[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config

Alejandro Colomar alx.manpages at gmail.com
Sun Mar 12 20:53:14 GMT 2023


Hi Bálint,

On 3/12/23 20:22, Bálint Réczey wrote:
> Hi Alejandro,
> 
> Alejandro Colomar <alx.manpages at gmail.com> ezt írta (időpont: 2023.
> márc. 12., V, 16:52):
>>
>> Hi Bálint,
>>
>> On 3/12/23 16:38, Bálint Réczey wrote:
>>>> 142 lines of a function definition are not something I'd consider easy to
>>>> maintain.  Is it a big deal to add another dependency?  I'd say it's a
>>>> bigger deal to copy verbatim so many lines of code, and sync them from
>>>> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they
>>>> apply.  That's exactly the purpose of libbsd, so I think relying on them
>>>> should be fine.
>>>
>>> The function does not change often. It changed two times in the last 13 years:
>>> https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c
>>>
>>> I'd be happy to add a GitHub Action job or an autopkgtest in Debian to
>>> check if shadow's local copy needs an update.
>>>
>>> Depending on libbsd would pull the library into every single docker
>>> container image increasing their size and would make libbsd part of
>>> the pseudo-essential set, thus I prefer not depending on it for a few
>>> lines of code.
>>
>> libbsd0 is only ~ 200 kB (installed size).  That should be
>> insignificant compared to a Debian docker image, or even to the
>> shadow packages.
>>
>> libsubid4 is ~ 300 kB
>> uidmap is    ~ 300 kB
>> login is     ~ 2.6 MB
>> passwd is    ~ 2.8 kB
>>
>> And the unstable-slim Debian Docker image is around 28 MB
>> (compressed size).
> 
> Yes, and libsubid4 and uidmap are not present in the docker images.
> 
>>
>> Moreover, having this libbsd part of the pseudo-essential set would
>> allow many other packages to rely on it, thus deduplicating the
>> copies that some projects currently do to avoid depending on it,
>> so the total distribution size could even shrink in the long term.
> 
> Developers of Debian are expected to be very conservative regarding
> expanding the (pseudo-) essential set:
> https://www.debian.org/doc/debian-policy/ch-binary.html#essential-packages
> 
> I value keeping the essential set minimal above providing one more
> shared library for potential reverse dependencies, too.
> I'd like to hear more people's opinion from the shadow project and if
> the project insists on adding the libbsd dependency I will bring the
> topic to debian-devel following the spirit of the Debian Policy
> offering to either carry a copy of readpassphrase.c as a patch in the
> Debian package or adding the libbsd dependency.

I've CCd Guillem to know his opinion too.

IMO, the functionallity provided by libbsd is essential; so much that
I think glibc should pick it.  However, now that libbsd has it, it's
not so important to add it to glibc, but then libbsd has to have a
status similar to libc.

We've fixed many bugs in shadow with the help of libbsd, and I think
many projects would benefit from having it available.

But of course, that needs agreement of libbsd's maintainer (Guillem),
and the debian-devel team.  Let's see what they and the shadow
maintainers think.

Cheers,
Alex

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20230312/68a420b4/attachment.sig>


More information about the Pkg-shadow-devel mailing list