Re: Errors Packaging Nebula

To: Nilesh Patra <nilesh@debian.org>
Cc: debian-go@lists.debian.org
Subject: Re: Errors Packaging Nebula
From: Flu0r1ne <flu0r1ne@flu0r1ne.net>
Date: Sun, 04 Jul 2021 05:01:51 +0000
Message-id: <[🔎] f0a97a9c-2ff6-050f-822d-91d6d337c0d6@flu0r1ne.net>
Reply-to: Flu0r1ne <flu0r1ne@flu0r1ne.net>
In-reply-to: <[🔎] YOBMV3cFLJ0TGg73@debian>
References: <[🔎] 12591747-2a78-1692-0a7f-6c1e41730408@flu0r1ne.net> <[🔎] YOBMV3cFLJ0TGg73@debian>

Hi Nilesh,

On 7/3/21 6:39 AM, Nilesh Patra wrote:
> Hi Alex,
>
> On 03/07/21 03:30 AM, Flu0r1ne wrote:
>> Hi,
>>
>>
>> I am in the process of packaging Nebula, a popular networking overlay.
>> The binaries seem to build. Yet, two of the tests fail. I wanted to have
>> someone double check my methodology since I'm still a novice when it
>> comes to packaging. If you think it's a problem for the upstream, I'll
>> submit an issue.
>>
>>
>> I encounter an issue with two failing tests:
>> TestMarshalingNebulaCertificate and Test_ca. These rely on the
>> "marshaling" functionality in Google's protobuf library. These tests
>> pass outside debuild so I'm guessing it's based on the version of some
>> library.
> I found out the reason -- this is basically due to incompatible
> versions.
> First off, you also need a B-D on golang-goprotobuf-dev - the
> corresponding import path for the same is also mentioned in nebula's
> go.mod (github.com/golang/protobuf v1.5.0)
>
> as you might notice, the version there mentioned is "1.5.0", and the
> version in the archive (unstable) is "1.3.4-2".
> However, the version in experimental is "1.4.3-1~exp1"
>
> When I try to build with the package in experimental, build goes just
> fine! \o/

Indeed! I'm glad you were able to figure this out. I was able to build

it on my host system after applying the patch. I am unsure how this

package is auto discovered. mk-build-deps failed to pick up on the

new version. I had to explicitly install it with apt, specifying the target

release. It also prevents be from building in a chroot.

I'm calling it as follows:

sbuild -s -d unstable \

   --extra-repository='deb http://ftp.us.debian.org/debian experimental
main' \

--extra-package=path_to_golang-github-nbrownus-go-metrics-prometheus_all.deb
\

   --extra-package=path_to_golang-github-flynn-noise_all.deb

I made some improvements: I added a systemd unit to nebula to mange the

daemon. I also copied the example configuration file to /etc/nebula for ease

of use. This is the de-facto way most people use the tool.

There are still a couple Lintian issues I can't nail down. First, debuild

emits hardening warnings for all the binaries in Nebula:

- nebula: hardening-no-pie usr/bin/nebula

- nebula: hardening-no-relro usr/bin/nebula

I've added the "hardening=+all" flag to DEB_BUILD_MAINT_OPTIONS.

I would like to enable all the hardening features if possible since Nebula

is network facing. Is there a specific method to enable binary

hardening features for go or dh-golang?

It also complains that no manual pages are included. Although, the
project hasn't

produced any to my knowledge.

> Oh, there is one more -- it also Build-Depends on
> "golang-github-skip2-go-qrcode-dev"
> that's not in the archive yet, please consider to package this too

My understanding is that the go-qrcode [1] package in sid provides this
functionality.

I added it to the control file.

>
> I have a few reviews on these. First off, there's just one "main"
> branch. This goes against the way go team packages should be
> maintained.
>
> There's a debian/sid branch, along with an upstream branch. It also
> seems like you used dh-make for nebula, please consider to use
> dh-make-golang.

I recreated all the repositories with dh-make-golang. The version of

the tool in unstable automatically setup these branches. Given that

they are completely new git repos (although I kept the paths the same),
you'll

probably want to clone them again.

>> You'll receive a few Lintian errors that won't effect the build process.
>> Lintian wants to:
>>
>> (1) Shorten golang-github-nbrownus-go-metrics-prometheus (I'm following
>> the naming scheme. Let me know if i should rename it.)
> I think we can simply ignore this warning as you might see on the
> corresponding lintian report page here[1], there are several golang packages
> with that warning
> The naming scheme is correct, and that's fine.

I agree. I repackaged it with the '-go' part. I think this will make it
easier to

find since it will match the upstream.

>> (2) I'll submit ITPs once I can build Nebula
> Cool, I'll be happy to sponsor you uploads, if you need :-)
That would be great!

> sbuild will help you do that easily, please set this up if you haven't
> already. You can find the details here[2]

I built both of the dependencies using sbuild. I'll build Nebula

when I can figure out the package discovery issue above.

Best,

Alex

[1]: https://packages.debian.org/us/sid/devel/go-qrcode
<https://packages.debian.org/us/sid/devel/go-qrcode>

Reply to:

Follow-Ups:
- Re: Errors Packaging Nebula
  - From: Nilesh Patra <nilesh@nileshpatra.info>

References:
- Errors Packaging Nebula
  - From: Flu0r1ne <flu0r1ne@flu0r1ne.net>
- Re: Errors Packaging Nebula
  - From: Nilesh Patra <nilesh@debian.org>

Prev by Date: Re: Errors Packaging Nebula, length of package name
Next by Date: Re: Errors Packaging Nebula
Previous by thread: Re: Errors Packaging Nebula
Next by thread: Re: Errors Packaging Nebula
Index(es):
- Date
- Thread