[pkg-gnupg-maint] Bug#1103931: gnupg2: Please don't build-depend on swtpm on unsupported architectures
John Paul Adrian Glaubitz
glaubitz at physik.fu-berlin.de
Wed Apr 23 22:14:01 BST 2025
Hi Gregor,
On Wed, 2025-04-23 at 21:44 +0200, Gregor Riepl wrote:
> (sorry, this should have included a Cc... I added some additional analysis below)
>
> > Also I am not to hot about hardcoding the list of archs where swtpm is
> > available in debian/control but do not see a better alternatives. - Any
> > ideas?
>
> swtpm is a software TPM implementation[1] and shouldn't demand anything platform specific.
That is correct, of course. My approach was merely to get gnupg2 fixed as soon as possible
as it's an important package and not being able to install can cause a port to not become
installable or updateable at all since the gnupg, gnupg2, ... meta packages are arch all.
> Looking at the buildd report[2], the problems seems to be missing dependencies: seccomp and
> python3-cryptography->cargo[3]. The report doesn't mention it, but libtpms is also missing
> on some archs[7].
>
> As a first step, I'd make sure seccomp is indeed required and try to build without it on
> those archs where it isn't implemented. This would apply to alpha and sparc64.
Adding seccomp support to alpha and sparc64 is on my Debian Ports TODO list [1], but it doesn't
have very high priority at the moment. There are just too many other more important tasks to
address.
> As for cargo: The extremely convoluted bootstrapping process (see [4]) ultimately requires
> an existing rust compiler to compile a new version of rustc and cargo. This can be kicked
> off with the instructions in [5], but it will require LLVM 19, which is currently missin
> on a few architectures due to lack of upstream support: [6]
Yeah, I know how to bootstrap rustc and I would have already done it on the architectures
where it's missing. But, as you said, it currently requires LLVM as the rustc_codegen_gcc
backend [2] which uses GCC instead of LLVM for code generation isn't fully usable yet.
> So... my conclusion from all of this is:
> sparc64 could be made to work if swtpm is built without seccomp (for this architecture only).
> I did a quick test and can confirm that this is possible by passing --without-seccomp and
> removing SWTPM_TEST_SECCOMP_OPT from the autopkgtest. I don't think the reduced security
> would be a huge issue on sparc64 anyway...
You can go ahead and file a bug report to get this change integrated into swtpm. However, as
mentioned before, adding sparc64 to seccomp is on my TODO list for one and secondly, to get
gnupg2 installable as soon as possible on the affected architectures, it would be easier to
disable the TPM stuff on the affected architectures as it isn't really needed there.
> alpha, hppa and sh4 won't work unless LLVM 19 includes support for these architectures,
> or there is some other way to build the rust packages.
Either rustc_codegen_gcc or the Rust frontend (gccrs) in GCC in the future.
Adrian
> [1] https://people.debian.org/~glaubitz/debian-ports-todo.txt
> [2] https://rust-for-linux.com/rustc_codegen_gcc
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer
`. `' Physicist
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
More information about the pkg-gnupg-maint
mailing list