On Mon, Sep 17, 2012 at 05:30:44PM +0200, gregor herrmann wrote: > On Sun, 16 Sep 2012 20:19:56 +0200, Alessandro Ghedini wrote: > > Ciao Alessandro, > > thanks alot for taking the time to shed some light here!
No problem > > > Directly depending on libcurl3* packages is of no use: either the > > > application > > > links to a libcurl flavour, in which case it would already Depends on a > > > suitable > > > libcurl3 package, or it doesn't and it wouldn't pick up the library even > > > if > > > installed > > Makes sense ... But liboauth does link (and therefore depend on) one > of the curl libs, unless forced to do otherwise. My comment was about the "do not build-depends on libcurl4*-dev and manually depend on a libcurl3*" solution exposed above, which wouldn't work. > What I've done now, since I'm more interested in #650138 actually :) I think I see the problem: the NSS libcurl flavour needs a proper NSS certificate database (just like any other application using NSS, e.g. chromium and firefox generate their own databases), otherwise the SSL/TLS support is mostly broken (i.e. the certificate checks always fail, see #655628). Now I'm not really into OAuth nor Twitter-like things, but I guess that Twitter and Identi.ca provide an HTTPS end-point for their OAuth APIs... HTTPS requires SSL/TLS certificate checking by default... I guess you see where this is going. I think liboauth use of NSS does not involve certificate checking but libcurl's, unless otherwise told, does. But they are independent. From liboauth 0.9.4-3 changelog: * Sync from Ubuntu: [ Mathieu Trudel-Lapierre ] * debian/control: liboauth-dev really needs libcurl4-nss-dev, not libcurl4-gnutls-dev (nss is required in the .pc file) (closes: #646485, #639565) [ Sjoerd Simons ] * collab-main team update * debian/control: Swith build-depend to libcurl4-nss-dev from libcurl4-gnutls-dev. oauth itself uses nss for SSL That probably explains why liboauth and in turn bti stopped working from that version. So, to recap, IMO liboauth and bti (well, I'm not really sure about bti... but that doesn't hurt) should build-depend on libcurl4-gnutls-dev, which would fix #650138, and liboauth-dev should depend on libcurl4-gnutls-dev | libcurl4-dev, which would fix #639565 (as exposed in the submission email). libcurl3* runtime independence is not possible unless leaving libcurl's symbols unresolved (as explained a few emails ago). But I don't quite see why one would want the independence in the first place. To quote Tsukasa Hamano: "The depends is force developper to link with gnutls", I'm not quite sure what he meant, but the developer (using liboauth) is not forced to link againt anything, liboauth is, but it doesn't affect the developer using it. And when using a static liboauth (i.e. what the Requires.private in oauth.pc and the liboauth-dev Depends are for) one can choose any libcurl. If really needed, one can rebuild liboauth from source, in which case "libcurl4-gnutls-dev | libcurl4-dev" in its build-depend would help. Cheers -- perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
signature.asc
Description: Digital signature