Re: Any progress with FIS GT.M?

To: Yaroslav Halchenko <debian@onerussian.com>
Cc: Andreas Tille <andreas@an3as.eu>, Amul Shah <amul.shah@fisglobal.com>, Brad King <brad.king@kitware.com>, "Bhaskar, K.S" <ks.bhaskar@fisglobal.com>, debian-med@lists.debian.org
Subject: Re: Any progress with FIS GT.M?
From: Luis Ibanez <luis.ibanez@kitware.com>
Date: Fri, 29 Jun 2012 18:17:55 -0400
Message-id: <[🔎] CABAUzPoa3y8=Of5bJrv7TfiHG69K0phrJdKoqzCoQO=aUfYH7w@mail.gmail.com>
In-reply-to: <[🔎] 20120629140719.GQ5786@onerussian.com>
References: <[🔎] 4FE1E04E.2080009@fisglobal.com> <[🔎] CABAUzPoM8XCMGcZeUzoMWe0uzzbwpSjg0Zit_y-i2zygYZ=XOA@mail.gmail.com> <[🔎] 20120626143344.GP5786@onerussian.com> <[🔎] 4FE9CC81.2050803@fisglobal.com> <[🔎] 4FEB5F18.1000702@fisglobal.com> <[🔎] 20120627194207.GR5786@onerussian.com> <[🔎] CABAUzPp+1-wL0Dvc8NABg_o+Xs7Xj7Hiy7CJf9uR5xNP6-E9HA@mail.gmail.com> <[🔎] CABAUzPqSPDe6TpggJCp5EnC4pETxGdZn0bqfzN=cwbkCadiSDQ@mail.gmail.com> <[🔎] 20120629091916.GB4248@an3as.eu> <[🔎] CABAUzPoe57D7DdkayHggs0q7-KvOZvH8UoDm1uVkXWPwoABaJg@mail.gmail.com> <[🔎] 20120629140719.GQ5786@onerussian.com>

Hi Yaroslav,

------------------
On Fri, Jun 29, 2012 at 10:07 AM, Yaroslav Halchenko
<debian@onerussian.com> wrote:
> Hi Luis,
>
> Great to hear that we are almost there.  Next step actually would be to
> make sure it builds "correct" binary packages in a clean
> environment (e.g. using pbuilder or cowbuilder).  Last time I have tried
> (22nd of June), and that was the same 5.5-000+git104-g4077ab8 the
> resultant .deb's were lacking executable permissions on all binaries...
> we also need assure suid root on
> ./usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshr and chmod 700
> ./usr/lib/fis-gtm/V5.5-000_x86_64/gtmsecshrdir to match upstream's
> "fortification" effort.
>

I just double checked in my recent build, and yes, we still
need to address the (a) gtmsecshr and (b) gtmsecshrdir  suid    :-/

I need to track on whether this is something that must be done
with CMake or something to be done with the gtminstall script.


> using pbuilder  or cowbuilder is plain easy when you have .dsc source
> package already... pretty much in simplest case:
>
> cowbuilder --create         # to be done once to create clean env
> cowbuilder --build bla.dsc  # to build source package into binaries
>

I haven't used cowbuilder,
but I'll give it a shot tomorrow,
following your instructions.

> also change back to debian/compat 9 (am I repeating myself? ;) so I just
> did it ;-) ) to get advantage of security fortification compile
> flags out of the box
>

That's my bad....

When I run it in my VM, I get an error about "9",
which probably means that my VM is not up to
date enough...

I'll avoid committing changes to this number. Sorry.


      Luis

Reply to:

Follow-Ups:
- Re: Any progress with FIS GT.M?
  - From: Andreas Tille <andreas@an3as.eu>

References:
- Re: Any progress with FIS GT.M?
  - From: Amul Shah <amul.shah@fisglobal.com>
- Re: Any progress with FIS GT.M?
  - From: Luis Ibanez <luis.ibanez@kitware.com>
- Re: Any progress with FIS GT.M?
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: Any progress with FIS GT.M?
  - From: Amul Shah <amul.shah@fisglobal.com>
- Re: Any progress with FIS GT.M?
  - From: Amul Shah <amul.shah@fisglobal.com>
- Re: Any progress with FIS GT.M?
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: Any progress with FIS GT.M?
  - From: Luis Ibanez <luis.ibanez@kitware.com>
- Re: Any progress with FIS GT.M?
  - From: Luis Ibanez <luis.ibanez@kitware.com>
- Re: Any progress with FIS GT.M?
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Any progress with FIS GT.M?
  - From: Luis Ibanez <luis.ibanez@kitware.com>
- Re: Any progress with FIS GT.M?
  - From: Yaroslav Halchenko <debian@onerussian.com>

Prev by Date: Re: [Debian-med-packaging] Packaging by students
Next by Date: Re: Any progress with FIS GT.M?
Previous by thread: Re: Any progress with FIS GT.M?
Next by thread: Re: Any progress with FIS GT.M?
Index(es):
- Date
- Thread