Ubuntu
libbpf package

Discrepancy Rules for Source vs Binaries for USN-5759-1

Asked by Kaio Barbosa

I am trying to understand why there is a discrepancy between Source version and Binary version for the source package `libbpf`?

Basically, I can find an Epoch 1 for the binaries, but that Epoch is absent in Source as described below:

+++ Example from the USN database - USN-5759-1

++ allbinaries

```
cat /tmp/database-all.json | jq '."5759-1".releases.jammy.allbinaries'
{
  "libbpf-dev": {
    "pocket": "security",
    "source": "libbpf",
    "version": "1:0.5.0-1ubuntu22.04.1". <<<< Epoch 1
  },
  "libbpf0": {
    "pocket": "security",
    "source": "libbpf",
    "version": "1:0.5.0-1ubuntu22.04.1" <<<< Epoch 1
  }
}
```

++ the Source field

```
cat /tmp/database-all.json | jq '."5759-1".releases.jammy.sources'
{
  "libbpf": {
    "version": "0.5.0-1ubuntu22.04.1", <<<< Missing Epoch
    "description": "eBPF helper library (development files)"
  }
}
```

++ In the OS is the same:

```
dpkg-query -f 'Binary-> ${Package}, Version-> ${Version} \nSource -> ${source:Package}, Version -> ${source:Version}\n' -W libbpf0

Binary-> libbpf0, Version-> 1:0.5.0-1
Source -> libbpf, Version -> 0.5.0-1
```

I am asking about this missing Epoch in the Source field, since other Rules have Epochs defined in both Source and Binaries/AllBinaries sections. This missing information makes it difficult to accurately map the rule definition to the corresponding binaries.

Thank you.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu libbpf Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
william john (williamjohn897) said : 		#2

It seems like there might be a discrepancy in the packaging of the libbpf source package, specifically related to the Epoch field. The Epoch is a version component in Debian packaging that allows for versioning overrides. In the example you provided, the binaries have Epoch 1, but the source lacks this information.

There are a few potential reasons for this discrepancy:

Packaging Error:
It could be a packaging error or inconsistency in how the Debian source package (libbpf) is being prepared. The person responsible for packaging may have overlooked or intentionally omitted the Epoch in the source package.

Upstream Changes:
Sometimes, the upstream source code might be modified to address compatibility issues or other reasons. If the Epoch is not present in the upstream source, it may not be reflected in the Debian source package.

Intentional Omission:
In some cases, packagers may choose not to include the Epoch in the source package if they believe it is unnecessary or if the source version itself is considered sufficient.

To address this issue, you may want to:

Check the Debian source package for libbpf directly to see if the Epoch information is present there.
Consult the Debian packaging guidelines or contact the Debian maintainers to understand if this is intentional or if it should be considered a bug.
Additionally, you may consider filing a bug report or seeking assistance on the Debian Bug Tracking System to bring attention to this discrepancy and get feedback from the Debian packaging maintainers.

Revision history for this message
Kaio Barbosa (kaiux) said : 		#3

Thank you. I will reach out Debian team.

Can you help with this problem?

Provide an answer of your own, or ask Kaio Barbosa for more information if necessary.

To post a message you must log in.