Bug#639565:
Hi, I think, This is best solution. Build-Depends: libcurl4-gnutls-dev (It can be a any real package.) liboauth-dev's Depends: liboauth0 (= ${binary:Version}), ${misc:Depends}, libcurl4-gnutls-dev | libcurl4-dev, libnss3-dev liboauth0's Depends: ${misc:Depends}, ${shlibs:Depends}, libcurl3 | libcurl3-gnutls | libcurl3-nss As we know, This isn't enough due to ${shlibs:Depends} is include libcurl3-gnutls then remove another libcurl 'or' conditions. Please apply the patch: --- liboauth-0.9.4.orig/src/Makefile.am +++ liboauth-0.9.4/src/Makefile.am @@ -4,5 +4,5 @@ include_HEADERS = oauth.h liboauth_la_SOURCES=oauth.c config.h hash.c xmalloc.c xmalloc.h oauth_http.c liboauth_la_LDFLAGS=@LIBOAUTH_LDFLAGS@ -version-info @VERSION_INFO@ -liboauth_la_LIBADD=@HASH_LIBS@ @CURL_LIBS@ +liboauth_la_LIBADD=@HASH_LIBS@ liboauth_la_CFLAGS=@LIBOAUTH_CFLAGS@ @HASH_CFLAGS@ @CURL_CFLAGS@ Actually, we do not need to link shared library to shared library. We'll get liboauth0 package that Depends: libcurl3 | libcurl3-gnutls | libcurl3-nss Thank you. At Thu, 2 Aug 2012 08:12:21 +0200, gregor herrmann gre...@debian.org wrote: On Thu, 02 Aug 2012 12:03:34 +0900, HAMANO Tsukasa wrote: 2) I'm not sure if bilding against on one and then depending on a different version works? No problem, liboauth is not use directly SSL interface. We can switch them when linking application with liboauth. Ok. For liboauth-dev, my patch specifies Depends: ..., libcurl4-gnutls-dev | libcurl4-dev, libnss3-dev, ... which should be enough to solve the issue you were raising here, right? Yes, liboauth-dev's issue was solved. liboauth0 dependency is a little strange, but I'm ok to closing the bug. Thanks very much! Well, it's not solved yet, since the fixed package only existed in some temporary directory on my laptop :) Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- Rome wasn't burned in a day. -- HAMANO Tsukasa ham...@cuspy.org pgpma8JvsEqDX.pgp Description: OpenPGP Digital Signature
Bug#639565:
Hi, At Wed, 1 Aug 2012 08:31:37 +0200, gregor herrmann gre...@debian.org wrote: Cf. the description of the lintian warning: http://lintian.debian.org/tags/virtual-package-depends-without-real-package-depends.html Ok, I understood your change(libcurl4-gnutls-dev | libcurl4-dev) is proper. But I think strange runtime depends. which has a very interesting effect: The runtime dependencies for liboauth0 change from Depends: libc6 (= 2.4), libcurl3-nss (= 7.16.2-1), libnss3-1d (= 3.12.0~1.9b1) to Depends: libc6 (= 2.4), libcurl3-gnutls (= 7.16.2), libnss3 (= 2:3.13.4-2~) | libnss3-1d (= 3.12.0~1.9b1) Probably, It would be better the runtime dependency is libcurl3 | libcurl3-nss | libcurl3-gnutls. Well, It would not be such a critical issue, due to they are able to exist together. Thank you. -- HAMANO Tsukasa ham...@cuspy.org pgpLYtBMSOZeO.pgp Description: OpenPGP Digital Signature
Bug#639565:
At Wed, 1 Aug 2012 11:30:45 +0200, gregor herrmann gre...@debian.org wrote: On Wed, 01 Aug 2012 18:13:25 +0900, HAMANO Tsukasa wrote: which has a very interesting effect: The runtime dependencies for liboauth0 change from Depends: libc6 (= 2.4), libcurl3-nss (= 7.16.2-1), libnss3-1d (= 3.12.0~1.9b1) to Depends: libc6 (= 2.4), libcurl3-gnutls (= 7.16.2), libnss3 (= 2:3.13.4-2~) | libnss3-1d (= 3.12.0~1.9b1) Probably, It would be better the runtime dependency is libcurl3 | libcurl3-nss | libcurl3-gnutls. I see your point but 1) this dependency is calculated automatically from ${shlibs:Depends}, to add the alternatives would prbably need some ugly hack hmm, 2) I'm not sure if bilding against on one and then depending on a different version works? No problem, liboauth is not use directly SSL interface. We can switch them when linking application with liboauth. 3) the dependency on libcurl3-gnutls actually fixes #650138 Well, It would not be such a critical issue, due to they are able to exist together. And that's for liboauth0. For liboauth-dev, my patch specifies Depends: ..., libcurl4-gnutls-dev | libcurl4-dev, libnss3-dev, ... which should be enough to solve the issue you were raising here, right? Yes, liboauth-dev's issue was solved. liboauth0 dependency is a little strange, but I'm ok to closing the bug. Thanks very much! -- HAMANO Tsukasa haman...@gmail.com pgpcUYNH9Akq5.pgp Description: OpenPGP Digital Signature
Bug#639565:
Hi, Thanks for your response. At Sat, 28 Jul 2012 19:28:40 +0200, gregor herrmann gre...@debian.org wrote: libcurl4-dev is a virtual package, so we need a real one too. Why do we need to specify a real package? Please tell me why we can't specify virtual package. What I've tried now is: -Depends: liboauth0 (= ${binary:Version}), libcurl4-nss-dev, ${misc:Depends} +Depends: liboauth0 (= ${binary:Version}), libcurl4-gnutls-dev | libcurl4-dev, libnss3-dev, ${misc:Depends} (snip) which has a very interesting effect: The runtime dependencies for liboauth0 change from Depends: libc6 (= 2.4), libcurl3-nss (= 7.16.2-1), libnss3-1d (= 3.12.0~1.9b1) to Depends: libc6 (= 2.4), libcurl3-gnutls (= 7.16.2), libnss3 (= 2:3.13.4-2~) | libnss3-1d (= 3.12.0~1.9b1) This issue is not resolved. The depends is force developper to link with gnutls. I think that we don't need to specify a ssl library package. Thank you. and with the rebuilt library installed, the bug in #650138 is gone! Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: David Bowie: Ground Control to Major Tom -- HAMANO Tsukasa ham...@cuspy.org pgpJyGPMt4Bgj.pgp Description: OpenPGP Digital Signature