[pkg-gnupg-maint] Bug#806940: Bug#806940: gpgv-static possible?
Hans-Christoph Steiner
hans at eds.org
Wed Nov 9 12:18:03 UTC 2016
Daniel Kahn Gillmor:
> On Sun 2016-11-06 13:45:30 -0600, Hans-Christoph Steiner wrote:
>> With the stretch freeze in the foreseeable future, I'd like to ask what
>> are the chances of this being included?
>
> for those not up to speed on https://bugs.debian.org/806940, "this" is
> the idea of a gpgv-static binary package.
>
>> It would really help make it easy for all the various chroot manager
>> apps to do the right then when using debootstrap to install. Lots of
>> people are using crouton for real work without realizing that the
>> install process is basically wide open to exploitation.
>>
>> for example:
>> https://github.com/dnschneid/crouton/issues/2362#issuecomment-258653710
>
> This is an interesting proposal -- it's basically asking debian to
> distribute a gpgv-static .deb not for use in debian, but for
> easier/wider deployment on non-debian platforms (making it safer and
> easier to run debian chroots on those platforms). I like it :)
>
> Which platforms is this targeted for, though? debian's already building
> a static gpgv for win32 (see the gpgv-win32 package), and presumably
> other linux distros already ship gpgv. no? Presumably this isn't
> targeting OS X either, right? Can you be a little clearer about the
> rationale?
This is targeting Android and ChromeOS, both based on the Linux kernel.
Chromebooks are big sellers around the world, and are great for running
Debian. Android is the most popular OS in the world, by active user
count. There are literally hundreds of thousands of users running
GNU/Linux chroots on Android, with Debian being a top choice:
https://play.google.com/store/apps/details?id=ru.meefik.linuxdeploy
https://play.google.com/store/apps/details?id=champion.gnuroot
> I'm attaching a very rough proposal for how we'd make a gpgv-static.
> But i note when using this approach, during the final linking of gpgv, i
> see the following error messages:
>
> ../common/libcommon.a(libcommon_a-stringhelp.o): In function `get_pwdir':
> ./build-gpgv-static/common/../../common/stringhelp.c:378: warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> ./build-gpgv-static/common/../../common/stringhelp.c:385: warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
>
> That doesn't sound like a warning we want. does anyone know how to
> resolve it?
>
> --dkg
Perhaps it doesn't matter? For Lil' Debi, I built gpgv statically on
Debian for Android, and it worked well. But that was using the Android
NDK, so it was not building against glibc but rather Android's bionic libc.
https://github.com/guardianproject/lildebi/blob/master/external/Makefile#L123
.hc
More information about the pkg-gnupg-maint
mailing list