[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[fis-gtm] "action needed" items

Hello,
FIS released GT.M V6.3-000 yesterday and I am in the process of updating the Debian package. Since I have the spare cycles, I want to address a few of the "action needed" items listed on https://tracker.debian.org/pkg/fis-gtm. I made some changes to address the uscan error and lintian warnings, but I have some questions about two other items. 

-- non-reproducible builds --
The link for this, https://tests.reproducible-builds.org/rb-pkg/testing/amd64/fis-gtm.html, is marked with a FTBFS for the second build. The problem with the second build seems to be a configuration problem on the build server. Notice the complaints (below) from PERL about LC_ALL. The recurring setlocale warnings seem to have caused problems for CMake resulting in a build failure. 
I: using fakeroot in build.
I: pbuilder: network access will be disabled during build
I: Current time: Mon May  1 02:34:11 GMT-14 2017
I: pbuilder-time-stamp: 1493555651
I: Building the build Environment
I: extracting base tarball [/var/cache/pbuilder/testing-reproducible-base.tgz]
I: copying local configuration
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = "fr_CH.UTF-8",
	LANG = "fr_CH.UTF-8"
     are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

See https://tests.reproducible-builds.org/logs/unstable/amd64/fis-gtm_6.2-002A-3.build2.log.gz for the full build log

Do I need to take any action to address the above?

Previously, when I looked at the non-reproducible build warnings, I saw a warning complaining about the following list of files:
  dsehelp.dat
  gdehelp.dat
  gtmhelp.dat
  lkehelp.dat
  mupiphelp.dat
The above files are FIS GT.M database files generated during the build. These databases hold the online help for FIS GT.M executables. Database files won't be the same due to time related information in the block headers. So I need to exclude these files from being checked.
I read https://wiki.debian.org/ReproducibleBuilds and https://reproducible-builds.org/docs to learn how to exclude these files from being checked, but could not find any mechanism. Most of the docs merely glorified the greatness* reproducible builds. Does anyone know a way to exclude these files? * I agree with it the principle, but I have an exception that I cannot work around. 


-- build log check warning --
The fis-gtm build was tagged with "W-compiler-flags-hidden". If I understood https://wiki.debian.org/Hardening#Notes_for_packages_using_CMake correctly, I should get dpkg-buildflags for free. Am I correct? 

The hardening options are in force.
shaha:~/debmed/fis-gtm> hardening-check /usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-000_x86_64/mumps /usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-000_x86_64/libgtmshr.so 
/usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-000_x86_64/mumps:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes
 Read-only relocations: yes
 Immediate binding: no, not found!
/usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-000_x86_64/libgtmshr.so:
 Position Independent Executable: no, regular shared library (ignored)
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!



On a second read of https://qa.debian.org/bls/bytag/W-compiler-flags-hidden.html, I think I understand the complaint better.

buildd log scanner tag W-compiler-flags-hidden

description
The package contains build commands which hide the real compiler flags (non-verbose builds). This prevents automatic checks for missing (hardening) flags. 

False positives are possible, especially when building in parallel. In this case this warning can be ignored.

The complaint is that the build flags are not present in the build log file. Would the fix be to build with VERBOSE=1?


Thanks in advance,
Amul

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
Reply to: