Source: gnupg2 Version: 2.4.7-3 Severity: important Justification: breaks architecture cross bootstrap Tags: patch
gnupg2 recently gained a new dependency on libtss-dev. This in turn pulls e.g. libftdi1-dev, which requires boost and numpy and stuff. There is no chance we can make this all build. I looked into reducing libftdi1 (#1104092), because most other things pulled actually do cross build with little additional dependencies. However removing boost from libftdi1 is a non-trivial exercise. Therefore I looked at gnupg2 and since we only really need gpgv (as long as cross bootstrap cannot yet supply sqv for apt to depend on), I now propose the addition of a fairly invasive build profiles that trims the gnupg2 package build into just building gpgv and nothing else. I first tried to build gnupg2 without tpm2daemon leaving much else in place, but I failed at doing this in a reproducible way. Once accepting that gnupg2 needs a build profile, disabling as much as possible actually is beneficial. So I moved to disabling everything but gpgv instead. I note that the result also is not reproducible. The additional components add compiler flags (e.g. -I...) and those flags influence the build-id such that the resulting gpgv build does not reproduce the default build. The changes even affect binary offsets, so quite a bit of assembly also differs. Still that looks like the least bad option to me. What do you think. Would you be able to include this change in trixie? The patch is carefully crafted in such a way as to not affect the default build. Helmut
diff --minimal -Nru gnupg2-2.4.7/debian/changelog gnupg2-2.4.7/debian/changelog --- gnupg2-2.4.7/debian/changelog 2025-04-16 05:06:01.000000000 +0200 +++ gnupg2-2.4.7/debian/changelog 2025-04-27 10:09:25.000000000 +0200 @@ -1,3 +1,10 @@ +gnupg2 (2.4.7-15.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Add pkg.gnupg2.gpgvonly build profile. (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Sun, 27 Apr 2025 10:09:25 +0200 + gnupg2 (2.4.7-15) unstable; urgency=medium [ Andreas Metzler ] diff --minimal -Nru gnupg2-2.4.7/debian/control gnupg2-2.4.7/debian/control --- gnupg2-2.4.7/debian/control 2025-04-12 00:43:52.000000000 +0200 +++ gnupg2-2.4.7/debian/control 2025-04-27 10:09:25.000000000 +0200 @@ -23,28 +23,28 @@ libgnutls28-dev (>= 3.2), libgpg-error-dev (>= 1.46), libksba-dev (>= 1.6.3), - libldap2-dev, + libldap2-dev <!pkg.gnupg2.gpgvonly>, libnpth0-dev (>= 1.2), - libreadline-dev, + libreadline-dev <!pkg.gnupg2.gpgvonly>, librsvg2-bin <!nodoc>, - libsqlite3-dev, - libtss2-dev, - libusb-1.0-0-dev [!hurd-any], - openssh-client <!nocheck>, + libsqlite3-dev <!pkg.gnupg2.gpgvonly>, + libtss2-dev <!pkg.gnupg2.gpgvonly>, + libusb-1.0-0-dev [!hurd-any] <!pkg.gnupg2.gpgvonly>, + openssh-client <!nocheck !pkg.gnupg2.gpgvonly>, pkgconf, - swtpm <!nocheck>, + swtpm <!nocheck !pkg.gnupg2.gpgvonly>, texinfo <!nodoc>, unicode-data, zlib1g-dev | libz-dev, Build-Depends-Indep: - binutils-multiarch [!amd64 !i386], - libassuan-mingw-w64-dev (>= 2.5.0), - libgcrypt-mingw-w64-dev (>= 1.9.1), - libgpg-error-mingw-w64-dev (>= 1.50-4~), - libksba-mingw-w64-dev (>= 1.6.3), - libnpth-mingw-w64-dev (>= 1.2), - libz-mingw-w64-dev, - mingw-w64, + binutils-multiarch [!amd64 !i386] <!pkg.gnupg2.gpgvonly>, + libassuan-mingw-w64-dev (>= 2.5.0) <!pkg.gnupg2.gpgvonly>, + libgcrypt-mingw-w64-dev (>= 1.9.1) <!pkg.gnupg2.gpgvonly>, + libgpg-error-mingw-w64-dev (>= 1.50-4~) <!pkg.gnupg2.gpgvonly>, + libksba-mingw-w64-dev (>= 1.6.3) <!pkg.gnupg2.gpgvonly>, + libnpth-mingw-w64-dev (>= 1.2) <!pkg.gnupg2.gpgvonly>, + libz-mingw-w64-dev <!pkg.gnupg2.gpgvonly>, + mingw-w64 <!pkg.gnupg2.gpgvonly>, Vcs-Git: https://salsa.debian.org/debian/gnupg2.git Vcs-Browser: https://salsa.debian.org/debian/gnupg2 Homepage: https://www.gnupg.org/ @@ -53,6 +53,7 @@ Package: gpgconf Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: ${misc:Depends}, ${shlibs:Depends}, @@ -74,6 +75,7 @@ Architecture: all Section: oldlibs Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gpg-agent (>= ${source:Version}), ${misc:Depends}, @@ -88,6 +90,7 @@ Package: gpg-agent Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gpgconf (= ${binary:Version}), pinentry-curses | pinentry, @@ -124,6 +127,7 @@ Package: gpg-wks-server Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: default-mta | mail-transport-agent, gpg (= ${binary:Version}), @@ -151,6 +155,7 @@ Package: gpg-wks-client Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: dirmngr (= ${binary:Version}), gpg (= ${binary:Version}), @@ -178,6 +183,7 @@ Package: scdaemon Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gpg-agent (= ${binary:Version}), ${misc:Depends}, @@ -196,6 +202,7 @@ Package: gpgsm Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gpgconf (= ${binary:Version}), ${misc:Depends}, @@ -216,6 +223,7 @@ Package: gpg Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gpgconf (= ${binary:Version}), ${misc:Depends}, @@ -247,6 +255,7 @@ Architecture: all Section: metapackages Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: dirmngr (<< ${source:Version}.1~), dirmngr (>= ${source:Version}), @@ -296,6 +305,7 @@ Architecture: all Section: oldlibs Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gnupg (>= ${source:Version}), ${misc:Depends}, @@ -331,6 +341,7 @@ Package: dirmngr Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: adduser, gpgconf (= ${binary:Version}), @@ -364,6 +375,7 @@ Package: tpm2daemon Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: gpgconf (= ${binary:Version}), ${misc:Depends}, @@ -387,7 +399,7 @@ Package: gpgv-udeb Package-Type: udeb -Build-Profiles: <!noudeb> +Build-Profiles: <!noudeb !pkg.gnupg2.gpgvonly> Section: debian-installer Architecture: any Depends: @@ -405,6 +417,7 @@ Package: gpgv-static Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: ${misc:Depends}, ${shlibs:Depends}, @@ -429,6 +442,7 @@ Package: gpgv-win32 Architecture: all Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: ${misc:Depends}, Suggests: @@ -448,6 +462,7 @@ Section: localization Architecture: all Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Depends: ${misc:Depends}, Enhances: @@ -466,6 +481,7 @@ Package: gnupg-utils Architecture: any Multi-Arch: foreign +Build-Profiles: <!pkg.gnupg2.gpgvonly> Replaces: gnupg (<< 2.1.21-4), gnupg-agent (<< 2.1.21-4), diff --minimal -Nru gnupg2-2.4.7/debian/rules gnupg2-2.4.7/debian/rules --- gnupg2-2.4.7/debian/rules 2025-04-12 02:11:19.000000000 +0200 +++ gnupg2-2.4.7/debian/rules 2025-04-27 10:09:25.000000000 +0200 @@ -39,11 +39,13 @@ %: dh $@ --with=autoreconf --builddirectory=build +GPGV_UNNEEDED = gpgtar gpgsm scdaemon dirmngr tofu exec ldap gnutls sqlite libdns keyboxd tpm2d npth GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnutls sqlite libdns keyboxd tpm2d npth WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS= execute_after_dh_auto_configure: +ifeq ($(filter pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),) dh_auto_configure --builddirectory=build --verbose -- \ --libexecdir=\$${prefix}/lib/gnupg \ --enable-wks-tools \ @@ -53,6 +55,13 @@ --with-mailprog=/usr/sbin/sendmail \ --enable-maintainer-mode \ $(NODOC) +else + dh_auto_configure --builddirectory=build --verbose -- \ + --libexecdir=\$${prefix}/lib/gnupg \ + --enable-maintainer-mode \ + $(NODOC) \ + $(foreach x, $(GPGV_UNNEEDED), --disable-$(x)) +endif # win32 uses hand-written *FLAGS # mkdefsinc is built with *_FOR_BUILD # gpgscm is also not shipped @@ -61,9 +70,11 @@ @echo 'blhc: ignore-line-regexp: .*-o gpgscm .*' override_dh_auto_configure-arch: +ifeq ($(filter pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),) dh_auto_configure --builddirectory=build-gpgv-udeb -- \ $(NODOC) \ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) +endif override_dh_auto_configure-indep: # nothing to do @@ -71,6 +82,7 @@ execute_after_dh_auto_build: dh_auto_build --builddirectory=build +ifeq ($(filter pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),) override_dh_auto_build-arch: dh_auto_build --builddirectory=build-gpgv-udeb cp -a build-gpgv-udeb build-gpgv-static @@ -103,14 +115,17 @@ rm -vf \ debian/gnupg/usr/share/doc/gnupg/examples/systemd-user/*.service \ debian/gnupg/usr/share/doc/gnupg/examples/systemd-user/*.socket +endif override_dh_auto_test: +ifeq ($(filter nocheck pkg.gnupg2.gpgvonly,$(DEB_BUILD_PROFILES)),) dh_auto_test --builddirectory=build -- verbose=3 TESTFLAGS=$(AUTOTEST_FLAGS) override_dh_shlibdeps: # Make ldap a recommends rather than a hard dependency. dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr* dh_shlibdeps -Ndirmngr +endif execute_before_dh_autoreconf: echo "Developer change history can be found in the source tarball. See NEWS for high-level changes." > ChangeLog
