Source: openimageio Severity: normal Dear Maintainer,
while backporting openimageio_2.0.12~dfsg0-1 (to Ubuntu 18.04 LTS), I stumbled over the following insidious problem with the underlying upstream-build and the DEB package. The CMake buildsystem contains a macro to check for a proper pybind11 version. However, by default, this macro (src/cmake/externalpackages.cmake, line 542) attempts to be "smart", and automatically downloads a newer version of pybind11 via Git if "necessary", instead of failing with a clear error message. We certainly do not want a Debian build silently to download sources from "somewhere" My proposed fix: (1) suppress that behaviour in debian/rules --- orig/openimageio-2.0.12~dfsg0/debian/rules 2019-10-04 12:02:14.000000000 +0200 +++ openimageio-2.0.12~dfsg0/debian/rules 2020-01-20 02:47:22.160681481 +0100 @@ -21,6 +21,7 @@ -DROBINMAP_INCLUDE_DIR="/usr/include/" \ -DCMAKE_SKIP_RPATH=ON \ -DPYTHON_VERSION=$(PY3VERS) \ + -DBUILD_MISSING_PYBIND11=OFF \ -DSTOP_ON_WARNING=OFF \ -DUSE_FIELD3D=OFF \ -DUSE_OPENGL=$(SETGL) (2) I'd be inclined to define a precise lower bound in the debian/control, Not sure about that though, since it causes a maintennance liability... --- orig/openimageio-2.0.12~dfsg0/debian/control 2019-10-04 23:24:41.000000000 +0200 +++ openimageio-2.0.12~dfsg0/debian/control 2020-01-20 03:16:38.561245302 +0100 @@ -25,7 +25,7 @@ libraw-dev, libtiff-dev, libwebp-dev, - pybind11-dev, + pybind11-dev (>= 2.2.0), python3-dev, qtbase5-dev, robin-map-dev (>= 0.2.0) -- System Information: Debian Release: 10.2 APT prefers stable APT policy: (900, 'stable'), (650, 'stable'), (500, 'stable-updates'), (95, 'testing'), (80, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)