control: tag -1 + patch
Hi,
On 2025-05-29 22:53, Aurelien Jarno wrote:
> Package: snapd
> Version: 2.57.6-1
> Severity: serious
> Justification: Policy 7.8
>
> Dear maintainer,
>
> The snapd package provides the following files which are statically
> linked against glibc:
> /usr/lib/snapd/snap-update-ns
> /usr/lib/snapd/snap-gdbserver-shim
> /usr/lib/snapd/snap-gdb-shim
>
> glibc is mostly is mostly licensed under the LGPL, which requires that
> the full source code of the incorporating binary package be made
> available. According to Debian Policy ยง7.8 [1] such a binary package
> MUST list the glibc source package (and possibly others) in the
> Built-Using: field.
Please find attached a patch to fix the issue.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://aurel32.net
--- snapd-2.68.3/debian/rules
+++ snapd-2.68.3/debian/rules
@@ -83,7 +83,11 @@
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-BUILT_USING_PACKAGES=
+# /usr/lib/snapd/snap-{update-ns,gdbserver-shim,gdb-shim} are always linked
+# statically against glibc. Use libc-dev-bin to avoid having to handle the
+# different soname (e.g. libc6 vs libc6.1)
+BUILT_USING_PACKAGES=libc-dev-bin
+
# export DEB_BUILD_MAINT_OPTIONS = hardening=+all
# DPKG_EXPORT_BUILDFLAGS = 1
# include /usr/share/dpkg/buildflags.mk
@@ -103,11 +107,11 @@
ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64)
VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell
dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH)
endif
- BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev
+ BUILT_USING_PACKAGES+=libcap-dev libapparmor-dev libseccomp-dev
else
ifeq ($(shell dpkg-vendor --query Vendor),Debian)
VENDOR_ARGS=--enable-nvidia-multiarch
- BUILT_USING_PACKAGES=libcap-dev
+ BUILT_USING_PACKAGES+=libcap-dev
else
VENDOR_ARGS=--disable-apparmor
endif
