[pkg-gnupg-maint] dirmngr dependency

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Aug 4 20:45:01 UTC 2016

Hi Andreas--

On Thu 2016-08-04 14:15:12 -0400, Andreas Metzler wrote:
> On 2016-08-04 Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> I will consider this, but would probably set all version requirements to
>  >= 1.2.0, as ABI breakage can also be caused by e.g. changed enums.
> Testing this is not easily checked by script, and there seems to be no
> point in making a big effort of this.

The symbols file is specifically about the use of symbols, not about the
use of enums.  so setting version requirements to 1.2.0 (or otherwise)
won't actually affect the enums involved.

The symbols file is intended to record the version in which specific
symbols were explicitly introduced.  Bumping the value arbitrarily seems
like it would "falsify" the record, and doesn't seem like it would fix
any problems (1.2.0 is even in oldstable, fwiw).

>> so the dirmngr dependency is tighter for some
>> other reason that i still need to look into.
> gnupg2 has
> configure.ac:NEED_KSBA_VERSION=1.3.4
> dirmngr/dirmngr.c:  if (!ksba_check_version (NEED_KSBA_VERSION) )
> ... throw an error
> sm/gpgsm.c:  if (!ksba_check_version (NEED_KSBA_VERSION) )
> ... throw an error
> This was introduced in c98995efefbdebea8f53d54ba2df4217dfd31ad4
>     build: Require latest released libraries
>     * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
>     (do_encryption): Always support OCB.
>     (do_decryption): Ditto.
>     (agent_unprotect): Ditto.
>     * dirmngr/server.c (is_tor_running): Unconditionally build this.
>     --
>     Although not technically required, it is easier to require them to
>     avoid bug reports due to too old library versions.
> Aargh.

aargh indeed.  i can't imagine that "things break unnecessarily" bug
reports are more acceptable than otherwise standard dependency tracking

I guess our choices are either:

 a) patch out this upstream change
 b) add an explicit runtime Depends: (which we now have to manually
    track and update, yuck) in debian/control for gpgsm and dirmngr.

anyone have any preferences?

> Switching ksba to using a symbol file would have the side-effect of
> allowing us to enforces stricter dependencies by including
> * Build-Depends-Package: libksba-dev
> in the symbol file.

i'm not sure i understand this point.  isn't it expected that
libksba-dev would be the associated build dependency?  can you explain

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20160804/6291f208/attachment.sig>

More information about the Pkg-gnutls-maint mailing list