search

ndilieto / uacme

ACMEv2 client written in plain C with minimal dependencies
GNU General Public License v3.0
432 stars 37 forks source link

Debian package uses libcurl3-gnutls but OpenWrt use libcurl4 #59

Closed stokito closed 2 years ago

stokito commented 2 years ago

I'm confusing about dependencies and would be glad if you can clarify. On Ubuntu and Debian the uacme package depends on libcurl4. I didn't found the debian folder with control file but apt shows these dependencies:

Depends: libc6 (>= 2.33)
  Depends: libcurl3-gnutls (>= 7.38)
  Depends: libev4 (>= 1:4.04)
  Depends: libgnutls30

So here I see that the libcurl3-gnutls is used directly by the uacme e.g. not just libcurl3 which may use a different backend by default. Also the libgnutls30 is used directly by the uacme itself and the package was compiled with it. That's fine.

The question is why not use the libcurl4 dependency? As far I understood there is no any libcurl4-gnutls but it will internally pick up an installed backed library, right? Update yes, it can be dynamically load an available TPS backend https://curl.se/mail/lib-2017-08/0118.html

The things become more weird for OpenWrt. There the uacme package uses the libcurl4 (not 3!) which itself depends on WolfSSL as it's now the default library for OpenWrt in last releases. But OpenWrt team working on moving back to MbedTLS.

In the same time the uacme itself depends on libmbedtls12. This is understandable but still some OpenWrt based firmwares for routers like Turris and Gl.inet are using just OpenSSL. Maybe for them it would be better to create a separate package like uacme-openssl.

Another strange thing is that the OpenWrt uacme package doesn't depend on libev. In the same time I see that the library is just included into sources. Is it statically linked or something like that? There is some issue that may be related https://github.com/openwrt/packages/issues/19015

ndilieto commented 2 years ago

On debian stable uacme build-depends on libcurl4-gnutls-dev as you can see at https://packages.debian.org/source/bullseye/uacme and libcurl4-gnutls-dev depends on libcurl3-gnutls as you can see at https://packages.debian.org/bullseye/libcurl4-gnutls-dev (the curl source package at https://packages.debian.org/source/bullseye/curl doesn't build any ibcurl4-gnutls).

Note that uacme can be compiled with any of GnuTLS (the default), OpenSSL or mbedTLS. It is up to the distribution to chose which one. On debian I am also the package maintainer and I chose GnuTLS. On OpenWRT the maintainer chose - understandably - mbedTLS.

Also note that uacme carries its own local copy of libev but if the configure script finds a system wide libev it will pick it up. The OpenWRT maintainer recently added libev to the dependencies, see https://github.com/openwrt/packages/commit/1642b68d4583c45e87b9628a38ae039e23617e0d

stokito commented 2 years ago

Thank you for the clarification