FS#79436 - KeePassXC runtime warning of unstable build, risk of corruption

Attached to Project: Arch Linux
Opened by Zee Gav (zGAVz) - Tuesday, 22 August 2023, 00:50 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 22 August 2023, 05:22 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

When building from Arch Linux PKGBUILD, KeePassXC shows critical warning message upon startup:

"WARNING: You are using an unstable build of KeePassXC.
There is a high risk of corruption, maintain a backup of your databases.
This version is not meant for production use."
, it's not building "Release" (even though it appears to).

However, this warning is not shown in the `pacman -S keepassxc` version.

The distro version is supposed to be the same as the PKGBUILD version.... Correct?...

Additional info:
* 2.7.6-1

Steps to reproduce:

$ git clone https://gitlab.archlinux.org/archlinux/packaging/packages/keepassxc.git
$ cd keepassxc && makepkg -i
This task depends upon

Closed by  Toolybird (Toolybird)
Tuesday, 22 August 2023, 05:22 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Use the proper Arch support channels (Forum/IRC/Mailing Lists/Reddit/etc)
Comment by Doug Newgard (Scimmia) - Tuesday, 22 August 2023, 01:37 GMT
The PKGBUILD does build the repo version, and is reproducible (https://reproducible.archlinux.org/api/v0/builds/496760/log).

This is a support issue, and even if it wasn't, it wouldn't be anywhere CLOSE to 'critical' severity.
Comment by Toolybird (Toolybird) - Tuesday, 22 August 2023, 05:22 GMT
To put this to bed finally, Arch official pkgs are built inside a clean chroot [1].

I was curious why building outside a clean chroot (e.g. a plain `makepkg ...') produces a different result.

The reason is this: the 2 build environments are subtly different, which tickles an upstream bug in the CMake files.

Specifically, the `git' binary is not available inside the chroot (we are building from a tarball so there is no need for it). When the git binary *is* available, it triggers this [2] bit of CMake code which causes the build to be flagged as a snapshot.

Moral of the story, *always* build inside a clean chroot as per Arch official pkgs.

[1] https://wiki.archlinux.org/title/DeveloperWiki:Building_in_a_clean_chroot
[2] https://github.com/keepassxreboot/keepassxc/blob/2.7.6/CMakeLists.txt#L143-L182

Loading...