Regression: qemu-user-static binaries are dynamically linked
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Groovy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[ Impact ]
* An upstream change [1] had undesired impact of making qemu-user-static
no more fully static. In some cases e.g. cross arch debootstrapping
that breaks the use case.
* The root cause is the use of ld with an unsupported pie related flag.
We have fixed this upstream and this backports that change.
[Test Case]
* $ file $(dpkg -L qemu-user-static | grep bin\/qemu-
Should show "statically linked", but not "dynamically linked" (bad case)
[Where problems could occur]
* I can't think of an immediate expected regression that comes to mind,
but the following at least limits the area to look for issues.
The change it limited to qemu-user-static. Therefore impacts would be
seen there but not in e.g. system emulation (other binaries, those
didn't change except for being rebuilt).
Also the new behavior matches what we had pre-groovy and therfore what
users expect.
[Other Info]
* n/a
[1]: https:/
---
On 20.04 (qemu 4.2) the binaries built for qemu-user-static - specifically in the case I've hit /usr/bin/
The same binaries from a qemu 5.x build are not. Although they don't link to other shared libraries they are dynamically linked to glibc and therefore require the same version of the glibc shared libraries at runtime. This breaks many uses in foreign architecture chroots; in my case an aarch64 being built with debootstrap:
On focal:
$ file /usr/bin/
/usr/bin/
$ dpkg -S /usr/bin/
qemu-user-static: /usr/bin/
$ apt list qemu-user-static
qemu-user-
But recent builds of 5.2 are not; for example from hirsute (qemu-user-
$ file /tmp/qemu-
/tmp/qemu-
I hit this whilst trying to track down another bug and building upstream git HEAD on 20.04 with:
$ ../../qemu/
$ make
$ file qemu-aarch64
qemu-aarch64: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[
It looks like changes to the qemu build system are responsible. I asked on OFTC #qemu and at that time no-one was particularly aware of the significance/
Looking at the configure output summary between the focal and hirsute/upstream builds I noticed that there is no longer a separate summary for LDFLAGS - it now only reports QEMU_LDFLAGS.
That seems significant since focal passed "-static" with LDFLAGS not QEMU_LDFLAGS:
LDFLAGS -Wl,--warn-common -m64 -static -g -Wl,-Bsymbolic-
QEMU_LDFLAGS
whereas hirsute shows:
QEMU_LDFLAGS: -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -static-pie -m64 -g -O2 -fdebug-
(notice it is -static-pie not -static now)
I've seen mention in qemu commit messages of the meson build system changes causing issues around passing of linker flags but it needs someone familiar with the project and build system to figure this out.
Related branches
- Sergio Durigan Junior (community): Needs Fixing
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 115 lines (+57/-15)4 files modifieddebian/changelog (+8/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lp-1907656-s390x-s390-virtio-ccw-Reset-PCI-devices-during-subsy.patch (+43/-0)
debian/rules (+5/-15)
description: | updated |
description: | updated |
Changed in qemu (Ubuntu): | |
importance: | Undecided → High |
Changed in qemu (Ubuntu Groovy): | |
importance: | Undecided → Medium |
description: | updated |
tags: | added: server-triage-discuss |
To be sure I built upstream v4.2.1 and it reports the expected and required linkage. Build needs some additional tweaking to avoid libssh deprecated functions causing -Werror to trigger:
$ sudo apt install liblzma-dev
$ ../../qemu/ configure --target- list=aarch64- linux-user --static --disable-system --enable-linux-user --extra- cflags= '-Wno-deprecate d-declarations'
$ make -j8 V=1
$ file ./aarch64- linux-user/ qemu-aarch64 linux-user/ qemu-aarch64: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[ sha1]=70f5e10ac 0eb9b63d7758850 e2f18d0a047d4b7 9, for GNU/Linux 3.2.0, with debug_info, not stripped
./aarch64-