[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config
Bálint Réczey
balint at balintreczey.hu
Sun Mar 12 19:22:25 GMT 2023
Hi Alejandro,
Alejandro Colomar <alx.manpages at gmail.com> ezt írta (időpont: 2023.
márc. 12., V, 16:52):
>
> Hi Bálint,
>
> On 3/12/23 16:38, Bálint Réczey wrote:
> >> 142 lines of a function definition are not something I'd consider easy to
> >> maintain. Is it a big deal to add another dependency? I'd say it's a
> >> bigger deal to copy verbatim so many lines of code, and sync them from
> >> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they
> >> apply. That's exactly the purpose of libbsd, so I think relying on them
> >> should be fine.
> >
> > The function does not change often. It changed two times in the last 13 years:
> > https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c
> >
> > I'd be happy to add a GitHub Action job or an autopkgtest in Debian to
> > check if shadow's local copy needs an update.
> >
> > Depending on libbsd would pull the library into every single docker
> > container image increasing their size and would make libbsd part of
> > the pseudo-essential set, thus I prefer not depending on it for a few
> > lines of code.
>
> libbsd0 is only ~ 200 kB (installed size). That should be
> insignificant compared to a Debian docker image, or even to the
> shadow packages.
>
> libsubid4 is ~ 300 kB
> uidmap is ~ 300 kB
> login is ~ 2.6 MB
> passwd is ~ 2.8 kB
>
> And the unstable-slim Debian Docker image is around 28 MB
> (compressed size).
Yes, and libsubid4 and uidmap are not present in the docker images.
>
> Moreover, having this libbsd part of the pseudo-essential set would
> allow many other packages to rely on it, thus deduplicating the
> copies that some projects currently do to avoid depending on it,
> so the total distribution size could even shrink in the long term.
Developers of Debian are expected to be very conservative regarding
expanding the (pseudo-) essential set:
https://www.debian.org/doc/debian-policy/ch-binary.html#essential-packages
I value keeping the essential set minimal above providing one more
shared library for potential reverse dependencies, too.
I'd like to hear more people's opinion from the shadow project and if
the project insists on adding the libbsd dependency I will bring the
topic to debian-devel following the spirit of the Debian Policy
offering to either carry a copy of readpassphrase.c as a patch in the
Debian package or adding the libbsd dependency.
Cheers,
Balint
> Cheers,
>
> Alex
>
> --
> <http://www.alejandro-colomar.es/>
> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
More information about the Pkg-shadow-devel
mailing list