[pkg-gnupg-maint] Bug#806940: Bug#806940: gpgv-static possible?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Nov 9 02:22:41 UTC 2016
On Sun 2016-11-06 13:45:30 -0600, Hans-Christoph Steiner wrote:
> With the stretch freeze in the foreseeable future, I'd like to ask what
> are the chances of this being included?
for those not up to speed on https://bugs.debian.org/806940, "this" is
the idea of a gpgv-static binary package.
> It would really help make it easy for all the various chroot manager
> apps to do the right then when using debootstrap to install. Lots of
> people are using crouton for real work without realizing that the
> install process is basically wide open to exploitation.
>
> for example:
> https://github.com/dnschneid/crouton/issues/2362#issuecomment-258653710
This is an interesting proposal -- it's basically asking debian to
distribute a gpgv-static .deb not for use in debian, but for
easier/wider deployment on non-debian platforms (making it safer and
easier to run debian chroots on those platforms). I like it :)
Which platforms is this targeted for, though? debian's already building
a static gpgv for win32 (see the gpgv-win32 package), and presumably
other linux distros already ship gpgv. no? Presumably this isn't
targeting OS X either, right? Can you be a little clearer about the
rationale?
I'm attaching a very rough proposal for how we'd make a gpgv-static.
But i note when using this approach, during the final linking of gpgv, i
see the following error messages:
../common/libcommon.a(libcommon_a-stringhelp.o): In function `get_pwdir':
./build-gpgv-static/common/../../common/stringhelp.c:378: warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./build-gpgv-static/common/../../common/stringhelp.c:385: warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
That doesn't sound like a warning we want. does anyone know how to
resolve it?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-trying-to-resolve-806940.patch
Type: text/x-diff
Size: 2403 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161108/3568e978/attachment.patch>
More information about the pkg-gnupg-maint
mailing list