Source: lintian Version: 2.114.0 Severity: normal X-Debbugs-Cc: jo...@debian.org
Hi, currently, the explanation of package-name-doesnt-match-sonames reads: N: The package name of a library package should usually reflect the soname of the included N: library. The package name can determined from the library file name with the following code N: snippet: N: N: $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | \ N: sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/' I think this can be improved. Firstly, the text above talks about "should" but policy §8.1 talks about "must": > The run-time shared library must be placed in a package whose name changes > whenever the SONAME of the shared library changes. The tag explanation also misses why this is important which is also explained by policy §8.1: > This allows several versions of the shared library to be installed at > the same time, allowing installation of the new version of the shared > library without immediately breaking binaries that depend on the old > version. Maybe amend the explanation of the tag with text from policy, turning a "should" into a "must" or directly reference the first paragraph of §8.1. The use of "should" in the current explanation doesn't give much reason why one should not override this tag. Secondly, using this tag easily leads to mistakes when upstream *does* bump the SONAME but if the maintainer overrode this tag will do an upload without changed package name. This happened for example recently in #1012407 or in #1010536. In #debian-devel, Simon McVittie two ways to prevent this from happening in the future. Since lintian cannot detect the intent of the developer, I think it would make sense to extend the description of the tag to inform the developer about the possible consequences of overriding this tag and what they can do to prevent bugs like #1012407 or #1010536 to happen in the future. The hope is that by giving more context in the tag description, maintainers who want to override this tag, also will take extra action to prevent bad uploads. Simon McVittie presented two possible solutions: 1. override the entire lintian tag, not just the tag name Instead of writing: > libfooXX: package-name-doesnt-match-sonames write (for example when overriding because of bundling): > libfooXX: package-name-doesnt-match-sonames libbarXX libbazXX That way, should XX change, the tag will not match anymore and the developer would get a lintian warning. This is done for example in src:glib2.0 d/libglib2.0-0.lintian-overrides. 2. use fully qualified names in d/*.install Instead of writing: > usr/lib/*/libfoo*.so.* write: > usr/lib/*/libfoo-XX.so.Y > usr/lib/*/libfoo-XX.so.Y.* That way, should the SONAME change, the wildcard would no longer match and the maintainer would receive an error and has to investigate the situation. I propose the following new explanation for package-name-doesnt-match-sonames: N: The run-time shared library must be placed in a package whose name changes N: whenever the SONAME of the shared library changes. N: This allows several versions of the shared library to be installed at N: the same time, allowing installation of the new version of the shared N: library without immediately breaking binaries that depend on the old N: version. See policy §8.1 for details. N: N: If you decide to override this tag, please consider adding measures to N: prevent you from accidentally forgetting to change the shared library N: package name in case an SONAME bump happens in the future. So instead of N: adding an override like: N: N: libfoo-bar: package-name-doesnt-match-sonames N: N: override the entire lintian tag with version numbers: N: N: libfoo-bar: package-name-doesnt-match-sonames libbarXX libbazXX N: N: Additionally, consider explicitly adding version numbers instead of N: wildcards into your d/lib*.install. That way, you will get an error should N: the SONAME change in the future. Instead of writing: N: N: usr/lib/*/libfoo*.so.* N: N: write: N: N: usr/lib/*/libfoo-bar.so.Y N: usr/lib/*/libfoo-bar.so.Y.* N: N: The package name can determined from the library file name with the following code snippet: N: N: $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | \ N: sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/' Thanks! cheers, josch