control: tag -1 + patch
Hi,
On 2025-05-29 22:53, Aurelien Jarno wrote:
Package: snapd
Version: 2.57.6-1
Severity: serious
Justification: Policy 7.8
Dear maintainer,
The snapd package provides the following files which are statically
linked against glibc:
/usr/lib/snapd/snap-update-ns
/usr/lib/snapd/snap-gdbserver-shim
/usr/lib/snapd/snap-gdb-shim
glibc is mostly is mostly licensed under the LGPL, which requires that
the full source code of the incorporating binary package be made
available. According to Debian Policy §7.8 [1] such a binary package
MUST list the glibc source package (and possibly others) in the
Built-Using: field.
Please find attached a patch to fix the issue.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
[email protected] http://aurel32.net
--- snapd-2.68.3/debian/rules
+++ snapd-2.68.3/debian/rules
@@ -83,7 +83,11 @@
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-BUILT_USING_PACKAGES=
+# /usr/lib/snapd/snap-{update-ns,gdbserver-shim,gdb-shim} are always linked
+# statically against glibc. Use libc-dev-bin to avoid having to handle the
+# different soname (e.g. libc6 vs libc6.1)
+BUILT_USING_PACKAGES=libc-dev-bin
+
# export DEB_BUILD_MAINT_OPTIONS = hardening=+all
# DPKG_EXPORT_BUILDFLAGS = 1
# include /usr/share/dpkg/buildflags.mk
@@ -103,11 +107,11 @@
ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64)
VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH)
endif
- BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev
+ BUILT_USING_PACKAGES+=libcap-dev libapparmor-dev libseccomp-dev
else
ifeq (