Hi Alex, On 7/4/21 10:31 AM, Flu0r1ne wrote: > Hi Nilesh, > > > On 7/3/21 6:39 AM, Nilesh Patra wrote: >> Hi Alex, >> >> On 03/07/21 03:30 AM, Flu0r1ne wrote: >>> Hi, >>> >>> >>> I am in the process of packaging Nebula, a popular networking overlay. >>> The binaries seem to build. Yet, two of the tests fail. I wanted to have >>> someone double check my methodology since I'm still a novice when it >>> comes to packaging. If you think it's a problem for the upstream, I'll >>> submit an issue. >>> >>> >>> I encounter an issue with two failing tests: >>> TestMarshalingNebulaCertificate and Test_ca. These rely on the >>> "marshaling" functionality in Google's protobuf library. These tests >>> pass outside debuild so I'm guessing it's based on the version of some >>> library. >> I found out the reason -- this is basically due to incompatible >> versions. >> First off, you also need a B-D on golang-goprotobuf-dev - the >> corresponding import path for the same is also mentioned in nebula's >> go.mod (github.com/golang/protobuf v1.5.0) >> >> as you might notice, the version there mentioned is "1.5.0", and the >> version in the archive (unstable) is "1.3.4-2". >> However, the version in experimental is "1.4.3-1~exp1" >> >> When I try to build with the package in experimental, build goes just >> fine! \o/ > > Indeed! I'm glad you were able to figure this out. I was able to build > > it on my host system after applying the patch. I am unsure how this > > package is auto discovered. mk-build-deps failed to pick up on the > > new version. I had to explicitly install it with apt, specifying the target > > release. It also prevents be from building in a chroot. > > > I'm calling it as follows: > > sbuild -s -d unstable \ > > --extra-repository='deb http://ftp.us.debian.org/debian experimental > main' \ > > --extra-package=path_to_golang-github-nbrownus-go-metrics-prometheus_all.deb > \ > > --extra-package=path_to_golang-github-flynn-noise_all.deb I think you also need a build-dep-resolver For me, this works: sbuild -j5 -d unstable --source-only-changes --no-clean-source --run-lintian --lintian-opts='--color always --display-info --display-experimental --pedantic' --extra-package=/path/to/golang-github-nbrownus-go-metrics-prometheus-dev_0.0\~git20210317.6474303-1_all.deb --extra-package=/path/to/flynn/golang-github-flynn-noise-dev_1.0.0-1_all.deb --extra-repository='deb http://ftp.us.debian.org/debian experimental main' --build-dep-resolver=aptitude > > > I made some improvements: I added a systemd unit to nebula to mange the > > daemon. I also copied the example configuration file to /etc/nebula for ease > > of use. This is the de-facto way most people use the tool. Very cool! > > > There are still a couple Lintian issues I can't nail down. First, debuild > > emits hardening warnings for all the binaries in Nebula: > > - nebula: hardening-no-pie usr/bin/nebula > > - nebula: hardening-no-relro usr/bin/nebula Right, that's likely probably because you have hard-coded golang-1.16 in d/control. That's kind of very fragile since this would break at some point in time. I told Peymaneh about it in this email[2] and replacing it by golang any fixed it for them, see here[3] But here the problem is that nebula does not build with golang-any (or effectively golang-1.15) hence we might have to wait for bullseye release and then for 1.16 to become default. OR Could you instead package version 1.3.0 for nebula with golang-any as B-D? If that fixed it, we'll upload 1.3.0 for now, and we'll simply upgrade to latest when the above issues are fixed -- what say? > > I've added the "hardening=+all" flag to DEB_BUILD_MAINT_OPTIONS. > > I would like to enable all the hardening features if possible since Nebula > > is network facing. Is there a specific method to enable binary > > hardening features for go or dh-golang? My reply above should cover this point > > It also complains that no manual pages are included. Although, the > project hasn't > > produced any to my knowledge. If nebula supports -h/--help option, you might want to create maintainer manual pacges via help2man and forward that upstream. This handy script might help you[3] >> Oh, there is one more -- it also Build-Depends on >> "golang-github-skip2-go-qrcode-dev" >> that's not in the archive yet, please consider to package this too > > My understanding is that the go-qrcode [1] package in sid provides this > functionality. > > I added it to the control file. Thanks! >> >> I have a few reviews on these. First off, there's just one "main" >> branch. This goes against the way go team packages should be >> maintained. >> >> There's a debian/sid branch, along with an upstream branch. It also >> seems like you used dh-make for nebula, please consider to use >> dh-make-golang. > > I recreated all the repositories with dh-make-golang. The version of > > the tool in unstable automatically setup these branches. Given that > > they are completely new git repos (although I kept the paths the same), > you'll > > probably want to clone them again. I will grant you push access to the team after a few more reviews so they are at a central place >>> You'll receive a few Lintian errors that won't effect the build process. >>> Lintian wants to: >>> >>> (1) Shorten golang-github-nbrownus-go-metrics-prometheus (I'm following >>> the naming scheme. Let me know if i should rename it.) >> I think we can simply ignore this warning as you might see on the >> corresponding lintian report page here[1], there are several golang packages >> with that warning >> The naming scheme is correct, and that's fine. > > I agree. I repackaged it with the '-go' part. I think this will make it > easier to > > find since it will match the upstream. > >>> (2) I'll submit ITPs once I can build Nebula >> Cool, I'll be happy to sponsor you uploads, if you need :-) > That would be great! > > >> sbuild will help you do that easily, please set this up if you haven't >> already. You can find the details here[2] > > I built both of the dependencies using sbuild. I'll build Nebula > > when I can figure out the package discovery issue above. Hopefully my reply to the command usage helps you [1]: https://lists.debian.org/debian-go/2021/06/msg00087.html [2]: https://lists.debian.org/debian-go/2021/06/msg00088.html [3]: https://salsa.debian.org/med-team/community/helper-scripts/-/blob/master/createmanpages Nilesh
Attachment:
signature.asc
Description: OpenPGP digital signature