From hertzog at debian.org  Fri Dec  2 09:43:17 2016
From: hertzog at debian.org (=?UTF-8?Q?Rapha=C3=ABl?= Hertzog)
Date: Fri, 02 Dec 2016 10:43:17 +0100
Subject: [Pkg-net-snmp-devel] Bug#846569: libsnmp-dev: Should depend on
	"libssl-dev | libssl1.0-dev" if possible
Message-ID: <148067179795.17751.7163579248049765972.reportbug@x260-buxy.home.ouaza.com>

Package: libsnmp-dev
Version: 5.7.3+dfsg-1.5+b1
Severity: serious
Justification: FTBFS in openvas

Currently openvas is not buildable because it build-depends on libssh-dev
which depends on libssl1.0-dev and libsnmp-dev which depends on
libssl-dev (and both libssl*-dev are not co-installable).

I believe we might be able to fix this by making libsnmp-dev depend on either
version of the -dev package. But this is true only if libsnmp does not reuse
parts of the SSL API in its own API... and I don't know if this is the case.

If that's not the case, then we should stick to libssl1.0-dev until
ssh works with OpenSSL 1.1 and everything can be switch together to version 1.1.


report:
 -
  package: sbuild-build-depends-openvas-libraries-dummy
  version: 0.invalid.0
  architecture: amd64
  status: broken
  reasons:
   -
    conflict:
     pkg1:
      package: libssl1.0-dev
      version: 1.0.2j-4
      architecture: amd64
      unsat-conflict: libssl-dev:amd64
     pkg2:
      package: libssl-dev
      version: 1.1.0c-2
      architecture: amd64
     depchain1:
      -
       depchain:
        -
         package: sbuild-build-depends-openvas-libraries-dummy
         version: 0.invalid.0
         architecture: amd64
         depends: libssh-dev:amd64 (>= 0.5.0)
        -
         package: libssh-dev
         version: 0.7.3-2
         architecture: amd64
         depends: libssl1.0-dev:amd64
     depchain2:
      -
       depchain:
        -
         package: sbuild-build-depends-openvas-libraries-dummy
         version: 0.invalid.0
         architecture: amd64
         depends: libsnmp-dev:amd64
        -
         package: libsnmp-dev
         version: 5.7.3+dfsg-1.5+b1
         architecture: amd64
         depends: libssl-dev:amd64


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


From debian at jon.limedaley.com  Fri Dec  2 19:14:09 2016
From: debian at jon.limedaley.com (Jon Daley)
Date: Fri, 2 Dec 2016 14:14:09 -0500 (EST)
Subject: [Pkg-net-snmp-devel] Bug#684721: /lib configuration files?
Message-ID: <alpine.DEB.2.00.1612021412370.20047@orange.limedaley.com>

One thing I've really appreciated about Debian is that all configuration 
files are under /etc, so I can put /etc under source control, and know 
that I have all configs saved.

With systemd, has that changed - e.g. should I be putting /lib/systemd 
under source control as well?  Does systemd have a provision for 
user-supplied customizations to the defaults in /lib/systemd?  I imagine 
that my customizations will be overwritten (with a warning, hopefully?) 
upon upgrade?


-- 
Jon Daley
http://jon.limedaley.com
~~
There is no time like the present for
postponing what you ought to be doing.


From owner at bugs.debian.org  Tue Dec 13 20:42:05 2016
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 13 Dec 2016 20:42:05 +0000
Subject: [Pkg-net-snmp-devel] Processed: openvas-libraries should re-enable
 net-snmp support when #846569 is fixed
References: <148166147530.17811.686666247631046598.reportbug@localhost>
 <148166147530.17811.686666247631046598.reportbug@localhost>
Message-ID: <handler.s.B.148166148910656.transcript@bugs.debian.org>

Processing control commands:

> block -1 by 846569
Bug #848080 [src:openvas-libraries] openvas-libraries should re-enable net-snmp support when #846569 is fixed
848080 was not blocked by any bugs.
848080 was not blocking any bugs.
Added blocking bug(s) of 848080: 846569

-- 
848080: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848080
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From sebastian at breakpoint.cc  Sat Dec 17 20:42:40 2016
From: sebastian at breakpoint.cc (Sebastian Andrzej Siewior)
Date: Sat, 17 Dec 2016 21:42:40 +0100
Subject: [Pkg-net-snmp-devel] Bug#846569: libsnmp-dev: Should depend on
	"libssl-dev | libssl1.0-dev" if possible
In-Reply-To: <148067179795.17751.7163579248049765972.reportbug@x260-buxy.home.ouaza.com>
References: <148067179795.17751.7163579248049765972.reportbug@x260-buxy.home.ouaza.com>
Message-ID: <20161217204238.bceabi47afbuxl2w@breakpoint.cc>

On 2016-12-02 10:43:17 [+0100], Rapha?l Hertzog wrote:
> Currently openvas is not buildable because it build-depends on libssh-dev
> which depends on libssl1.0-dev and libsnmp-dev which depends on
> libssl-dev (and both libssl*-dev are not co-installable).
> 
> I believe we might be able to fix this by making libsnmp-dev depend on either
> version of the -dev package. But this is true only if libsnmp does not reuse
> parts of the SSL API in its own API... and I don't know if this is the case.
> 
> If that's not the case, then we should stick to libssl1.0-dev until
> ssh works with OpenSSL 1.1 and everything can be switch together to version 1.1.

I've been just looking at this due to libsnmp-perl deps on libssl. The
perl .so files link against libcrypto.so but they don't share any
symbols so I don't think this linking is required (or openssl used by
perl at all).
The 1.1.0 support should not be that complicated but if you have
packages that depend on it and already moved on to libssl1.0-dev I would
say to keep this package with libssl1.0-dev for Stretch.

Sebastian