Bug#1062444: ima-evm-utils: NMU diff for 64-bit time_t transition

[Graham Inggs]

Source: ima-evm-utils
Version: 1.4-1.2
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t

Dear maintainer,

As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
ima-evm-utils as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).

To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.

Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time.  Therefore I have prepared a 0-day NMU for ima-evm-utils
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.

Please find the patch for this NMU attached.

If you have any concerns about this patch, please reach out ASAP.  Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-15-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

diff -Nru ima-evm-utils-1.4/debian/changelog ima-evm-utils-1.4/debian/changelog
--- ima-evm-utils-1.4/debian/changelog  2022-01-24 17:33:09.000000000 +0000
+++ ima-evm-utils-1.4/debian/changelog  2024-02-01 15:02:04.000000000 +0000
@@ -1,3 +1,10 @@
+ima-evm-utils (1.4-1.3) experimental; urgency=medium
+
+  * Non-maintainer upload.
+  * Rename libraries for 64-bit time_t transition.
+
+ -- Graham Inggs <gin...@debian.org>  Thu, 01 Feb 2024 15:02:04 +0000
+
 ima-evm-utils (1.4-1.2) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru ima-evm-utils-1.4/debian/control ima-evm-utils-1.4/debian/control
--- ima-evm-utils-1.4/debian/control    2022-01-24 17:32:41.000000000 +0000
+++ ima-evm-utils-1.4/debian/control    2024-02-01 15:02:04.000000000 +0000
@@ -33,7 +33,10 @@
  With EVM, the security sensitive extended attributes are verified against
  offline tampering.
 
-Package: libimaevm2
+Package: libimaevm2t64
+Provides: ${t64:Provides}
+Replaces: libimaevm2
+Breaks: libimaevm2 (<< ${source:Version})
 Section: libs
 Architecture: any
 Multi-Arch: same
@@ -51,7 +54,7 @@
 Section: libdevel
 Architecture: any
 Multi-Arch: same
-Depends: libimaevm2 (= ${binary:Version}), ${misc:Depends}
+Depends: libimaevm2t64 (= ${binary:Version}), ${misc:Depends}
 Description: Linux IMA Extended Verification Module signing tools - 
development files
  Linux kernel integrity subsystem is comprised of a number of different
  components including the Integrity Measurement Architecture (IMA), Extended
diff -Nru ima-evm-utils-1.4/debian/libimaevm2.install 
ima-evm-utils-1.4/debian/libimaevm2.install
--- ima-evm-utils-1.4/debian/libimaevm2.install 2021-09-24 09:39:11.000000000 
+0000
+++ ima-evm-utils-1.4/debian/libimaevm2.install 1970-01-01 00:00:00.000000000 
+0000
@@ -1 +0,0 @@
-usr/lib/*/lib*.so.*
diff -Nru ima-evm-utils-1.4/debian/libimaevm2.symbols 
ima-evm-utils-1.4/debian/libimaevm2.symbols
--- ima-evm-utils-1.4/debian/libimaevm2.symbols 2022-01-24 09:49:06.000000000 
+0000
+++ ima-evm-utils-1.4/debian/libimaevm2.symbols 1970-01-01 00:00:00.000000000 
+0000
@@ -1,19 +0,0 @@
-libimaevm.so.3 libimaevm2 #MINVER#
-* Build-Depends-Package: libimaevm-dev
- calc_keyid_v1@Base 1.3.1
- calc_keyid_v2@Base 1.3.1
- hash_algo_name@Base 1.3.1
- ima_calc_hash@Base 1.3.1
- ima_verify_signature@Base 1.3.1
- imaevm_do_hexdump@Base 1.3.1
- imaevm_get_hash_algo@Base 1.3.1
- imaevm_hash_algo_by_id@Base 1.3.1
- imaevm_hash_algo_from_sig@Base 1.3.1
- imaevm_hexdump@Base 1.3.1
- imaevm_params@Base 1.3.1
- init_public_keys@Base 1.3.1
- key2bin@Base 1.3.1
- read_pub_key@Base 1.3.1
- read_pub_pkey@Base 1.3.1
- sign_hash@Base 1.3.1
- verify_hash@Base 1.3.1
diff -Nru ima-evm-utils-1.4/debian/libimaevm2t64.install 
ima-evm-utils-1.4/debian/libimaevm2t64.install
--- ima-evm-utils-1.4/debian/libimaevm2t64.install      1970-01-01 
00:00:00.000000000 +0000
+++ ima-evm-utils-1.4/debian/libimaevm2t64.install      2021-09-24 
09:39:11.000000000 +0000
@@ -0,0 +1 @@
+usr/lib/*/lib*.so.*
diff -Nru ima-evm-utils-1.4/debian/libimaevm2t64.lintian-overrides 
ima-evm-utils-1.4/debian/libimaevm2t64.lintian-overrides
--- ima-evm-utils-1.4/debian/libimaevm2t64.lintian-overrides    1970-01-01 
00:00:00.000000000 +0000
+++ ima-evm-utils-1.4/debian/libimaevm2t64.lintian-overrides    2024-02-01 
15:02:04.000000000 +0000
@@ -0,0 +1 @@
+libimaevm2t64: package-name-doesnt-match-sonames libimaevm2
diff -Nru ima-evm-utils-1.4/debian/libimaevm2t64.symbols 
ima-evm-utils-1.4/debian/libimaevm2t64.symbols
--- ima-evm-utils-1.4/debian/libimaevm2t64.symbols      1970-01-01 
00:00:00.000000000 +0000
+++ ima-evm-utils-1.4/debian/libimaevm2t64.symbols      2024-02-01 
15:02:04.000000000 +0000
@@ -0,0 +1,19 @@
+libimaevm.so.3 libimaevm2t64 #MINVER#
+* Build-Depends-Package: libimaevm-dev
+ calc_keyid_v1@Base 1.3.1
+ calc_keyid_v2@Base 1.3.1
+ hash_algo_name@Base 1.3.1
+ ima_calc_hash@Base 1.3.1
+ ima_verify_signature@Base 1.3.1
+ imaevm_do_hexdump@Base 1.3.1
+ imaevm_get_hash_algo@Base 1.3.1
+ imaevm_hash_algo_by_id@Base 1.3.1
+ imaevm_hash_algo_from_sig@Base 1.3.1
+ imaevm_hexdump@Base 1.3.1
+ imaevm_params@Base 1.3.1
+ init_public_keys@Base 1.3.1
+ key2bin@Base 1.3.1
+ read_pub_key@Base 1.3.1
+ read_pub_pkey@Base 1.3.1
+ sign_hash@Base 1.3.1
+ verify_hash@Base 1.3.1