Re: static linking, libc and handling this in the aide package

To: debian-mentors@lists.debian.org
Subject: Re: static linking, libc and handling this in the aide package
From: Paul Wise <pabs@debian.org>
Date: Sun, 12 Sep 2021 03:54:50 +0000
Message-id: <[🔎] CAKTje6EX8W7fydXVtGe8+J+1JDMuUg12MWqU3GUwA4nKe_uTLA@mail.gmail.com>
In-reply-to: <[🔎] YTy8cxmWqblhNdZQ@torres.zugschlus.de>
References: <[🔎] YTy8cxmWqblhNdZQ@torres.zugschlus.de>

On Sat, Sep 11, 2021 at 2:26 PM Marc Haber wrote:

> What would debian-mentors' recommendation be? Your hints will be
> appreciated.

To prevent installation of an static aide with a incompatible nss
libraries, you could get glibc to add Provides: libc-nss-abi (= N) or
Provides: libc-nss-abi-N and a mechanism to get the current ABI number
at build time then have aide depend on that. Then when glibc
transitions happen, aide could get binNMUed automatically.

I wondering which nss calls aide is doing and if they can be
eliminated entirely.

I think I would lean towards the dynamic solution; I assume that if
someone can modify the nss libraries then they can also modify the
static aide binaries.

It might be worth discussing the issue with aide upstream, they
probably have guidance about this by now.

PS: I wonder if you are tracking when static aide requires a binNMU
after security updates to libraries it uses?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- static linking, libc and handling this in the aide package
  - From: Marc Haber <mh+debian-mentors@zugschlus.de>

Prev by Date: Bug#994110: RFS: python-mongoengine/0.23.1-1 -- Python Document-Object Mapper for working with MongoDB
Next by Date: Bug#994129: RFS: lebiniou-data/3.62.0-1 -- datafiles for Le Biniou
Previous by thread: static linking, libc and handling this in the aide package
Next by thread: Bug#994110: RFS: python-mongoengine/0.23.1-1 -- Python Document-Object Mapper for working with MongoDB
Index(es):
- Date
- Thread