Stop bundling system libraries in .deb, declare as dependencies instead (fixes #387)

The .deb package was incorrectly bundling libuv, libllhttp, and libsqlite3
inside /usr/lib/lightnvr/. These are standard system libraries and should be
package dependencies. The binary was also linked against wrong SONAMEs
(e.g. libsqlite3.so instead of libsqlite3.so.0) because all three were
built from source with custom SONAME settings.

Dockerfile: add DEB_BUILD arg that installs system -dev packages (libuv1-dev,
libsqlite3-dev, libllhttp-dev) instead of building from source, so the binary
links against correct system SONAMEs. Default Docker image builds are unchanged.

debian-package.yml: pass DEB_BUILD=true, only bundle libsod (no system package
available), add libuv1t64, libsqlite3-0, and suite-specific libllhttp to Depends.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: matteius

.github/workflows/debian-package.yml

@@ -75,6 +75,7 @@ jobs:
           tags: lightnvr-pkg:local
           build-args: |
             DEBIAN_SUITE=${{ matrix.debian_suite }}
+            DEB_BUILD=true
 
       - name: Extract files and create .deb package
         run: |
@@ -105,17 +106,15 @@ jobs:
           docker cp "${CID}:/bin/lightnvr" "${PKG_DIR}/usr/bin/lightnvr"
           docker cp "${CID}:/bin/go2rtc"   "${PKG_DIR}/usr/bin/go2rtc"
 
-          # Custom-built libraries (bundle to guarantee ABI compatibility)
-          # Use docker cp to extract /usr/lib into a temp dir, then pick
-          # out only the bundled libraries we need.  This replaces the
-          # fragile "docker export | tar --wildcards" approach which broke
-          # when Docker/BuildKit changed the tar path prefix format.
+          # Bundle only libsod (not available as a system package).
+          # libuv, libllhttp, and libsqlite3 are declared as package
+          # dependencies and provided by the system at runtime.
           mkdir -p /tmp/lightnvr_libs
           docker cp "${CID}:/usr/lib/." /tmp/lightnvr_libs/
           echo "=== Bundled library candidates ==="
-          ls -la /tmp/lightnvr_libs/lib{uv,llhttp,sqlite3,sod}* 2>/dev/null || true
+          ls -la /tmp/lightnvr_libs/libsod* 2>/dev/null || true
 
-          for expected_lib in libuv libllhttp libsqlite3 libsod; do
+          for expected_lib in libsod; do
             found=0
             for f in /tmp/lightnvr_libs/${expected_lib}.so*; do
               # Only install real files, not symlinks (we recreate symlinks below)
@@ -133,21 +132,10 @@ jobs:
           done
           rm -rf /tmp/lightnvr_libs
 
-          # Recreate soname symlink chains inside the package directory
+          # Recreate soname symlink chains for libsod inside the package directory
           # (Docker COPY dereferences symlinks, so we must recreate them)
           (cd "${PKG_DIR}/usr/lib/lightnvr" && \
-            [ -f libsod.so.1.1.9 ]    && ln -sf libsod.so.1.1.9    libsod.so.1    && ln -sf libsod.so.1    libsod.so    || true; \
-            [ -f libuv.so.1.0.0  ]    && ln -sf libuv.so.1.0.0     libuv.so.1     && ln -sf libuv.so.1     libuv.so     || true; \
-            [ -f libllhttp.so.9.3.1 ] && ln -sf libllhttp.so.9.3.1 libllhttp.so.9 && ln -sf libllhttp.so.9 libllhttp.so || true)
-
-          # Find and symlink sqlite3 if extracted
-          SQLITE_FILE=$(find "${PKG_DIR}/usr/lib/lightnvr" -name 'libsqlite3.so.*' ! -type l | head -1)
-          if [ -n "${SQLITE_FILE}" ]; then
-            BASE=$(basename "${SQLITE_FILE}")
-            (cd "${PKG_DIR}/usr/lib/lightnvr" && \
-              ln -sf "${BASE}" libsqlite3.so.0 2>/dev/null || true && \
-              ln -sf libsqlite3.so.0 libsqlite3.so 2>/dev/null || true)
-          fi
+            [ -f libsod.so.1.1.9 ] && ln -sf libsod.so.1.1.9 libsod.so.1 && ln -sf libsod.so.1 libsod.so || true)
 
           # Web assets and migrations from the Docker image
           docker cp "${CID}:/var/lib/lightnvr/www/."          "${PKG_DIR}/var/lib/lightnvr/www/"
@@ -221,10 +209,12 @@ jobs:
           case "${DEBIAN_SUITE}" in
             sid)
               FFMPEG_DEPS="libavcodec62 | libavcodec-extra, libavformat62, libavutil60, libswscale9"
+              LLHTTP_DEP="libllhttp9.3"
               SUITE_NOTE="Note: This package targets Debian sid (unstable)."
               ;;
             trixie)
               FFMPEG_DEPS="libavcodec61 | libavcodec-extra, libavformat61, libavutil59, libswscale8"
+              LLHTTP_DEP="libllhttp9.2"
               SUITE_NOTE="Note: This package targets Debian 13 trixie (stable)."
               ;;
             *)
@@ -241,7 +231,7 @@ jobs:
           Architecture: ${DEB_ARCH}
           Maintainer: OpenSensor <support@opensensor.io>
           Installed-Size: ${INSTALLED_SIZE}
-          Depends: ffmpeg, ${FFMPEG_DEPS}, libcurl4t64 | libcurl4, libmbedtls21, libmosquitto1, libcjson1, procps
+          Depends: ffmpeg, ${FFMPEG_DEPS}, libuv1t64, libsqlite3-0, ${LLHTTP_DEP}, libcurl4t64 | libcurl4, libmbedtls21, libmosquitto1, libcjson1, procps
           Section: net
           Priority: optional
           Homepage: https://github.com/opensensor/lightNVR

Dockerfile

@@ -4,6 +4,7 @@ ARG SQLITE_YEAR=2026
 ARG SQLITE_AUTOCONF_VERSION=3520000
 ARG LIBUV_VERSION=1.52.1
 ARG LLHTTP_VERSION=9.3.1
+ARG DEB_BUILD=false
 
 FROM debian:${DEBIAN_SUITE}-slim AS builder
 
@@ -12,6 +13,7 @@ ARG SQLITE_YEAR
 ARG SQLITE_AUTOCONF_VERSION
 ARG LIBUV_VERSION
 ARG LLHTTP_VERSION
+ARG DEB_BUILD
 
 # Set non-interactive mode
 ENV DEBIAN_FRONTEND=noninteractive
@@ -39,18 +41,40 @@ RUN apt-get update && \
     go version && \
     rm -rf /var/lib/apt/lists/*
 
-# Build upstream SQLite because Debian sid can lag the latest SQLite security fixes
-RUN cd /tmp && \
+# For .deb builds: use system dev packages instead of building from source.
+# This ensures the binary links against system SONAMEs so that libuv, libsqlite3,
+# and libllhttp can be proper package dependencies instead of bundled libraries.
+RUN if [ "$DEB_BUILD" = "true" ]; then \
+      apt-get update && apt-get install -y --no-install-recommends \
+        libuv1-dev libsqlite3-dev libllhttp-dev && \
+      rm -rf /var/lib/apt/lists/* && \
+      ARCH=$(uname -m) && \
+      case $ARCH in \
+          x86_64) LIBDIR="/usr/lib/x86_64-linux-gnu" ;; \
+          aarch64) LIBDIR="/usr/lib/aarch64-linux-gnu" ;; \
+          armv7l) LIBDIR="/usr/lib/arm-linux-gnueabihf" ;; \
+          *) echo "Unsupported architecture: $ARCH"; exit 1 ;; \
+      esac && \
+      cp -a ${LIBDIR}/libuv.so* /usr/lib/ && \
+      cp -a ${LIBDIR}/libsqlite3.so* /usr/lib/ && \
+      cp -a ${LIBDIR}/libllhttp.so* /usr/lib/; \
+    fi
+
+# Build upstream SQLite (skipped for .deb builds which use system libsqlite3)
+RUN if [ "$DEB_BUILD" != "true" ]; then \
+    cd /tmp && \
     wget -q "https://www.sqlite.org/${SQLITE_YEAR}/sqlite-autoconf-${SQLITE_AUTOCONF_VERSION}.tar.gz" && \
     tar -xzf "sqlite-autoconf-${SQLITE_AUTOCONF_VERSION}.tar.gz" && \
     cd "sqlite-autoconf-${SQLITE_AUTOCONF_VERSION}" && \
     ./configure --prefix=/usr --disable-static && \
     make -j"$(nproc)" && \
     make install && \
-    sqlite3 --version
+    sqlite3 --version; \
+    fi
 
-# Build upstream libuv because distro packages can lag the latest stable release
-RUN cd /tmp && \
+# Build upstream libuv (skipped for .deb builds which use system libuv)
+RUN if [ "$DEB_BUILD" != "true" ]; then \
+    cd /tmp && \
     wget -q "https://github.com/libuv/libuv/archive/refs/tags/v${LIBUV_VERSION}.tar.gz" -O libuv.tar.gz && \
     tar -xzf libuv.tar.gz && \
     cd "libuv-${LIBUV_VERSION}" && \
@@ -65,10 +89,12 @@ RUN cd /tmp && \
         *) echo "Unsupported architecture: $ARCH"; exit 1 ;; \
     esac && \
     cp -a "$LIBUV_DIR"/libuv.so* /usr/lib/ && \
-    pkg-config --modversion libuv
+    pkg-config --modversion libuv; \
+    fi
 
-# Build upstream llhttp so container builds use the latest parser without relying on distro lag
-RUN mkdir -p /tmp/llhttp/include /tmp/llhttp/src /usr/include && \
+# Build upstream llhttp (skipped for .deb builds which use system libllhttp)
+RUN if [ "$DEB_BUILD" != "true" ]; then \
+    mkdir -p /tmp/llhttp/include /tmp/llhttp/src /usr/include && \
     wget -q "https://raw.githubusercontent.com/nodejs/llhttp/release/include/llhttp.h" -O /tmp/llhttp/include/llhttp.h && \
     wget -q "https://raw.githubusercontent.com/nodejs/llhttp/release/src/llhttp.c" -O /tmp/llhttp/src/llhttp.c && \
     wget -q "https://raw.githubusercontent.com/nodejs/llhttp/release/src/api.c" -O /tmp/llhttp/src/api.c && \
@@ -81,7 +107,8 @@ RUN mkdir -p /tmp/llhttp/include /tmp/llhttp/src /usr/include && \
     ln -sf /usr/lib/libllhttp.so.${LLHTTP_VERSION} /usr/lib/libllhttp.so && \
     install -m 644 /tmp/llhttp/include/llhttp.h /usr/include/llhttp.h && \
     printf 'prefix=/usr\nexec_prefix=${prefix}\nlibdir=${prefix}/lib\nincludedir=${prefix}/include\n\nName: libllhttp\nDescription: llhttp parser\nVersion: %s\nLibs: -L${libdir} -lllhttp\nCflags: -I${includedir}\n' "$LLHTTP_VERSION" > /usr/lib/pkgconfig/libllhttp.pc && \
-    pkg-config --modversion libllhttp
+    pkg-config --modversion libllhttp; \
+    fi
 
 # Fetch external dependencies
 RUN mkdir -p /opt/external && \