[syslinux] Problems compiling syslinux on Debian 10

[Tom Lisjac]

Up to now I've been doing the same thing Steve Rikli mentioned in his posting... copying the binaries.

And while the distro provided syslinux binaries work, the goal of my current project is to build a basic OS entirely from signed sources. Nothing new about sig traceability improving binary trust, but I was curious if every component of the OS could be be built with that discipline in 2022.

Until this problem, the answer was "yes!" as the latest versions of busybox, Linux kernel and gnu infrastructure met the sig requirement and compiled perfectly along with grub206 that Don Cupp suggested as an alternative. Problem is that I've gotten attached to the lightweight, time tested and very capable syslinux that has worked flawlessly in my applications for many years. 

Thanks to Didier's comments yesterday, I realized that the only way to compile the latest version is to apply distro generated patches to the officially broken sources. This would mean that two sigs would be required to verify the package... one from the author and the other from the distro maintainers. In addition to being awkward, the second sig is downstream and reduces confidence that the patches accurately reflect the author's intent and approval. 

I'm debating how to move forward, but have a question. Would it take that much effort for the project maintainers to review the Debian patch, apply it and post a signed and compilable source bundle in the syslinux directory on kernel.org?

Many thanks to everyone who replied... especially Didier who provided the reason why distros can compile and distribute syslinux binaries but I can't from the official project sources.

-Tom


----- Original Message -----
From: "syslinux" <syslinux at syslinux.org>
To: "Didier Spaier" <didier at slint.fr>
Cc: "syslinux" <syslinux at syslinux.org>
Sent: Thursday, October 20, 2022 1:40:25 PM
Subject: Re: [syslinux] Problems compiling syslinux on Debian 10

One of the reasons I ended up on this list was the inability to build any of the last versions of syslinux on Arch a year or more ago.  The binary pkg itself in arch repositories must be the oldest pkg on Arch repositories, compressed with xz instead of the default zst now.  Dated back in Dec2019, so it is going to turn 3 now.
Its last published recipe (Pkgbuild) is unbuildable now and has been sing Sept/21
syslinux-6.04.pre2.r11.gbf6db5b4

In Void the situation is similar, with built pkg  syslinux-6.03_8 

So we are stuck on a mailing-list of software we can no longer build but for some odd reason the old versions built years ago still work.

If we open a discussion on "fOss" and how binaries are published with unbuildable source ... it may be a long hot discussion before it ever ends.

I have found sw built with invalid or failing gpg keys, incorrect checksums, file conflicts that vanish between binaries, etc. .etc.. with very popular distros.  I even had my note with corrections deleted from git... a couple of times.  Theoretically that would have been a "contribution" ...

Sad!!





_______________________________________________
Syslinux mailing list
Submissions to Syslinux at syslinux.org
Unsubscribe or set options at:
https://lists.syslinux.org/syslinux