Package: pnet-assemblies Version: 0.7.4-1 Severity: serious There seems to be a fundamental problem in the way this package determines some shared library dependencies:
1. The configure script checks the SONAMEs of the installed versions of various libraries and records these in pinvoke.map. (If a library has missing or has no SONAME, nothing is recorded.) 2. The code that uses these libraries has private copies of their function declarations translated into C#. 3. At run-time the libraries are called through the P/Invoke mechanism, which I assume uses pinvoke.map to determine the appropriate filename and then calls dlopen and dlsym. There are several problems with this: A. The SONAMEs in pinvoke.map need to match those for the versions from which the declarations are taken and translated to C#, but I don't see any mechanism for making this happen. B. The configure script checks large numbers of libraries that do not appear to be used by this package, resulting in many apparently meaningless SONAME mappings. C. These shared library dependencies are invisible to dpkg-shlibdeps, so they aren't included in the binary package's dependencies. Based on a grep of the source, I believe the following libraries are used through the P/Invoke mechanism: libICE, libgnutls, libjpeg, libssl. I think the source package should use a static pinvoke.map that contains SONAME mappings for these libraries that match the C# declarations and is then included in the binary. The binary package should include corresponding package dependencies; it may be possible to automate generation of these from pinvoke.map. Ben. -- Ben Hutchings -- [EMAIL PROTECTED] shortened to [EMAIL PROTECTED] If you've signed my GPG key, please send a signature on and to the new uid. The program is absolutely right; therefore, the computer must be wrong.
signature.asc
Description: This is a digitally signed message part