Arvados

build/package-testing/common-test-packages.sh has this code to check that packages declare Depends for libraries needed by their .so files:

while read so && [ -n "$so" ]; do
    if ldd "$so" | grep "not found" ; then
        echo "^^^ Missing while scanning $so ^^^" 
        FAIL=1
    fi
done <<EOF
$(find -name '*.so')
EOF

Because this code checks against currently installed packages, it's prone to false positives:

• It will pass if the library happens to be installed in the package test Docker image, e.g., because it's a dependency of Ruby or some other runtime dependency we preinstall.
• It will pass if the library is pulled in as a transitive dependency of Depends, but this can lead to other installation paths that fail-see #21774 for an example.

Write a more correct test:

• Get the list of .so files from the package, and find their dependencies with ldd (basically the same as now).
• Exclude libraries that packages are allowed to assume are installed under packaging policy (at least libc, maybe others).
• Get a list of all files that are installed by packages that the tested package Depends on.
• If any dependency libraries are not found in the list of installed files, report it and fail.

It probably makes sense to write this in a language with better data structures than shell.

This is expected to fail with our current package dependencies. Refine our current dependencies as needed so it's passing.

Remove the near-duplicate tests in deb-common-test-packages.sh and rpm-common-test-packages.sh, which basically just add debug information to the existing test. The new test should be rich enough that that's no longer necessary.