[Pkg-swan-devel] Bug#747796: strongswan: FTBFS: error: gcrypt library not found

Andreas Metzler ametzler at bebt.de
Wed May 14 17:19:38 UTC 2014

On 2014-05-13 Yves-Alexis Perez <corsac at debian.org> wrote:
> On dim., 2014-05-11 at 18:45 +0200, David Suárez wrote:
> > Source: strongswan
> Hi GnuTLS maintainers. It seems that strongSwan (wrongly) missed a
> build-dep on libgcrypt*-dev, and started to FTBFS just recently.

> I'm unsure why it happened just know, I guess some -dev package was
> depending on the libgcrypt11-dev package.

> Now, an easy fix would be to add either libgcrypt*-dev package to
> build-deps, but now I'm a bit unsure which version to add.

> Would it be possible to summarize the reasons we have both in the
> archive and if there's a reason not the use the most recent one?


libgcrypt11 and libgcrypt20 are mostly but not completely API
compatible, some deprecated APIs have been removed. Gnutls26 therefore
only works with the old version and up until recently we could not
start transitioning to gnutls28 because the license of gmp was too
restrictive for some important gnutls rdeps. That is changed now and
is my strong wish to not have gnutls26 in jessie. It would also be
nice to do without libgcrypt11.

Given this I would recommend one of the following choices for gcrypt
- If you are also using gnutls26, please upgrade to gnutls28. And if
  possible move from directly using gcrypt to using the gnutls crypto
  API to avoid dependencies on two crypto libraries (gcrypt, and the
  backend used by gnutls). Otherwise move to libgcrypt20
- If you are not using gnutls26, use libgcrypt20.

Please note that libgcrypt20 currently does not have that many users in
Debian yet, so it is not as well tested as the older version.

hth, cu Andreas

`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list