sudoers.so
$ make clean
$ ./configure --config-cache --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--program-prefix="" --disable-nls --disable-static --enable-shared --without-lecture \
--without-sendmail --without-umask --with-logging=syslog --without-interfaces --with-env-editor \
--without-pam --enable-zlib --without-ldap
$ make | grep lcrypt
$
Notice there are no lines indiciating that lcrypt is being linked in on the second build.
Below is an output of the autogenerated configure file with annotations
explaining the issue:
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
$as_echo_n "checking for library containing crypt... " >&6; }
if ${ac_cv_search_crypt+:} false; then :
$as_echo_n "(cached) " >&6
else
=========================NOT RUN WHEN CACHED=========================
| ac_func_search_save_LIBS=$LIBS
|cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|/* end confdefs.h. */
|
|/* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
|#ifdef __cplusplus
|extern "C"
|#endif
|char crypt ();
|int
|main ()
|{
|return crypt ();
| ;
| return 0;
|}
|_ACEOF
|for ac_lib in '' crypt crypt_d ufc; do <------ $ac_lib set here
| if test -z "$ac_lib"; then
| ac_res="none required"
| else
| ac_res=-l$ac_lib
| LIBS="-l$ac_lib $ac_func_search_save_LIBS"
| fi
| if ac_fn_c_try_link "$LINENO"; then :
| ac_cv_search_crypt=$ac_res
|fi
|rm -f core conftest.err conftest.$ac_objext \
| conftest$ac_exeext
| if ${ac_cv_search_crypt+:} false; then :
| break
|fi
|done
|if ${ac_cv_search_crypt+:} false; then :
|
|else
| ac_cv_search_crypt=no
|fi
|rm conftest.$ac_ext
|LIBS=$ac_func_search_save_LIBS
|fi
=====================================================================
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5
$as_echo "$ac_cv_search_crypt" >&6; }
ac_res=$ac_cv_search_crypt
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
test -n "$ac_lib" && shadow_libs="${shadow_libs} $ac_res"
fi
^^^^^^ $ac_lib has not been set when there is a cache hit
Signed-off-by: Samuel A. Winchenbach <samuel-winchenbach at idexx.com>
Signed-off-by: Adam Labbe <adam-labbe at idexx.com>
---
diff -r ecb89088a884 -r f9759fc9eeee configure.ac
--- a/configure.ac Tue Jan 22 06:41:16 2019 -0700
+++ b/configure.ac Thu Jan 24 13:11:08 2019 -0500
@@ -3755,7 +3755,9 @@
dnl
if test -z "$LIB_CRYPT"; then
_LIBS="$LIBS"
- AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && shadow_libs="${shadow_libs} $ac_res"])
+ AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc],
+ [test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}"],
+ [AC_MSG_FAILURE([crypt was not found on your system])])
LIBS="$_LIBS"
fi
@@ -3775,10 +3777,16 @@
LIBS="$_LIBS"
fi
if test "$CHECKSHADOW" = "true"; then
- AC_SEARCH_LIBS([getspnam], [gen shadow], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && shadow_libs="${shadow_libs} $ac_res"])
+ AC_SEARCH_LIBS([getspnam], [gen shadow],
+ [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false]
+ [test "${ac_cv_search_getspnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getspnam}"],
+ [AC_MSG_FAILURE([getspnam was not found on your system])])
fi
if test "$CHECKSHADOW" = "true"; then
- AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && shadow_libs="${shadow_libs} $ac_res"])
+ AC_SEARCH_LIBS([getprpwnam], [sec security prot],
+ [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1]
+ [test "${ac_cv_search_getprpwnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getprpwnam}"],
+ [AC_MSG_FAILURE([getprpwnam was not found on your system])])
fi
if test -n "$shadow_libs"; then
# sudoers needs to link with shadow libs for password auth
More information about the sudo-workers
mailing list