[SOLVED] WARNING: Package contains reference to $srcdir

dakota · 2018-10-11 20:00:31

I am building _Password Safe_ from the AUR: https://aur.archlinux.org/packages/passwordsafe/

During the makepkg stage, I received the following warning:

==> WARNING: Package contains reference to $srcdir usr/bin/pwsafe

I have been warned... but I'm not sure what I'm being warned against.

Here is the PKGBUILD

# Maintainer: Alexander Schnaidt <alex.schnaidt@gmail.com>

_pkgname=pwsafe
pkgname=passwordsafe
_pkgver=1.06
pkgver="$_pkgver"BETA
pkgrel=1
pkgdesc="Simple & Secure Password Management"
arch=('i686' 'x86_64')
url="https://pwsafe.org/"
license=('Artistic2.0')
depends=('libxtst' 'wxgtk' 'yubikey-personalization' 'xerces-c' 'qrencode')
makedepends=('zip' 'libxt' 'cmake' 'gtest' 'git')
optdepends=('xvkbd: virtual-keyboard support')
conflicts=('passwordsafe-debian' 'passwordsafe-git' 'pwsafe' 'pwsafe-gui')
source=(https://github.com/pwsafe/pwsafe/archive/$pkgver.tar.gz
	https://github.com/pwsafe/pwsafe/releases/download/$pkgver/$pkgver.tar.gz.sig)
validpgpkeys=('C8876BE69A8EC6414C8C8729B131423D7F2F1BB9')  # http://pgp.mit.edu/pks/lookup?op=vindex&search=0xB131423D7F2F1BB9
sha1sums=('eab2716a6e8a833c13e8f57e251cf2865bf5a1e5'
          'SKIP')

build() {
	cd $_pkgname-$pkgver
	mkdir -p build
	cd build
	cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release
	make
}

package() {
	cd "$_pkgname-$pkgver"
	cd build
	DESTDIR="$pkgdir" make install
}

Why should I care if the package makes reference to $srcdir usr/bin/pwsafe or not? Is there something I should be doing differently?

Cheers,

Last edited by dakota (2022-09-18 21:44:18)

Morganamilo · 2018-10-11 21:17:56

It means the $srcdir path is contained somewhere inside the finished package, this is usually in the form of debug info or something. This is bad for reproducible builds but doesn't really effect anything else.

WorMzy · 2018-10-11 22:16:25

The warning means that usr/bin/pwsafe contains a reference to whatever dir it was built from. This may be benign, or it may be the case that it tries to write important information to e.g. /home/alex/builds/pwsafe/src/pwsafe (regardless of who runs it). What is usr/bin/pwsafe? If it's a script/wrapper, open it in a pager or text editor and see what the reference is (maybe it's just a comment). If it's a binary, then it's a little more complicated -- you're probably best off examining the src folder for any hardcoded reference to it's path and finding out what that reference is used for.

mpan · 2018-10-12 05:05:07

The compiled binary contains references to names of the source code “.cpp” files. It looks like debugging information and, therefore, seems benign.

I have pinged the maintainer. Feel free to comment about the issue on PKGBUILD’s page on AUR. However, if this really is debugging information, chances are that the issue will not be fixed.

eschwartz · 2018-10-12 16:06:27

Debugging info would usually be in headers to be stripped and installed in detached debugging packages after remapping them using -fdebug-prefix-map.

The reason for these references is: https://github.com/pwsafe/pwsafe/search … q=__FILE__

You could discuss with upstream why they use this, I guess.

dakota · 2018-10-12 18:44:39

Thanks everybody!

WorMzy wrote:

What is usr/bin/pwsafe? ...If it's a binary, then it's a little more complicated -- you're probably best off examining the src folder for any hardcoded reference to it's path and finding out what that reference is used for.

It is a binary. By 'examining the src folder' you mean the src folder inside the 'builds' folder, right? The folder that got created when I ran makepkg -s ?

mpan wrote:

The compiled binary contains references to names of the source code “.cpp” files.

Out of curiosity, how did you determine this if the binary is compiled? Did you look in the 'builds' folder ( .builds/passwordsafe/src/pwsafe-1.06BETA/src/os/unix) ?

FYI - I posted a comment on the PKGBUILD’s page on AUR as suggested by mpan.

mpan · 2018-10-13 01:01:24

eschwartz wrote:

Debugging info would usually be in headers to be stripped and installed in detached debugging packages after remapping them using -fdebug-prefix-map.

By “debugging info” I didn’t meant debug symbols, literally. Any debugging info. Also: good find, the filenames match. So it’s something done explicitly by the upstream.

dakota wrote:

Out of curiosity, how did you determine this if the binary is compiled? Did you look in the 'builds' folder ( .builds/passwordsafe/src/pwsafe-1.06BETA/src/os/unix) ?

grep -rF /path/to/the/build/dir .

Since that found matches in a binary file, I extracted strings using strings and fgreped through that:

strings ./pkg/passwordsafe/usr/bin/pwsafe | grep -F /path/to/the/build/dir

dakota · 2018-10-13 18:18:17

mpan wrote:

dakota wrote:
Out of curiosity, how did you determine this if the binary is compiled? Did you look in the 'builds' folder ( .builds/passwordsafe/src/pwsafe-1.06BETA/src/os/unix) ?
grep -rF /path/to/the/build/dir .
Since that found matches in a binary file, I extracted strings using strings and fgreped through that:
strings ./pkg/passwordsafe/usr/bin/pwsafe | grep -F /path/to/the/build/dir

Very nice. Thank you.

Arch Linux

#1 2018-10-11 20:00:31

[SOLVED] WARNING: Package contains reference to $srcdir

#2 2018-10-11 21:17:56

Re: [SOLVED] WARNING: Package contains reference to $srcdir

#3 2018-10-11 22:16:25

Re: [SOLVED] WARNING: Package contains reference to $srcdir

#4 2018-10-12 05:05:07

Re: [SOLVED] WARNING: Package contains reference to $srcdir

#5 2018-10-12 16:06:27

Re: [SOLVED] WARNING: Package contains reference to $srcdir

#6 2018-10-12 18:44:39

Re: [SOLVED] WARNING: Package contains reference to $srcdir

#7 2018-10-13 01:01:24

Re: [SOLVED] WARNING: Package contains reference to $srcdir

#8 2018-10-13 18:18:17

Re: [SOLVED] WARNING: Package contains reference to $srcdir

Board footer