[pkg-gnupg-maint] Bug#1104210: gnupg2: libtss-dev build dependency significantly enlarges architecture cross bootstrap set

Sun Apr 27 10:35:27 BST 2025

Source: gnupg2
Version: 2.4.7-3
Severity: important
Justification: breaks architecture cross bootstrap
Tags: patch

gnupg2 recently gained a new dependency on libtss-dev. This in turn
pulls e.g. libftdi1-dev, which requires boost and numpy and stuff. There
is no chance we can make this all build. I looked into reducing
libftdi1 (#1104092), because most other things pulled actually do cross
build with little additional dependencies. However removing boost from
libftdi1 is a non-trivial exercise.

Therefore I looked at gnupg2 and since we only really need gpgv (as long
as cross bootstrap cannot yet supply sqv for apt to depend on), I now
propose the addition of a fairly invasive build profiles that trims the
gnupg2 package build into just building gpgv and nothing else.

I first tried to build gnupg2 without tpm2daemon leaving much else in
place, but I failed at doing this in a reproducible way. Once accepting
that gnupg2 needs a build profile, disabling as much as possible
actually is beneficial. So I moved to disabling everything but gpgv
instead. I note that the result also is not reproducible. The additional
components add compiler flags (e.g. -I...) and those flags influence the
build-id such that the resulting gpgv build does not reproduce the
default build. The changes even affect binary offsets, so quite a bit of
assembly also differs. Still that looks like the least bad option to me.

What do you think. Would you be able to include this change in trixie?
The patch is carefully crafted in such a way as to not affect the
default build.

Helmut
-------------- next part --------------
diff --minimal -Nru gnupg2-2.4.7/debian/changelog gnupg2-2.4.7/debian/changelog

--- gnupg2-2.4.7/debian/changelog	2025-04-16 05:06:01.000000000 +0200
+++ gnupg2-2.4.7/debian/changelog	2025-04-27 10:09:25.000000000 +0200
@@ -1,3 +1,10 @@
+gnupg2 (2.4.7-15.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Add pkg.gnupg2.gpgvonly build profile. (Closes: #-1)
+
+ -- Helmut Grohne <helmut at subdivi.de>  Sun, 27 Apr 2025 10:09:25 +0200
+
 gnupg2 (2.4.7-15) unstable; urgency=medium
 
   [ Andreas Metzler ]
diff --minimal -Nru gnupg2-2.4.7/debian/control gnupg2-2.4.7/debian/control
--- gnupg2-2.4.7/debian/control	2025-04-12 00:43:52.000000000 +0200
+++ gnupg2-2.4.7/debian/control	2025-04-27 10:09:25.000000000 +0200
@@ -23,28 +23,28 @@
  libgnutls28-dev (>= 3.2),
  libgpg-error-dev (>= 1.46),
  libksba-dev (>= 1.6.3),
- libldap2-dev,
+ libldap2-dev <!pkg.gnupg2.gpgvonly>,
  libnpth0-dev (>= 1.2),
- libreadline-dev,
+ libreadline-dev <!pkg.gnupg2.gpgvonly>,
  librsvg2-bin <!nodoc>,
- libsqlite3-dev,
- libtss2-dev,
- libusb-1.0-0-dev [!hurd-any],
- openssh-client <!nocheck>,
+ libsqlite3-dev <!pkg.gnupg2.gpgvonly>,
+ libtss2-dev <!pkg.gnupg2.gpgvonly>,
+ libusb-1.0-0-dev [!hurd-any] <!pkg.gnupg2.gpgvonly>,
+ openssh-client <!nocheck !pkg.gnupg2.gpgvonly>,
  pkgconf,
- swtpm <!nocheck>,
+ swtpm <!nocheck !pkg.gnupg2.gpgvonly>,
  texinfo <!nodoc>,
  unicode-data,
  zlib1g-dev | libz-dev,
 Build-Depends-Indep:
- binutils-multiarch [!amd64 !i386],
- libassuan-mingw-w64-dev (>= 2.5.0),
- libgcrypt-mingw-w64-dev (>= 1.9.1),
- libgpg-error-mingw-w64-dev (>= 1.50-4~),
- libksba-mingw-w64-dev (>= 1.6.3),
- libnpth-mingw-w64-dev (>= 1.2),
- libz-mingw-w64-dev,
- mingw-w64,
+ binutils-multiarch [!amd64 !i386] <!pkg.gnupg2.gpgvonly>,
+ libassuan-mingw-w64-dev (>= 2.5.0) <!pkg.gnupg2.gpgvonly>,
+ libgcrypt-mingw-w64-dev (>= 1.9.1) <!pkg.gnupg2.gpgvonly>,
+ libgpg-error-mingw-w64-dev (>= 1.50-4~) <!pkg.gnupg2.gpgvonly>,
+ libksba-mingw-w64-dev (>= 1.6.3) <!pkg.gnupg2.gpgvonly>,
+ libnpth-mingw-w64-dev (>= 1.2) <!pkg.gnupg2.gpgvonly>,
+ libz-mingw-w64-dev <!pkg.gnupg2.gpgvonly>,
+ mingw-w64 <!pkg.gnupg2.gpgvonly>,
 Vcs-Git: https://salsa.debian.org/debian/gnupg2.git
 Vcs-Browser: https://salsa.debian.org/debian/gnupg2
 Homepage: https://www.gnupg.org/
@@ -53,6 +53,7 @@
 Package: gpgconf
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -74,6 +75,7 @@
 Architecture: all
 Section: oldlibs
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gpg-agent (>= ${source:Version}),
  ${misc:Depends},
@@ -88,6 +90,7 @@
 Package: gpg-agent
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gpgconf (= ${binary:Version}),
  pinentry-curses | pinentry,
@@ -124,6 +127,7 @@
 Package: gpg-wks-server
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  default-mta | mail-transport-agent,
  gpg (= ${binary:Version}),
@@ -151,6 +155,7 @@
 Package: gpg-wks-client
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  dirmngr (= ${binary:Version}),
  gpg (= ${binary:Version}),
@@ -178,6 +183,7 @@
 Package: scdaemon
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gpg-agent (= ${binary:Version}),
  ${misc:Depends},
@@ -196,6 +202,7 @@
 Package: gpgsm
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gpgconf (= ${binary:Version}),
  ${misc:Depends},
@@ -216,6 +223,7 @@
 Package: gpg
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gpgconf (= ${binary:Version}),
  ${misc:Depends},
@@ -247,6 +255,7 @@
 Architecture: all
 Section: metapackages
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  dirmngr (<< ${source:Version}.1~),
  dirmngr (>= ${source:Version}),
@@ -296,6 +305,7 @@
 Architecture: all
 Section: oldlibs
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gnupg (>= ${source:Version}),
  ${misc:Depends},
@@ -331,6 +341,7 @@
 Package: dirmngr
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  adduser,
  gpgconf (= ${binary:Version}),
@@ -364,6 +375,7 @@
 Package: tpm2daemon
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  gpgconf (= ${binary:Version}),
  ${misc:Depends},
@@ -387,7 +399,7 @@
 
 Package: gpgv-udeb
 Package-Type: udeb
-Build-Profiles: <!noudeb>
+Build-Profiles: <!noudeb !pkg.gnupg2.gpgvonly>
 Section: debian-installer
 Architecture: any
 Depends:
@@ -405,6 +417,7 @@
 Package: gpgv-static
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -429,6 +442,7 @@
 Package: gpgv-win32
 Architecture: all
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  ${misc:Depends},
 Suggests:
@@ -448,6 +462,7 @@
 Section: localization
 Architecture: all
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Depends:
  ${misc:Depends},
 Enhances:
@@ -466,6 +481,7 @@
 Package: gnupg-utils
 Architecture: any
 Multi-Arch: foreign
+Build-Profiles: <!pkg.gnupg2.gpgvonly>
 Replaces:
  gnupg (<< 2.1.21-4),
  gnupg-agent (<< 2.1.21-4),
diff --minimal -Nru gnupg2-2.4.7/debian/rules gnupg2-2.4.7/debian/rules
--- gnupg2-2.4.7/debian/rules	2025-04-12 02:11:19.000000000 +0200
+++ gnupg2-2.4.7/debian/rules	2025-04-27 10:09:25.000000000 +0200
@@ -39,11 +39,13 @@
 %:
 	dh $@ --with=autoreconf --builddirectory=build
 
+GPGV_UNNEEDED = gpgtar gpgsm scdaemon dirmngr tofu exec ldap gnutls sqlite libdns keyboxd tpm2d npth
 GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnutls sqlite libdns keyboxd tpm2d npth
 
 WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS=
 
 execute_after_dh_auto_configure:
+ifeq ($(filter pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),)
 	dh_auto_configure --builddirectory=build --verbose -- \
 		--libexecdir=\$${prefix}/lib/gnupg \
 		--enable-wks-tools \
@@ -53,6 +55,13 @@
 		--with-mailprog=/usr/sbin/sendmail \
 		--enable-maintainer-mode \
 		$(NODOC)
+else
+	dh_auto_configure --builddirectory=build --verbose -- \
+		--libexecdir=\$${prefix}/lib/gnupg \
+		--enable-maintainer-mode \
+		$(NODOC) \
+		$(foreach x, $(GPGV_UNNEEDED), --disable-$(x))
+endif
 	# win32 uses hand-written *FLAGS
 	# mkdefsinc is built with *_FOR_BUILD
 	# gpgscm is also not shipped
@@ -61,9 +70,11 @@
 	@echo 'blhc: ignore-line-regexp: .*-o gpgscm .*'
 
 override_dh_auto_configure-arch:
+ifeq ($(filter pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),)
 	dh_auto_configure --builddirectory=build-gpgv-udeb -- \
 		$(NODOC) \
 		$(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x))
+endif
 
 override_dh_auto_configure-indep:
 	# nothing to do
@@ -71,6 +82,7 @@
 execute_after_dh_auto_build:
 	dh_auto_build --builddirectory=build
 
+ifeq ($(filter pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),)
 override_dh_auto_build-arch:
 	dh_auto_build --builddirectory=build-gpgv-udeb
 	cp -a build-gpgv-udeb build-gpgv-static
@@ -103,14 +115,17 @@
 	rm -vf \
 		debian/gnupg/usr/share/doc/gnupg/examples/systemd-user/*.service \
 		debian/gnupg/usr/share/doc/gnupg/examples/systemd-user/*.socket
+endif
 
 override_dh_auto_test:
+ifeq ($(filter nocheck pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),)
 	dh_auto_test --builddirectory=build -- verbose=3 TESTFLAGS=$(AUTOTEST_FLAGS)
 
 override_dh_shlibdeps:
 # Make ldap a recommends rather than a hard dependency.
 	dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr*
 	dh_shlibdeps -Ndirmngr
+endif
 
 execute_before_dh_autoreconf:
 	echo "Developer change history can be found in the source tarball. See NEWS for high-level changes." > ChangeLog
