[pkg-gnupg-maint] Bug#806940: Bug#806940: gpgv-static possible?

[Hans-Christoph Steiner]

For the use cases I've outlined, gpgv-static definitely does not need
LDAP/PAM/NFS/whatever, and would probably be totally fine without all
kinds of tilde expansion.

Daniel Kahn Gillmor:
> Tilde expansion isn't super important -- it certainly shouldn't be used
> in debootstrap.  And if the result was a crash i'd really want to find a
> workaround here.  Out of curiosity, how is HAVE_PWD_H set (or unset) in
> the config.h for your static build against bionic libc?

The Android toolchain (aka NDK) does not set HAVE_PWD_H, but in my
Android builds of gnupg 2.1, it is set:

  #define HAVE_PWD_H 1

And Android does indeed have that header at, for example:
/opt/android-ndk/platforms/android-21/arch-x86/usr/include/pwd.h


Daniel Kahn Gillmor:
> given that the statically-built binary appears to fail gracefully in the
> absence of libnss inside a chroot, though, i'm inclined to not bother
> with either of these approaches.

I'm fine with trying it as is.  Otherwise, just remove NSS/LDAP/etc and
tilde expansion entirely and be done with it.



Here's my stab at the description:

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, built statically
 so that it can be directly used on any platform that is running on
 the Linux kernel.  Android and ChromeOS are two well known examples,
 but there are many other platforms that this will work for, like
 embedded Linux OSes.  This gpgv in combination with debootstrap
 and Debian keyrings allows the secure creation of chroot installs on
 these platforms by using the full Debian signature verification that
 is present in all official Debian mirrors.

.hc