Source: libsepol Version: 3.5-1 Severity: normal Tags: patch User: helm...@debian.org Usertags: dep17m2 X-Debbugs-Cc: vor...@debian.org
We want to finalize the /usr-merge transition via DEP17[1]. For libsepol, this means moving all remaining files from aliased directories in / to /usr. There only is libsepol.so.2 in package libsepol2. Until recently, such a move was prohibited by the file move moratorium. This has now been delegated to https://wiki.debian.org/UsrMerge. We still must be careful, because libsepol is part of the debootstrap --variant=minbase set. DEP17 gives us a template of problems to watch out for. P1 is not relevant now, but may become relevant via the 2038 transition. In the process, libsepol2 may be renamed to libsepol2t64 keeping the soname. In an upgrade from bookworm to trixie, libsepol.so.2 would thus move from / to /usr and from libsepol2 to libsepol2t64 triggering the file loss scenario that the moratorium meant to prevent. Therefore, please upload the time64 change to experimental first and let it wait for at least three days. We might get away with upgrading Breaks to Conflicts (DEP17 M7), but we probably should use protective diversions (DEP17 M8) instead to avoid making the upgrade too hard for apt. Problem classes P2, P3, P4, P5, P6 do not apply. P7 does not apply, because libsepol.so.2 is installed to an architecture-dependent path. I locally verified that this change does not impact debootstrap (P8). P9 will be handled elsewhere and P10 is not a problem, because /usr/lib/$multiarch is on the default library search path even on unmerged systems. Therefore I think we're good to go ahead. I'm attaching a patch that enables dh_movetousr. This is not a long-term solution. Eventually, you want to adjust the path in the packaging, but we must not do so in bookworm-backports. dh_movetousr will take care of becoming a noop in bookworm-backports. If you think backporting is not relevant to libsepol, consider changing paths directly instead. Helmut [1] https://subdivi.de/~helmut/dep17.html
diff --minimal -Nru libsepol-3.5/debian/changelog libsepol-3.5/debian/changelog --- libsepol-3.5/debian/changelog 2023-07-08 22:44:16.000000000 +0200 +++ libsepol-3.5/debian/changelog 2023-11-14 10:23:22.000000000 +0100 @@ -1,3 +1,10 @@ +libsepol (3.5-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Move libsepol.so.2 to /usr. (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Tue, 14 Nov 2023 10:23:22 +0100 + libsepol (3.5-1) unstable; urgency=medium * New upstream release diff --minimal -Nru libsepol-3.5/debian/control libsepol-3.5/debian/control --- libsepol-3.5/debian/control 2023-07-08 22:44:16.000000000 +0200 +++ libsepol-3.5/debian/control 2023-11-14 10:23:22.000000000 +0100 @@ -6,7 +6,7 @@ Maintainer: Debian SELinux maintainers <selinux-de...@lists.alioth.debian.org> Uploaders: Laurent Bigonville <bi...@debian.org>, Russell Coker <russ...@coker.com.au> Standards-Version: 4.6.2 -Build-Depends: debhelper-compat (= 13), file, flex +Build-Depends: debhelper-compat (= 13), dh-sequence-movetousr, file, flex Homepage: https://selinuxproject.org Rules-Requires-Root: no
