Source: unbound Version: 1.5.10-3 Tags: patch User: helm...@debian.org Usertags: rebootstrap
Recently, gnutls28 gained a build dependency on libunbound-dev. This has posed a problem to bootstrapping since unbound needs python and python has a pile of dependencies. Thus we (mainly Andreas Metzler and me) looked into how we could tackle this issue and came up with a number of solutions. They generally fall into two categories: a) Add a build profile to gnutls82 that disables use of libunbound-dev. b) Add a build profile to unbound that disables use of python. Option a) is difficult, because libgnutls28-dev contains dane components, which need libunbound-dev. The idea here was to have libgnutls28-dev provide libgnutls-dane-dev iff building stageless. However, such a conditional provides cannot be expressed in the Package-List header of a .dsc file and it makes using diffoscope for validating profiles non-trivial. Splitting gnutls28 into even smaller real packages didn't seem nice either. Thus I looked into adding a nopython profile to unbound. The unbound packaging is nicely split into four build passes of which the last two are for python2 and python3 respectively. Unfortunately, the daemon build pass also uses python3 (for plugins), so for the bootstrap purpose, we'll have to disable it as well. Instead of adding a complex set of profiles nopython, nodaemon and e.g. noutils, I propose adding a "libonly" profile. This solution is implemented in the attached patch. Both solutions work in practise. We prefer adding the profile to unbound, because the diff looks more maintainable and simpler. I ask the readers of d-cross@l.d.o to consider this solution. In case there are no objections in a reasonable amount of time (e.g. a week), I ask Robert Edmonds to apply the patch to unbound. In the mean time, I'll apply in rebootstrap to remove any urgency from this issue. Having it fixed in stretch would be nice nonetheless. Helmut
diff --minimal -Nru unbound-1.5.10/debian/changelog unbound-1.5.10/debian/changelog --- unbound-1.5.10/debian/changelog 2016-11-27 20:41:30.000000000 +0100 +++ unbound-1.5.10/debian/changelog 2016-12-01 13:17:55.000000000 +0100 @@ -1,3 +1,10 @@ +unbound (1.5.10-3.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Add pkg.unbound.libonly build profile. (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Thu, 01 Dec 2016 13:17:55 +0100 + unbound (1.5.10-3) unstable; urgency=medium [ Helmut Grohne ] diff --minimal -Nru unbound-1.5.10/debian/control unbound-1.5.10/debian/control --- unbound-1.5.10/debian/control 2016-11-27 20:41:30.000000000 +0100 +++ unbound-1.5.10/debian/control 2016-12-01 13:17:55.000000000 +0100 @@ -9,26 +9,26 @@ autotools-dev, bison, debhelper (>= 9~), - dh-apparmor, + dh-apparmor <!pkg.unbound.libonly>, dh-autoreconf, - dh-python, - dh-systemd, + dh-python <!pkg.unbound.libonly>, + dh-systemd <!pkg.unbound.libonly>, dpkg-dev (>= 1.16.1~), flex, libevent-dev, libexpat1-dev, - libfstrm-dev, - libprotobuf-c-dev, - libssl-dev, + libfstrm-dev <!pkg.unbound.libonly>, + libprotobuf-c-dev <!pkg.unbound.libonly>, + libssl-dev <!pkg.unbound.libonly>, libtool, nettle-dev, pkg-config, - protobuf-c-compiler, - python-all-dev:any (>= 2.6.6-3~), - libpython-all-dev (>= 2.6.6-3~), - python3-all-dev:any, - libpython3-all-dev, - swig, + protobuf-c-compiler <!pkg.unbound.libonly>, + python-all-dev:any (>= 2.6.6-3~) <!pkg.unbound.libonly>, + libpython-all-dev (>= 2.6.6-3~) <!pkg.unbound.libonly>, + python3-all-dev:any <!pkg.unbound.libonly>, + libpython3-all-dev <!pkg.unbound.libonly>, + swig <!pkg.unbound.libonly>, Standards-Version: 3.9.8 Homepage: https://www.unbound.net/ Vcs-Browser: https://anonscm.debian.org/cgit/pkg-dns/unbound.git @@ -69,6 +69,7 @@ ${misc:Depends}, ${python:Depends}, ${shlibs:Depends}, +Build-Profiles: <!pkg.unbound.libonly> Description: library implementing DNS resolution and validation (Python bindings) Python extension module for libunbound. . @@ -83,6 +84,7 @@ ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}, +Build-Profiles: <!pkg.unbound.libonly> Description: library implementing DNS resolution and validation (Python3 bindings) Python3 extension module for libunbound. . @@ -102,6 +104,7 @@ Enhances: munin-node, Suggests: apparmor +Build-Profiles: <!pkg.unbound.libonly> Description: validating, recursive, caching DNS resolver Unbound is a recursive-only caching DNS server which can perform DNSSEC validation of results. It implements only a minimal amount of authoritative @@ -120,6 +123,7 @@ unbound (<< 1.4.13-1), Breaks: unbound (<< 1.4.13-1), +Build-Profiles: <!pkg.unbound.libonly> Description: utility to securely fetch the root DNS trust anchor unbound-anchor is a utility which securely fetches or updates the root DNS zone trust anchor. A copy of the current root anchor and root update @@ -131,6 +135,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, +Build-Profiles: <!pkg.unbound.libonly> Description: reimplementation of the 'host' command This package provides the 'unbound-host' program that is bundled with the Unbound domain name server. This version differs from the one provided in the diff --minimal -Nru unbound-1.5.10/debian/libunbound-dev.install unbound-1.5.10/debian/libunbound-dev.install --- unbound-1.5.10/debian/libunbound-dev.install 2016-11-27 20:41:30.000000000 +0100 +++ unbound-1.5.10/debian/libunbound-dev.install 2016-12-01 13:17:55.000000000 +0100 @@ -1,2 +1,2 @@ -usr/include/unbound.h usr/include -usr/share/man/man3/libunbound.3 usr/share/man/man3 +debian/tmp-lib/usr/include/unbound.h usr/include +debian/tmp-lib/usr/share/man/man3/libunbound.3 usr/share/man/man3 diff --minimal -Nru unbound-1.5.10/debian/rules unbound-1.5.10/debian/rules --- unbound-1.5.10/debian/rules 2016-11-27 20:41:30.000000000 +0100 +++ unbound-1.5.10/debian/rules 2016-12-01 13:17:55.000000000 +0100 @@ -8,6 +8,7 @@ endif LIBRARY = libunbound2 +DOPACKAGES = $(shell dh_listpackages) export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 @@ -27,6 +28,7 @@ dh_autoreconf dh_autotools-dev_updateconfig +ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) # first build -- build unbound daemon PYTHON_VERSION="$(shell py3versions -vd)" \ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ @@ -43,6 +45,7 @@ $(MAKE) $(MAKE) install DESTDIR="$(CURDIR)/debian/tmp" $(MAKE) clean +endif # second build -- build libunbound only, against nettle CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ @@ -61,6 +64,7 @@ $(CURDIR)/debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libunbound.pc $(MAKE) clean +ifneq (,$(filter python-unbound,$(DOPACKAGES))) # third build - pyunbound for Python 2 PYTHON_VERSION="$(shell pyversions -vd)" \ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ @@ -77,7 +81,9 @@ libunbound/python/unbound.py \ debian/python-unbound/usr/lib/$(shell pyversions -d)/dist-packages $(MAKE) clean +endif +ifneq (,$(filter python3-unbound,$(DOPACKAGES))) # fourth build - pyunbound for Python 3 PYTHON_VERSION="$(shell py3versions -vd)" \ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ @@ -94,9 +100,11 @@ libunbound/python/unbound.py \ debian/python3-unbound/usr/lib/$(shell py3versions -d)/dist-packages $(MAKE) clean +endif dh_installdirs +ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) dh_systemd_enable -p unbound dh_systemd_enable -p unbound --name=unbound-resolvconf dh_systemd_start -p unbound unbound.service @@ -109,6 +117,7 @@ install -m 0644 doc/example.conf debian/unbound/usr/share/doc/unbound/examples/unbound.conf install -m 0644 contrib/update-anchor.sh debian/unbound/usr/share/doc/unbound/contrib install -D -m 0755 contrib/unbound_munin_ debian/unbound/usr/share/munin/plugins/unbound_munin_ +endif mkdir -p debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH) mv \ @@ -126,14 +135,20 @@ dh_installchangelogs dh_installdocs dh_installman +ifneq (,$(filter python-unbound,$(DOPACKAGES))) dh_python2 --no-guessing-versions +endif +ifneq (,$(filter python3-unbound,$(DOPACKAGES))) dh_python3 +endif dh_strip dh_compress -Xusr/share/doc/unbound/examples/unbound.conf +ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) mkdir -p debian/unbound/etc/apparmor.d cp debian/apparmor-profile debian/unbound/etc/apparmor.d/usr.sbin.unbound dh_apparmor --profile-name=usr.sbin.unbound -punbound +endif dh_fixperms dh_makeshlibs
