Skip to content

Commit c05f477

Browse files
matteiusclaude
andcommitted
Stop bundling system libraries in .deb, declare as dependencies instead (fixes #387)
The .deb package was incorrectly bundling libuv, libllhttp, and libsqlite3 inside /usr/lib/lightnvr/. These are standard system libraries and should be package dependencies. The binary was also linked against wrong SONAMEs (e.g. libsqlite3.so instead of libsqlite3.so.0) because all three were built from source with custom SONAME settings. Dockerfile: add DEB_BUILD arg that installs system -dev packages (libuv1-dev, libsqlite3-dev, libllhttp-dev) instead of building from source, so the binary links against correct system SONAMEs. Default Docker image builds are unchanged. debian-package.yml: pass DEB_BUILD=true, only bundle libsod (no system package available), add libuv1t64, libsqlite3-0, and suite-specific libllhttp to Depends. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 27844db commit c05f477

2 files changed

Lines changed: 47 additions & 30 deletions

File tree

.github/workflows/debian-package.yml

Lines changed: 11 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ jobs:
7575
tags: lightnvr-pkg:local
7676
build-args: |
7777
DEBIAN_SUITE=${{ matrix.debian_suite }}
78+
DEB_BUILD=true
7879
7980
- name: Extract files and create .deb package
8081
run: |
@@ -105,17 +106,15 @@ jobs:
105106
docker cp "${CID}:/bin/lightnvr" "${PKG_DIR}/usr/bin/lightnvr"
106107
docker cp "${CID}:/bin/go2rtc" "${PKG_DIR}/usr/bin/go2rtc"
107108
108-
# Custom-built libraries (bundle to guarantee ABI compatibility)
109-
# Use docker cp to extract /usr/lib into a temp dir, then pick
110-
# out only the bundled libraries we need. This replaces the
111-
# fragile "docker export | tar --wildcards" approach which broke
112-
# when Docker/BuildKit changed the tar path prefix format.
109+
# Bundle only libsod (not available as a system package).
110+
# libuv, libllhttp, and libsqlite3 are declared as package
111+
# dependencies and provided by the system at runtime.
113112
mkdir -p /tmp/lightnvr_libs
114113
docker cp "${CID}:/usr/lib/." /tmp/lightnvr_libs/
115114
echo "=== Bundled library candidates ==="
116-
ls -la /tmp/lightnvr_libs/lib{uv,llhttp,sqlite3,sod}* 2>/dev/null || true
115+
ls -la /tmp/lightnvr_libs/libsod* 2>/dev/null || true
117116
118-
for expected_lib in libuv libllhttp libsqlite3 libsod; do
117+
for expected_lib in libsod; do
119118
found=0
120119
for f in /tmp/lightnvr_libs/${expected_lib}.so*; do
121120
# Only install real files, not symlinks (we recreate symlinks below)
@@ -133,21 +132,10 @@ jobs:
133132
done
134133
rm -rf /tmp/lightnvr_libs
135134
136-
# Recreate soname symlink chains inside the package directory
135+
# Recreate soname symlink chains for libsod inside the package directory
137136
# (Docker COPY dereferences symlinks, so we must recreate them)
138137
(cd "${PKG_DIR}/usr/lib/lightnvr" && \
139-
[ -f libsod.so.1.1.9 ] && ln -sf libsod.so.1.1.9 libsod.so.1 && ln -sf libsod.so.1 libsod.so || true; \
140-
[ -f libuv.so.1.0.0 ] && ln -sf libuv.so.1.0.0 libuv.so.1 && ln -sf libuv.so.1 libuv.so || true; \
141-
[ -f libllhttp.so.9.3.1 ] && ln -sf libllhttp.so.9.3.1 libllhttp.so.9 && ln -sf libllhttp.so.9 libllhttp.so || true)
142-
143-
# Find and symlink sqlite3 if extracted
144-
SQLITE_FILE=$(find "${PKG_DIR}/usr/lib/lightnvr" -name 'libsqlite3.so.*' ! -type l | head -1)
145-
if [ -n "${SQLITE_FILE}" ]; then
146-
BASE=$(basename "${SQLITE_FILE}")
147-
(cd "${PKG_DIR}/usr/lib/lightnvr" && \
148-
ln -sf "${BASE}" libsqlite3.so.0 2>/dev/null || true && \
149-
ln -sf libsqlite3.so.0 libsqlite3.so 2>/dev/null || true)
150-
fi
138+
[ -f libsod.so.1.1.9 ] && ln -sf libsod.so.1.1.9 libsod.so.1 && ln -sf libsod.so.1 libsod.so || true)
151139
152140
# Web assets and migrations from the Docker image
153141
docker cp "${CID}:/var/lib/lightnvr/www/." "${PKG_DIR}/var/lib/lightnvr/www/"
@@ -221,10 +209,12 @@ jobs:
221209
case "${DEBIAN_SUITE}" in
222210
sid)
223211
FFMPEG_DEPS="libavcodec62 | libavcodec-extra, libavformat62, libavutil60, libswscale9"
212+
LLHTTP_DEP="libllhttp9.3"
224213
SUITE_NOTE="Note: This package targets Debian sid (unstable)."
225214
;;
226215
trixie)
227216
FFMPEG_DEPS="libavcodec61 | libavcodec-extra, libavformat61, libavutil59, libswscale8"
217+
LLHTTP_DEP="libllhttp9.2"
228218
SUITE_NOTE="Note: This package targets Debian 13 trixie (stable)."
229219
;;
230220
*)
@@ -241,7 +231,7 @@ jobs:
241231
Architecture: ${DEB_ARCH}
242232
Maintainer: OpenSensor <support@opensensor.io>
243233
Installed-Size: ${INSTALLED_SIZE}
244-
Depends: ffmpeg, ${FFMPEG_DEPS}, libcurl4t64 | libcurl4, libmbedtls21, libmosquitto1, libcjson1, procps
234+
Depends: ffmpeg, ${FFMPEG_DEPS}, libuv1t64, libsqlite3-0, ${LLHTTP_DEP}, libcurl4t64 | libcurl4, libmbedtls21, libmosquitto1, libcjson1, procps
245235
Section: net
246236
Priority: optional
247237
Homepage: https://github.com/opensensor/lightNVR

Dockerfile

Lines changed: 36 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ ARG SQLITE_YEAR=2026
44
ARG SQLITE_AUTOCONF_VERSION=3520000
55
ARG LIBUV_VERSION=1.52.1
66
ARG LLHTTP_VERSION=9.3.1
7+
ARG DEB_BUILD=false
78

89
FROM debian:${DEBIAN_SUITE}-slim AS builder
910

@@ -12,6 +13,7 @@ ARG SQLITE_YEAR
1213
ARG SQLITE_AUTOCONF_VERSION
1314
ARG LIBUV_VERSION
1415
ARG LLHTTP_VERSION
16+
ARG DEB_BUILD
1517

1618
# Set non-interactive mode
1719
ENV DEBIAN_FRONTEND=noninteractive
@@ -39,18 +41,40 @@ RUN apt-get update && \
3941
go version && \
4042
rm -rf /var/lib/apt/lists/*
4143

42-
# Build upstream SQLite because Debian sid can lag the latest SQLite security fixes
43-
RUN cd /tmp && \
44+
# For .deb builds: use system dev packages instead of building from source.
45+
# This ensures the binary links against system SONAMEs so that libuv, libsqlite3,
46+
# and libllhttp can be proper package dependencies instead of bundled libraries.
47+
RUN if [ "$DEB_BUILD" = "true" ]; then \
48+
apt-get update && apt-get install -y --no-install-recommends \
49+
libuv1-dev libsqlite3-dev libllhttp-dev && \
50+
rm -rf /var/lib/apt/lists/* && \
51+
ARCH=$(uname -m) && \
52+
case $ARCH in \
53+
x86_64) LIBDIR="/usr/lib/x86_64-linux-gnu" ;; \
54+
aarch64) LIBDIR="/usr/lib/aarch64-linux-gnu" ;; \
55+
armv7l) LIBDIR="/usr/lib/arm-linux-gnueabihf" ;; \
56+
*) echo "Unsupported architecture: $ARCH"; exit 1 ;; \
57+
esac && \
58+
cp -a ${LIBDIR}/libuv.so* /usr/lib/ && \
59+
cp -a ${LIBDIR}/libsqlite3.so* /usr/lib/ && \
60+
cp -a ${LIBDIR}/libllhttp.so* /usr/lib/; \
61+
fi
62+
63+
# Build upstream SQLite (skipped for .deb builds which use system libsqlite3)
64+
RUN if [ "$DEB_BUILD" != "true" ]; then \
65+
cd /tmp && \
4466
wget -q "https://www.sqlite.org/${SQLITE_YEAR}/sqlite-autoconf-${SQLITE_AUTOCONF_VERSION}.tar.gz" && \
4567
tar -xzf "sqlite-autoconf-${SQLITE_AUTOCONF_VERSION}.tar.gz" && \
4668
cd "sqlite-autoconf-${SQLITE_AUTOCONF_VERSION}" && \
4769
./configure --prefix=/usr --disable-static && \
4870
make -j"$(nproc)" && \
4971
make install && \
50-
sqlite3 --version
72+
sqlite3 --version; \
73+
fi
5174

52-
# Build upstream libuv because distro packages can lag the latest stable release
53-
RUN cd /tmp && \
75+
# Build upstream libuv (skipped for .deb builds which use system libuv)
76+
RUN if [ "$DEB_BUILD" != "true" ]; then \
77+
cd /tmp && \
5478
wget -q "https://github.com/libuv/libuv/archive/refs/tags/v${LIBUV_VERSION}.tar.gz" -O libuv.tar.gz && \
5579
tar -xzf libuv.tar.gz && \
5680
cd "libuv-${LIBUV_VERSION}" && \
@@ -65,10 +89,12 @@ RUN cd /tmp && \
6589
*) echo "Unsupported architecture: $ARCH"; exit 1 ;; \
6690
esac && \
6791
cp -a "$LIBUV_DIR"/libuv.so* /usr/lib/ && \
68-
pkg-config --modversion libuv
92+
pkg-config --modversion libuv; \
93+
fi
6994

70-
# Build upstream llhttp so container builds use the latest parser without relying on distro lag
71-
RUN mkdir -p /tmp/llhttp/include /tmp/llhttp/src /usr/include && \
95+
# Build upstream llhttp (skipped for .deb builds which use system libllhttp)
96+
RUN if [ "$DEB_BUILD" != "true" ]; then \
97+
mkdir -p /tmp/llhttp/include /tmp/llhttp/src /usr/include && \
7298
wget -q "https://raw.githubusercontent.com/nodejs/llhttp/release/include/llhttp.h" -O /tmp/llhttp/include/llhttp.h && \
7399
wget -q "https://raw.githubusercontent.com/nodejs/llhttp/release/src/llhttp.c" -O /tmp/llhttp/src/llhttp.c && \
74100
wget -q "https://raw.githubusercontent.com/nodejs/llhttp/release/src/api.c" -O /tmp/llhttp/src/api.c && \
@@ -81,7 +107,8 @@ RUN mkdir -p /tmp/llhttp/include /tmp/llhttp/src /usr/include && \
81107
ln -sf /usr/lib/libllhttp.so.${LLHTTP_VERSION} /usr/lib/libllhttp.so && \
82108
install -m 644 /tmp/llhttp/include/llhttp.h /usr/include/llhttp.h && \
83109
printf 'prefix=/usr\nexec_prefix=${prefix}\nlibdir=${prefix}/lib\nincludedir=${prefix}/include\n\nName: libllhttp\nDescription: llhttp parser\nVersion: %s\nLibs: -L${libdir} -lllhttp\nCflags: -I${includedir}\n' "$LLHTTP_VERSION" > /usr/lib/pkgconfig/libllhttp.pc && \
84-
pkg-config --modversion libllhttp
110+
pkg-config --modversion libllhttp; \
111+
fi
85112

86113
# Fetch external dependencies
87114
RUN mkdir -p /opt/external && \

0 commit comments

Comments
 (0)