[Reproducible-builds] Bug#764721: dpkg-dev: dpkg-shlibdeps does not output the minimum dependency when a package does not use any symbols

Jérémy Bobbio lunar at debian.org
Fri Oct 10 14:16:16 UTC 2014 

Package: dpkg-dev
Version: 1.17.16
Severity: minor
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: toolchain randomness

Hi!

As part of the “reproducible builds” effort [1], I came to investigate a
couple of failures related to dpkg-shlibdeps.

An example is visible in the output of debbindiff for gemanx-gtk2:
https://jenkins.debian.net//userContent/dbd/gemanx-gtk2_0.1.0.3-2.debbindiff.html

In the Depends field of the control file of libgemanx-core0, one build
has `libglib2.0-0 (>= 2.12.0)` while the other has
`libglib2.0-0 (>= 2.16.0)`.

dpkg-shlibdeps outputs a warning, as it is actually a useless
dependency. So the issue is probably a minor one. Here's my analysis and
possible solution:

The minimal version numbers differ from one run to another because when
the .symbols file is loaded, the order of the entries in the `libfiles`
hash are random. Only the minimal required version for the first
encountered shared library of a package will be currently used.

libglib2.0-0 exhibits the problem because libgio-2.0.so.0 has a minimal
required version of 2.16.0, while all other shared libraries contained
in the same package have a minimal required version of 2.12.0.

The attached patch uses `update_dependency_version` in order to raise
the initial minimum required version for each shared libraries provided
by the same package.

 [1]: https://wiki.debian.org/ReproducibleBuilds

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dpkg-shlibdeps+reproducible.patch
Type: text/x-diff
Size: 1021 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141010/6cd3fffb/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141010/6cd3fffb/attachment.sig>

More information about the Reproducible-builds mailing list