[pkg-gnupg-maint] dirmngr dependency

Andreas Metzler ametzler at bebt.de
Thu Aug 4 18:15:12 UTC 2016 

On 2016-08-04 Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
[...]
> Thanks for catching this!  I'm cc'ing pkg-gnutls-maint, who are
> responsible for libksba.

> Looking at the revisions of debian/rules for libksba, i think the
> packaging could be improved here:

>  913e67fa13638cb56a5e1af8e4167d300dd915ce  (2013-12-23)
>     - convert to dh 9 (upstream: 1.3.0; makeshlibs still 1.2.0)
[...]
> I find a better way to track symbol changes is with an explicit
> debian/libksba8.symbols file.  This has two advantages:
[...]
> I knocked together the attached script (invoked as "./extract-symbols
> libksba8") to generate a debian/libksba8.symbols file, which i'm
> including in the proposed patch below.

> Having done that analysis, it's true that there have been no symbols
> changes since 1.2.0!

Hello,

I will consider this, but would probably set all version requirements to
 >= 1.2.0, as ABI breakage can also be caused by e.g. changed enums.
Testing this is not easily checked by script, and there seems to be no
point in making a big effort of this.

> so the dirmngr dependency is tighter for some
> other reason that i still need to look into.

gnupg2 has
configure.ac:NEED_KSBA_VERSION=1.3.4
dirmngr/dirmngr.c:  if (!ksba_check_version (NEED_KSBA_VERSION) )
... throw an error
sm/gpgsm.c:  if (!ksba_check_version (NEED_KSBA_VERSION) )
... throw an error

This was introduced in c98995efefbdebea8f53d54ba2df4217dfd31ad4
    build: Require latest released libraries
 
    * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
    (do_encryption): Always support OCB.
    (do_decryption): Ditto.
    (agent_unprotect): Ditto.
    * dirmngr/server.c (is_tor_running): Unconditionally build this.
    --
    
    Although not technically required, it is easier to require them to
    avoid bug reports due to too old library versions.

Aargh.

Switching ksba to using a symbol file would have the side-effect of
allowing us to enforces stricter dependencies by including

* Build-Depends-Package: libksba-dev

in the symbol file.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the pkg-gnupg-maint mailing list