Ubuntu
postfix package

bionic: postfix-dbgsym package lacks DWARF information

Bug #1931306 reported by Alexander Scheel
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postfix (Debian)
Fix Released
Unknown
postfix (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Won't Fix
Low
Michał Małoszewski
Focal
Invalid
Low
Unassigned

Bug Description

I was looking to debug postfix on Bionic today due to a FIPS OpenSSL issue, but failed. ~sergiodj on #ubuntu-devel came to the realization that the debug symbols shipped in postfix-dbgsym (and likely the other postfix-*-dbgsym packages) lacked DWARF information.

This means gdb & friends won't load debug symbols when debugging postfix.

When following http://www.postfix.org/DEBUG_README.html:

GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/postfix/sbin/smtpd...Reading symbols from /usr/lib/debug/.build-id/9b/c4e924c12d39a5f8577f7bf3432ccafc11bed9.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Attaching to program: /usr/lib/postfix/sbin/smtpd, process 14989
Reading symbols from /usr/lib/postfix/libpostfix-master.so...Reading symbols from /usr/lib/debug/.build-id/a0/30c76af3133e70f6c5e83b1e8706fe4488d327.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Reading symbols from /usr/lib/postfix/libpostfix-tls.so...Reading symbols from /usr/lib/debug/.build-id/3f/aa67e6a05ec7c431510aa282e437d189a93558.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Reading symbols from /usr/lib/postfix/libpostfix-dns.so...Reading symbols from /usr/lib/debug/.build-id/c7/fbba4a5d9f5799be077de3bcb5c4a0af98ea41.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Reading symbols from /usr/lib/postfix/libpostfix-global.so...Reading symbols from /usr/lib/debug/.build-id/7c/01ebd867e112fcc7c36cffda34d5b41625456d.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Reading symbols from /usr/lib/postfix/libpostfix-util.so...Reading symbols from /usr/lib/debug/.build-id/3a/6656b78d2fbd615d9204b39ea4b75cad264f97.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
... snip ...
Breakpoint 1, rand_drbg_restart (drbg=0x5603edebd000, buffer=0x7f5664352cb0 <randseed> "\215:", len=24, entropy=192) at ../crypto/rand/drbg_lib.c:478
478 {
(gdb) backtrace
#0 rand_drbg_restart (drbg=0x5603edebd000, buffer=0x7f5664352cb0 <randseed> "\215:", len=24, entropy=192) at ../crypto/rand/drbg_lib.c:478
#1 0x00007f5662cbff55 in drbg_add (buf=0x7f5664352cb0 <randseed>, num=24, randomness=<optimized out>) at ../crypto/rand/drbg_lib.c:982
#2 0x00007f566414ab77 in tls_server_start () from /usr/lib/postfix/libpostfix-tls.so
#3 0x00005603ecb66eed in smtpd_start_tls ()
#4 0x00005603ecb676b8 in starttls_cmd ()

#6 0x0000558df1c52a32 in smtpd_service ()
#7 0x00007fd3ae0c47aa in single_server_wakeup () from /usr/lib/postfix/libpostfix-master.so
#8 0x00007fd3ad832d28 in event_loop () from /usr/lib/postfix/libpostfix-util.so
#9 0x00007fd3ae0c56a8 in single_server_main () from /usr/lib/postfix/libpostfix-master.so
#10 0x0000558df1c4bb50 in main ()

Notice the warnings from gdb and missing mapping information on the Postfix functions. This remains even though OpenSSL debug information is present and loads properly.

Packages:

[root@ubuntu-1804-base-fips openssl-1.1.1]# dpkg --list | grep -i postfix
ii postfix 3.3.0-1ubuntu0.3 amd64 High-performance mail transport agent
ii postfix-cdb 3.3.0-1ubuntu0.3 amd64 CDB map support for Postfix
ii postfix-cdb-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-cdb
ii postfix-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix
ii postfix-ldap 3.3.0-1ubuntu0.3 amd64 LDAP map support for Postfix
ii postfix-ldap-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-ldap
ii postfix-lmdb 3.3.0-1ubuntu0.3 amd64 LMDB map support for Postfix
ii postfix-lmdb-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-lmdb
ii postfix-mysql 3.3.0-1ubuntu0.3 amd64 MySQL map support for Postfix
ii postfix-mysql-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-mysql
ii postfix-pcre 3.3.0-1ubuntu0.3 amd64 PCRE map support for Postfix
ii postfix-pcre-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-pcre
ii postfix-pgsql 3.3.0-1ubuntu0.3 amd64 PostgreSQL map support for Postfix
ii postfix-pgsql-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-pgsql
ii postfix-sqlite 3.3.0-1ubuntu0.3 amd64 SQLite map support for Postfix
ii postfix-sqlite-dbgsym 3.3.0-1ubuntu0.3 amd64 debug symbols for postfix-sqlite

This is confirmed by eu-readelf -w on one of the debug files:

$ eu-readelf -w /usr/lib/debug/.build-id/3f/aa67e6a05ec7c431510aa282e437d189a93558.debug

Thus this is a bug in postfix packaging.

I have not tested this on later versions of the postfix from later Ubuntu releases.

Tags: bitesize

Related branches

~michal-maloszewski99/ubuntu/+source/postfix:fix-dwarf-branch-bionic
Robie Basak: Disapprove
Athos Ribeiro (community): Needs Information
Canonical Server Core Reviewers: Pending requested
Canonical Server Reporter: Pending requested
git-ubuntu import: Pending requested
Diff: 29 lines (+8/-1)
2 files modified
debian/changelog (+6/-0)
debian/rules (+2/-1)
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Heh, this ended up in my triage today :-).

Anyway, I'm confirming that the bug happens on Focal, but unfortunately this will be a low priority one for us. I'm also confirming that Impish doesn't suffer from this problem; the debuginfo files from postfix-dbgsym there do have the correct DWARF info.

Thanks!

Changed in postfix (Ubuntu):
status: New → Fix Released
Changed in postfix (Ubuntu Focal):
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

FWIW, I haven't checked whether a simple rebuild of the package would be enough to fix this. I will try to set up a PPA later and confirm.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

OK, I was able to determine that a rebuild of the package will likely solve this issue. Here's a PPA with the rebuild:

https://launchpad.net/~sergiodj/+archive/ubuntu/postfix-debuginfo

You can verify that the .debug files that were generated by this build contain the proper DWARF information that is needed to debug postfix. Note: I haven't tried to actually debug postfix using GDB; I just inspected the .debug file using eu-readelf.

Also, if you want to enable the debug repository you will have to edit the corresponding source list and add the following line:

deb http://ppa.launchpad.net/sergiodj/postfix-debuginfo/ubuntu focal main/debug

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

My bad: I built the package for Focal, which doesn't suffer from the bug. I haven't tested Bionic. Sorry about it.

Changed in postfix (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → Low
Changed in postfix (Ubuntu Focal):
status: Triaged → Invalid
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote (last edit ):

So, I was able to confirm that just rebuilding the package does not fix the problem (Alexander had already confirmed this, btw). But I remembered seeing something about "-g" on d/rules, so I decided to take a look at the commit history for the Debian package and voilà, there's a very simple change that was pushed to fix this issue:

https://salsa.debian.org/postfix-team/postfix-dev/-/commit/04a33ed8c10fa958a70c35a2808ac16e935742bd

There's also a corresponding Debian bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910291

Anyway, I've backported the fix, built the package on my PPA and verified that it does fix the problem. Here's the PPA, in case you would like to try:

https://launchpad.net/~sergiodj/+archive/ubuntu/postfix-debuginfo/+packages

Bug Watch Updater (bug-watch-updater)
Changed in postfix (Debian):
status: Unknown → Fix Released
Revision history for this message
Alexander Scheel (cipherboy) wrote :

Thanks Sergio!

I've confirmed this fixed build does indeed solve the issue for me and I was able to use it to successfully debug the failures I was seeing with postfix+FIPS OpenSSL.

Athos Ribeiro (athos-ribeiro)
tags: added: bitesize
Michał Małoszewski (michal-maloszewski99)
Changed in postfix (Ubuntu Bionic):
assignee: nobody → Michał Małoszewski (michal-maloszewski99)
Revision history for this message
Robie Basak (racb) wrote :

SRU -1 for Bionic.

As far as I understand, this is fixed in Focal and newer, and for Bionic, while Alexander, the original reporter, had a genuine issue, he was able to resolve it with a local build, thanks to Sergio's investigation here and Scott and Paride's involvement at the Debian end.

Therefore, I don't think there's a single person left who would benefit from landing this fix in Bionic, but a fix would come with the cost of a very large number of unaffected users having to download a rebuild, risking a postinst error due to local configuration issues, etc.

If the situation is different or changes, we can reconsider. Please reopen the Bionic task if so. In the meantime, I'll set the Bionic task to Won't Fix.

Changed in postfix (Ubuntu Bionic):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.