[Pkg-openldap-devel] Bug#725153: Bug#725153: Bug#725153: openldap, nss, and gnutls
Ryan Tandy
ryan at nardis.ca
Sun Apr 10 16:06:29 UTC 2016
On Sun, Apr 10, 2016 at 12:11:40PM +0300, Timo Aaltonen wrote:
>Building from the same root would mean unapplying nss-build.diff on
>clean and that might be fragile. Using quilt and keeping the patch last
>on series makes adding patches to need a bit more work. But if you
>prefer this more then I can make that happen.
My preference for that was assuming we could build identical source with
different options, but it looks like we have several reasons for using
modified sources.
>I've pushed new commits to the branch trying to address all the things
>you've mentioned. But looks like #726116 might make all of this too
>early.
Ah. That's unfortunate.
The obvious workaround is to give the NSS build its own config file,
with the ca-certificates.crt reference removed. Not exactly ideal, and
it causes us upgrade grief later on if we want to switch back to having
the same file for both.
Actually gnutls28 is configured with a default trust store these days. I
should look into whether that works with libldap and that default
setting could be dropped. Not sure about upgraded systems though; we
aren't supposed to modify conffiles in maintainer scripts, so we'd be
relying on users to accept the change. Sounds fragile.
More information about the Pkg-openldap-devel
mailing list