Fixes#225
The issue comes from the logic that aims at removing the packages that were
needed to build `haproxy` but which are not needed at runtime anymore.
```bash
find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
```
The `ldd` looks for the libraries that `haproxy` depends on, among which, `libc.so.6`.
The `awk` command reformats the output of `ldd` and produces, among other libraries:
```
lib/x86_64-linux-gnu/libc.so.6
```
Those files are then passed to `dpkg-query` to find their owning package.
And this is where the issue is coming from:
```
root@f6106d13cb42:/# dpkg-query --search lib/x86_64-linux-gnu/libc.so.6
libc6-dev:amd64: /usr/share/gdb/auto-load/lib/x86_64-linux-gnu/libc.so.6-gdb.py
libc6:amd64: /lib/x86_64-linux-gnu/libc.so.6
```
The issue is that the library we are interested in happens to also be a substring
of a GDB pretty-printing script that is obviously not needed at runtime by `haproxy`.
Without this package, '/etc/ssl/certs' is either empty or incomplete, and
so does the @system-ca variable within haproxy.
This results in some haproxy client ssl features not working out of the
box. For instance, using httpclient with https endpoints will not work
with default config since ssl verify is on by default.
See PR #216.
Co-authored-by: Tianon Gravi <admwiggin@gmail.com>
