Re: ugene hardening ok

To: debian-med@lists.debian.org
Subject: Re: ugene hardening ok
From: Andreas Tille <andreas@an3as.eu>
Date: Sat, 30 Nov 2013 23:11:01 +0100
Message-id: <[🔎] 20131130221101.GB29217@an3as.eu>
In-reply-to: <[🔎] CAEwx8oTpoL5eqkBv74mQriusYbn=aAMNgLGWmhER-cK7=fgkNg@mail.gmail.com>
References: <[🔎] CAEwx8oTpoL5eqkBv74mQriusYbn=aAMNgLGWmhER-cK7=fgkNg@mail.gmail.com>

Hi Olivier,

On Sat, Nov 30, 2013 at 01:04:34PM +0100, olivier sallou wrote:
> Hi Andreas,
> I have just commited to SVN my updates to ugene to manage hardening.
> All warnings are gone and I tested the package.

Great.

> I also made a few updates to follow DEP3 on patches.

+1

> One Information message about hardening remains, but I suspect it to be a
> false positive. Indeed, looking at Makefile and compilation, compilation
> flags are correctly set to manage this, but it is still shown as if not
> managed:
> 
> I: ugene: hardening-no-fortify-functions
> usr/lib/ugene/plugins/libopencl_support.so

As far as I know some false positives are happening.

> Besides binary spelling error, here are remaining lintian messages (were
> already present):
> 
> W: ugene-dbg: empty-binary-package
> Indeed, nothing is installed in this package. I don't if you simply had not
> yet managed this package (focusing on the binary)

I'm personally not convinced that we would really need a *-dbg package
for Ugine and I'd be tempted to just drop it.

> W: ugene: binary-without-manpage usr/bin/ugene
> 
> There are 2 post treatment files (.debhelper) automatically generated by
> dh_mkshlibs (and removed at cleanup step):
> 
> W: ugene: postinst-has-useless-call-to-ldconfig
> W: ugene: postrm-has-useless-call-to-ldconfig
> 
> As this is automatically added by debhelper (but not useful here), I
> suggest to add a lintian override for this.

I'm not fully sure about this one because it might be a sign that
something is not wrong with the libraries and debhelper does a wrong job
to some extend - but I'm not sure about this.  So I would only hide this
potential problem with an override if we can be sure, that everything is
OK.  Otherwise I'd rather upload including the lintian warnings to leave
this as visible todo item for future uploads.

> Seems this is not useful anymore:
> I: ugene: unused-override embedded-library
> usr/lib64/ugene/libugenedb.so.1.0.0: sqlite

Yep - I excluded sqlite in one patch - so the override can go.

I'd say upload to unstable to make the package more visible to more
users.

Kind regards

       Andreas.

-- 
http://fam-tille.de

Reply to:

References:
- ugene hardening ok
  - From: olivier sallou <olivier.sallou@gmail.com>

Prev by Date: Re: Demande pour rejoindre le projet Debian Med de la part de Daniel Barker (dbarker-guest)
Previous by thread: ugene hardening ok
Index(es):
- Date
- Thread