[Pkg-netatalk-devel] Bug#568601: Bug#568601: Bug#568601: Can confirm this problem still exists
Daniel Markstedt
daniel at mindani.net
Fri Dec 1 12:13:08 GMT 2023
Hi Matijs,
I totally get your point and agree that this situation is not ideal.
Unfortunately, I don't think the exact dependent package version is something that we as package managers can or should hard code in this fashion.
Look at the "debian/control" file in the package repo:
https://salsa.debian.org/netatalk-team/netatalk/-/blob/debian/latest/debian/control#L20
See that "libgcrypt20-dev" is defined as a dependency without specifying a version.
It is actually debbuild (I think) that resolves the exact version dependency when it builds the package for a particular Debian version.
Hence, when debbuild builds a package for Bookworm Stable, the dependency resolves as libgcrypt20-dev==1.10.1 and when it's built for Unstable it gets resolved as libgcrypt20-dev==1.10.2.
So when you install the Unstable package on Bookworm you run into this dependency problem with libgcrypt20-dev.
Someone who knows Debian better could correct me if I'm wrong. :)
Does this make sense?
Daniel
On Friday, December 1st, 2023 at 6:01 PM, Matijs van Zuijlen <matijs at matijs.net> wrote:
>
>
> Hi Daniel,
>
> Indeed, I am running Debian stable on my server with just netatalk and
> some of its dependencies from testing, so my setup is a bit unconventional.
>
> This is in fact the case because Netatalk was dropped from Debian 12,
> and I didn't want to keep running the old version which has a security
> issue.
>
> However, I think installing netatalk from any Debian version should
> still pull in the correct version of libgcrypt. Isn't that something
> that can be addressed in the netatalk package? I can imagine later
> versions of netatalk would need still newer versions of libgcrypt. The
> current dependency specification would fail to pull those in.
>
> Kind regards,
> Matijs van Zuijlen
>
> On 01/12/2023 00:42, Daniel Markstedt wrote:
>
> > Hi Matijs,
> >
> > This is not something we can address in the netatalk package itself, since you're using an Unstable netatalk package with a Stable Debian version. (Netatalk was dropped from Debian 12 Bookworm.)
> >
> > See this upstream discussion for more details: https://github.com/Netatalk/netatalk/discussions/574
> >
> > Best regards,
> > Daniel
> >
> > On Thursday, November 30th, 2023 at 11:05 PM, Matijs van Zuijlen matijs at matijs.net wrote:
> >
> > > Dear maintainer,
> > >
> > > This problem still exists. I installed netatalk from testing on a Debian
> > > server running stable, and libgcrypt was not updated at the same time
> > > because the dependency in the netatalk package specifies '>= 1.10.0',
> > >
> > > which matches the stable version 1.10.1, while testing's netatalk
> > > actually needs libgcrypt 1.10.2. This lead to a flood of errors in the
> > > logs. Updating the libgcrypt package to the testing version (1.10.2)
> > > fixed that problem.
> > >
> > > As far as I can tell, the solution would be for the netatalk package to
> > > depend on (at least?) the libgcrypt version it was compiled with.
> > >
> > > --
> > > Kind regards,
> > > Matijs van Zuijlen
> > >
> > > --
> > > pkg-netatalk-devel mailing list
> > > pkg-netatalk-devel at alioth-lists.debian.net
> > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-netatalk-devel
>
>
> --
> pkg-netatalk-devel mailing list
> pkg-netatalk-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-netatalk-devel
More information about the pkg-netatalk-devel
mailing list