Hi Matijs, I totally get your point and agree that this situation is not ideal. Unfortunately, I don't think the exact dependent package version is something that we as package managers can or should hard code in this fashion.
Look at the "debian/control" file in the package repo: https://salsa.debian.org/netatalk-team/netatalk/-/blob/debian/latest/debian/control#L20 See that "libgcrypt20-dev" is defined as a dependency without specifying a version. It is actually debbuild (I think) that resolves the exact version dependency when it builds the package for a particular Debian version. Hence, when debbuild builds a package for Bookworm Stable, the dependency resolves as libgcrypt20-dev==1.10.1 and when it's built for Unstable it gets resolved as libgcrypt20-dev==1.10.2. So when you install the Unstable package on Bookworm you run into this dependency problem with libgcrypt20-dev. Someone who knows Debian better could correct me if I'm wrong. :) Does this make sense? Daniel On Friday, December 1st, 2023 at 6:01 PM, Matijs van Zuijlen <mat...@matijs.net> wrote: > > > Hi Daniel, > > Indeed, I am running Debian stable on my server with just netatalk and > some of its dependencies from testing, so my setup is a bit unconventional. > > This is in fact the case because Netatalk was dropped from Debian 12, > and I didn't want to keep running the old version which has a security > issue. > > However, I think installing netatalk from any Debian version should > still pull in the correct version of libgcrypt. Isn't that something > that can be addressed in the netatalk package? I can imagine later > versions of netatalk would need still newer versions of libgcrypt. The > current dependency specification would fail to pull those in. > > Kind regards, > Matijs van Zuijlen > > On 01/12/2023 00:42, Daniel Markstedt wrote: > > > Hi Matijs, > > > > This is not something we can address in the netatalk package itself, since > > you're using an Unstable netatalk package with a Stable Debian version. > > (Netatalk was dropped from Debian 12 Bookworm.) > > > > See this upstream discussion for more details: > > https://github.com/Netatalk/netatalk/discussions/574 > > > > Best regards, > > Daniel > > > > On Thursday, November 30th, 2023 at 11:05 PM, Matijs van Zuijlen > > mat...@matijs.net wrote: > > > > > Dear maintainer, > > > > > > This problem still exists. I installed netatalk from testing on a Debian > > > server running stable, and libgcrypt was not updated at the same time > > > because the dependency in the netatalk package specifies '>= 1.10.0', > > > > > > which matches the stable version 1.10.1, while testing's netatalk > > > actually needs libgcrypt 1.10.2. This lead to a flood of errors in the > > > logs. Updating the libgcrypt package to the testing version (1.10.2) > > > fixed that problem. > > > > > > As far as I can tell, the solution would be for the netatalk package to > > > depend on (at least?) the libgcrypt version it was compiled with. > > > > > > -- > > > Kind regards, > > > Matijs van Zuijlen > > > > > > -- > > > pkg-netatalk-devel mailing list > > > pkg-netatalk-de...@alioth-lists.debian.net > > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-netatalk-devel > > > -- > pkg-netatalk-devel mailing list > pkg-netatalk-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-netatalk-devel
