XPost: linux.debian.bugs.dist
Maytham Alsudany <
maytha8thedev@gmail.com> writes:
+``Static-Built-Using``
+~~~~~~~~~~~~~~~~~~~~~~
+
+This ``Static-Built-Using`` field must list source packages with an +"exactly equal" ("=") version relation, which had their contents (like +source code or data) incorporated into the binary package during the
+build.
I have a (possibly non-typical) situation that I believe warrant use of Static-Built-Using and I find the above explanation ambiguous wrt if the transitive closure of packages should be included or not.
(A side-note is that referring to source package names in
'Static-Built-Using' makes it hard to know which binary package from
that source package actually ship the embedded code. I suspect it is
too late to change this though.)
My naive reading of the text above suggests that ALL source packages
with that property ought to be included. I'm not certain that is a good
idea or even if this is intended.
My situation is that 'tkey-ssh-agent' embeds a RISCV firmware app blob
which comes from the 'tillitis-tkey-device-signer' package which embeds
RISCV object code from the 'tillitis-tkey-libs' package.
In an upcoming upload, I plan to add
Static-Built-Using: tillitis-tkey-libs (= 0.1.2-2)
to the 'tillitis-tkey-device-signer' package.
However, what is the right header for the 'tkey-ssh-agent' package?
Naively interpreted, I think the above policy would suggest this:
Static-Built-Using: tillitis-tkey-libs (= 0.1.2-2), tillitis-tkey-device-signer (= 0.1.2-2)
However is that useful? Wouldn't the following be sufficient:
Static-Built-Using: tillitis-tkey-device-signer (= 0.1.2-2)
Code that goes looking at the 'tillitis-tkey-device-signer' source
package ought to be able to find that one of its binary packages, namely 'tillitis-tkey-device-signer', has a Static-Built-Using on another
package.
The problem with interpreting the text above as indicating the
transitive closure is that there may be no end to the list. For
example, 'tillitis-tkey-libs' most likely embeds static code coming from
the compiler, in the 'clang-19' package (or some other dependent package
of 'clang-19'). Should 'clang-19' be added to 'Static-Built-Using'? Recursively, I suspect that the 'clang-19' binary package in Debian of
version X either embeds static code coming from gcc version Y or clang
version X-1. Should 'clang-19' have a Static-Built-Using on its
compiler? I'm not sure this is useful or intended.
Maybe adding an example for embedded static C object code like this
would help clarify the intention.
/Simon
-----BEGIN PGP SIGNATURE-----
iQNnBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmegt2sUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdForPJAPiV1GeG0BTl 3ZS6/ijI9qWLFTRU7sdrUC2WVLgnT0r8AP9rJp7jRy6pt5NW/bh4L+aIfbj5uVg/ AQQygtpwyTs0Cw==
=sfZe
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)