Re: Errors Packaging Nebula
Hi Nilesh,
On 7/3/21 6:39 AM, Nilesh Patra wrote:
> Hi Alex,
>
> On 03/07/21 03:30 AM, Flu0r1ne wrote:
>> Hi,
>>
>>
>> I am in the process of packaging Nebula, a popular networking overlay.
>> The binaries seem to build. Yet, two of the tests fail. I wanted to have
>> someone double check my methodology since I'm still a novice when it
>> comes to packaging. If you think it's a problem for the upstream, I'll
>> submit an issue.
>>
>>
>> I encounter an issue with two failing tests:
>> TestMarshalingNebulaCertificate and Test_ca. These rely on the
>> "marshaling" functionality in Google's protobuf library. These tests
>> pass outside debuild so I'm guessing it's based on the version of some
>> library.
> I found out the reason -- this is basically due to incompatible
> versions.
> First off, you also need a B-D on golang-goprotobuf-dev - the
> corresponding import path for the same is also mentioned in nebula's
> go.mod (github.com/golang/protobuf v1.5.0)
>
> as you might notice, the version there mentioned is "1.5.0", and the
> version in the archive (unstable) is "1.3.4-2".
> However, the version in experimental is "1.4.3-1~exp1"
>
> When I try to build with the package in experimental, build goes just
> fine! \o/
Indeed! I'm glad you were able to figure this out. I was able to build
it on my host system after applying the patch. I am unsure how this
package is auto discovered. mk-build-deps failed to pick up on the
new version. I had to explicitly install it with apt, specifying the target
release. It also prevents be from building in a chroot.
I'm calling it as follows:
sbuild -s -d unstable \
--extra-repository='deb http://ftp.us.debian.org/debian experimental
main' \
--extra-package=path_to_golang-github-nbrownus-go-metrics-prometheus_all.deb
\
--extra-package=path_to_golang-github-flynn-noise_all.deb
I made some improvements: I added a systemd unit to nebula to mange the
daemon. I also copied the example configuration file to /etc/nebula for ease
of use. This is the de-facto way most people use the tool.
There are still a couple Lintian issues I can't nail down. First, debuild
emits hardening warnings for all the binaries in Nebula:
- nebula: hardening-no-pie usr/bin/nebula
- nebula: hardening-no-relro usr/bin/nebula
I've added the "hardening=+all" flag to DEB_BUILD_MAINT_OPTIONS.
I would like to enable all the hardening features if possible since Nebula
is network facing. Is there a specific method to enable binary
hardening features for go or dh-golang?
It also complains that no manual pages are included. Although, the
project hasn't
produced any to my knowledge.
> Oh, there is one more -- it also Build-Depends on
> "golang-github-skip2-go-qrcode-dev"
> that's not in the archive yet, please consider to package this too
My understanding is that the go-qrcode [1] package in sid provides this
functionality.
I added it to the control file.
>
> I have a few reviews on these. First off, there's just one "main"
> branch. This goes against the way go team packages should be
> maintained.
>
> There's a debian/sid branch, along with an upstream branch. It also
> seems like you used dh-make for nebula, please consider to use
> dh-make-golang.
I recreated all the repositories with dh-make-golang. The version of
the tool in unstable automatically setup these branches. Given that
they are completely new git repos (although I kept the paths the same),
you'll
probably want to clone them again.
>> You'll receive a few Lintian errors that won't effect the build process.
>> Lintian wants to:
>>
>> (1) Shorten golang-github-nbrownus-go-metrics-prometheus (I'm following
>> the naming scheme. Let me know if i should rename it.)
> I think we can simply ignore this warning as you might see on the
> corresponding lintian report page here[1], there are several golang packages
> with that warning
> The naming scheme is correct, and that's fine.
I agree. I repackaged it with the '-go' part. I think this will make it
easier to
find since it will match the upstream.
>> (2) I'll submit ITPs once I can build Nebula
> Cool, I'll be happy to sponsor you uploads, if you need :-)
That would be great!
> sbuild will help you do that easily, please set this up if you haven't
> already. You can find the details here[2]
I built both of the dependencies using sbuild. I'll build Nebula
when I can figure out the package discovery issue above.
Best,
Alex
[1]: https://packages.debian.org/us/sid/devel/go-qrcode
<https://packages.debian.org/us/sid/devel/go-qrcode>
Reply to: