fix(22.04/libnss3): libs should contain all libraries

canonical / chisel-releases

36 stars 51 forks source link

fix(22.04/libnss3): libs should contain all libraries #382

Closed rebornplusplus closed 5 days ago

rebornplusplus commented 1 month ago

This PR restructures the libnss3 slices. It renames the former libs slice to nss, to only include nss3-specific libraries. It also adds a new slice smime to include S/MIME libraries.

Finally, the libs slice is added back, which includes all of the slices that provide libraries. The rationale is that "libs" slices should contain all libraries coming from the package.

Note that the ca-certificates-java slice has also been updated to reflect this change.

Resolves #381

github-actions[bot] commented 1 month ago

Diff of dependencies:

slices/ca-certificates-java.yaml

```diff @@ -1,4 +1,2 @@ ca-certificates -default-jre-headless -java8-runtime-headless libnss3 ```

rebornplusplus commented 1 month ago

@vpa1977, will you please take a look at this PR? I could not add you to the reviewers list up there on the top-right.

vpa1977 commented 1 month ago

@vpa1977, will you please take a look at this PR? I could not add you to the reviewers list up there on the top-right.

I also can not add myself to reviewers. sqlite3 comes as a dependency of /usr/lib/x86_64-linux-gnu/libsoftokn3.so and libnssutils are also required for it.

This is used in pkcs11 implementation of openjdk https://github.com/openjdk/jdk/blob/f0b130e54f33d3190640ce33c991e35f27e9f812/test/jdk/sun/security/tools/keytool/KeyToolTest.java#L38

I would suggest supplying the slice and adding a note in openjdk security slices.

rebornplusplus commented 1 week ago

The ca-certificates-java_data slice currently have a cacerts file and an empty directory. We do not need the nss libraries at all directly, but they are used by the openjdk slices.

Hiya @vpa1977 and @cjdcordeiro, based on this comment above, I have removed the libnss3_nss from ca-certificates-java_data and added it directly to openjdk-8-jre-headless_security slice. Please let me know what you think!

Also, I don't know if I was asleep or something before, but I finally added the libsoftokn.so files. :facepalm:

rebornplusplus commented 6 days ago

Maybe we should drop soft token changes and make a separate PR with the integration test?

I agree. Let's add the soft token stuff in a later PR with passing tests.

cjdcordeiro commented 5 days ago

Waiting for PRs for newer releases