From gniibe at fsij.org Tue Mar 3 03:04:27 2026 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 03 Mar 2026 11:04:27 +0900 Subject: Building GnuPG packages and PKG_CHECK_MODULES Message-ID: <87h5qxllck.fsf@haruna.fsij.org> Hello, Sachin T, (also sent to GnuPG development mailing list) Thank you for your patches last year. While maintaining the GnuPG packages, I found an issue in libgpg-error. For GnuPG, we have kept the dependency smaller as possible. This is because GnuPG is an important package in an OS, in general, and smaller dependency allows easy adoption in earlier phase of OS bootstrapping. But now, (because of the change of z/OS support), for the maintainers, it requires PKG_CHECK_MODULES macro from pkg-config. I'm afraid it's a bit larger change. pkg-config is common these days, but not that essential. Last year, for z/OS support of libgpg-error, we added EXTRA_LIBS_FOR_BUILD in libgpg-error/configure.ac. IIUC, this is needed for z/OS to link zoslib to the executable (this case, it's mkheader command). For libgcrypt, you asked similar. I noticed that this would be problematic (might result patches for many packages as well), and suggested another approach of preparing a wrapper script for CC_FOR_BUILD and use the script to build packages. I wonder if the approach works well for your projects. If it works well, is it possible to consider removal of EXTRA_LIBS_FOR_BUILD in libgpg-error/configure.ac ? Thank you in advance for your time, -- From sachin.t at ibm.com Tue Mar 3 07:05:09 2026 From: sachin.t at ibm.com (Sachin T) Date: Tue, 3 Mar 2026 06:05:09 +0000 Subject: Building GnuPG packages and PKG_CHECK_MODULES In-Reply-To: <87h5qxllck.fsf@haruna.fsij.org> References: <87h5qxllck.fsf@haruna.fsij.org> Message-ID: Hello NIIBE, Yes, I?ve already tested the suggested approach and it works on my side. Based on that, I?ve shared the reverted patch below, Please review and let me know if anything?s needed. Appreciate the guidance. Thanks, Sachin --- * configure.ac: Revert pkgconfig requirement and EXTRA_LIBS_FOR_BUILD setting * src/Makefile.am: Remove EXTRA_LIBS_FOR_BUILD variable Signed-off-by: Sachin T --- configure.ac | 18 ------------------ src/Makefile.am | 2 +- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/configure.ac b/configure.ac index 58bbf92..d83e7e5 100644 --- a/configure.ac +++ b/configure.ac @@ -142,24 +142,6 @@ case "${host}" in ;; esac -# Set some variables for build platform helpers. -case "$build_os" in - *openedition*) - PKG_CHECK_MODULES([ZOSLIB], [zoslib], - [EXTRA_LIBS_FOR_BUILD="$ZOSLIB_LIBS"], - [AC_MSG_WARN([[ -*** -*** zoslib not found. Please ensure zoslib.pc is in PKG_CONFIG_PATH. -*** (If you are not using zOS please ignore this warning) -***]])]) - ;; - *) - EXTRA_LIBS_FOR_BUILD="" -?????;; -esac -AC_SUBST(EXTRA_LIBS_FOR_BUILD) - - if test "$have_w32_system" != yes; then gl_THREADLIB_EARLY fi diff --git a/src/Makefile.am b/src/Makefile.am index 82b4193..7fd1d98 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -280,7 +280,7 @@ errnos-sym.h: Makefile mkstrtable.awk errnos.in mkheader$(EXEEXT_FOR_BUILD): mkheader.c Makefile ?????$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) \ ?????$(CPPFLAGS_FOR_BUILD) -g -I. -I$(srcdir) \ - -o $@ $(srcdir)/mkheader.c $(EXTRA_LIBS_FOR_BUILD) + -o $@ $(srcdir)/mkheader.c parts_of_gpg_error_h = ?????? ?????\ ?????gpg-error.h.in ??\ -- 2.53.0 From: NIIBE Yutaka Date: Tuesday, 3 March 2026 at 7:34?AM To: Sachin T , GnuPG development Subject: [EXTERNAL] Building GnuPG packages and PKG_CHECK_MODULES Hello, Sachin T, (also sent to GnuPG development mailing list) Thank you for your patches last year. While maintaining the GnuPG packages, I found an issue in libgpg-error. For GnuPG, we have kept the dependency smaller as possible. This is because GnuPG is an important package in an OS, in general, and smaller dependency allows easy adoption in earlier phase of OS bootstrapping. But now, (because of the change of z/OS support), for the maintainers, it requires PKG_CHECK_MODULES macro from pkg-config. I'm afraid it's a bit larger change. pkg-config is common these days, but not that essential. Last year, for z/OS support of libgpg-error, we added EXTRA_LIBS_FOR_BUILD in libgpg-error/configure.ac. IIUC, this is needed for z/OS to link zoslib to the executable (this case, it's mkheader command). For libgcrypt, you asked similar. I noticed that this would be problematic (might result patches for many packages as well), and suggested another approach of preparing a wrapper script for CC_FOR_BUILD and use the script to build packages. I wonder if the approach works well for your projects. If it works well, is it possible to consider removal of EXTRA_LIBS_FOR_BUILD in libgpg-error/configure.ac ? Thank you in advance for your time, -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From gniibe at fsij.org Wed Mar 4 02:58:02 2026 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 04 Mar 2026 10:58:02 +0900 Subject: Building GnuPG packages and PKG_CHECK_MODULES In-Reply-To: References: <87h5qxllck.fsf@haruna.fsij.org> Message-ID: <87342gpd91.fsf@haruna.fsij.org> Hello, Sachin T wrote: > Yes, I?ve already tested the suggested approach and it works on my > side. Based on that, I?ve shared the reverted patch below, Please > review and let me know if anything?s needed. Thank you for your cooperation. Applied and pushed to master. -- From mikhail at filippov.me Mon Mar 16 20:37:16 2026 From: mikhail at filippov.me (Mikhail Filippov) Date: Mon, 16 Mar 2026 23:37:16 +0400 Subject: [PATCH libgpg-error] spawn:w32: Fix use-after-scope of handle array passed to PROC_THREAD_ATTRIBUTE_HANDLE_LIST. Message-ID: <008f1c96-00c8-4b58-8e38-6d800b7e2896@filippov.me> I found this bug while testing GnuPG on Windows ARM64: gpg-agent and dirmngr would not start, with CreateProcessW returning error 87. --- From ed2cccb9d778a918fd05a7af39be966e925db587 Mon Sep 17 00:00:00 2001 From: Mikhail Filippov Date: Mon, 16 Mar 2026 19:52:56 +0400 Subject: [PATCH libgpg-error] spawn:w32: Fix use-after-scope of handle array ?passed to PROC_THREAD_ATTRIBUTE_HANDLE_LIST. * src/spawn-w32.c (_gpgrt_process_spawn): Move the hd[32] array declaration from inside the inner block to the function scope, so that the array remains live when CreateProcessW is called. UpdateProcThreadAttribute stores a pointer to the caller-supplied handle array inside the PROC_THREAD_ATTRIBUTE_LIST.? The documentation states: "lpValue: A pointer to the attribute value.? This value must persist until the attribute list is destroyed using the DeleteProcThreadAttributeList function." In the original code, hd[32] was declared inside a { } block that ends before CreateProcessW is called.? Its lifetime, therefore, expired before the kernel read it back through si.lpAttributeList.? On x86-64, the stack slot happened to remain undisturbed, masking the bug.? On Windows ARM64, the compiler and/or kernel accesses the list at a different point, causing CreateProcessW to return ERROR_INVALID_PARAMETER (ec=87) and preventing gpg-agent / dirmngr from being auto-spawned. --- ?src/spawn-w32.c | 2 +- ?1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/spawn-w32.c b/src/spawn-w32.c index c85be91..f21991a 100644 --- a/src/spawn-w32.c +++ b/src/spawn-w32.c @@ -548,6 +548,7 @@ _gpgrt_process_spawn (const char *pgmname, const char *argv[], ? ?HANDLE hd_in[2]; ? ?HANDLE hd_out[2]; ? ?HANDLE hd_err[2]; +? HANDLE hd[32]; ? ?BOOL ask_inherit = FALSE; ? ?struct gpgrt_spawn_actions act_default; ? ?char *env = NULL; @@ -710,7 +711,6 @@ _gpgrt_process_spawn (const char *pgmname, const char *argv[], ? ? ?hd_err[1] = w32_open_null (1, enable_null_device); ? ? ?{ -? ? HANDLE hd[32]; ? ? ?HANDLE *hd_p = act->inherit_hds; ? ? ?int j = 0; ? --? 2.53.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Tue Mar 17 01:39:58 2026 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 17 Mar 2026 09:39:58 +0900 Subject: [PATCH libgpg-error] spawn:w32: Fix use-after-scope of handle array passed to PROC_THREAD_ATTRIBUTE_HANDLE_LIST. In-Reply-To: <008f1c96-00c8-4b58-8e38-6d800b7e2896@filippov.me> References: <008f1c96-00c8-4b58-8e38-6d800b7e2896@filippov.me> Message-ID: <87cy13uw4h.fsf@haruna.fsij.org> Hello, Thank you for your patch. Good catch. Mikhail Filippov wrote: > From ed2cccb9d778a918fd05a7af39be966e925db587 Mon Sep 17 00:00:00 2001 > From: Mikhail Filippov > Date: Mon, 16 Mar 2026 19:52:56 +0400 I applied this (modifying to a shorter title) and pushed to master. -- From wk at gnupg.org Tue Mar 17 16:35:10 2026 From: wk at gnupg.org (Werner Koch) Date: Tue, 17 Mar 2026 16:35:10 +0100 Subject: [PATCH libgpg-error] spawn:w32: Fix use-after-scope of handle array passed to PROC_THREAD_ATTRIBUTE_HANDLE_LIST. In-Reply-To: <008f1c96-00c8-4b58-8e38-6d800b7e2896@filippov.me> (Mikhail Filippov via Gnupg-devel's message of "Mon, 16 Mar 2026 23:37:16 +0400") References: <008f1c96-00c8-4b58-8e38-6d800b7e2896@filippov.me> Message-ID: <87ecliii4x.fsf@jacob.g10code.de> On Mon, 16 Mar 2026 23:37, Mikhail Filippov said: > Windows ARM64, the compiler and/or kernel accesses the list at a For the records: which compiler are you using? Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 284 bytes Desc: not available URL: