Re: RFS: acsccid (New Upstream Release)
Dear Paul
Thank you for your review.
I filed #657110 on lintian to check for commented out Vcs-* fields
pointing at collab-maint (which is created by dh_make). Please
consider implementing a patch for it so that others don't make the
same mistake.
Done. I removed the comment.
You might want to run wrap-and-sort -s so diffs on debian/control are
more readable in future.
Done.
Why do you duplicate src/92_pcscd_acsccid.rules as
debian/libacsccid1.udev? I would suggest deleting
debian/libacsccid1.udev and just using the upstream file.
Done. I created a symbolic link to upstream file.
Upstream is hard-coding the path to libpcsclite.pc in configure.ac,
please ask them to stop doing that. AC_PREFIX_DEFAULT should not be
needed either.
Done. I have forwarded your suggestion to Development Team.
debian/watch doesn't need the blank line. I would also suggest using
[\d\.]+ instead of .*
Done.
debian/control misses a build-dep on perl. If perl leaves
build-essential then your package will FTBFS.
Done.
Please use --parallel when calling dh, otherwise you don't respect
part of Debian Policy 4.9.1.
Done.
The upstream README file contains installation info and
authors/copyright/license info, which is not useful for Debian users.
You might want to get upstream to split those out into README.install,
AUTHORS or similar.
Done. I have forwarded your suggestion to Development Team.
The src/openct directory is an embedded code copy. You should ask
upstream to remove it and build-depend on openct. If they are not
willing to do so, then you should do that for Debian. If that isn't
possible for whatever reason, please contact the security team and get
it added to the embedded code copies file:
http://wiki.debian.org/EmbeddedCodeCopies
It is not an embedded code copy. acsccid borrowed the internal code from
openct to do the smart card protocol (T1). According to the ChangeLog, the
source code had been modified.
Should ccid be removed from Debian? acsccid seems like a fork of it.
If it shouldn't be removed, please also get this documented by the
security team, they track forks too.
No.
How can I get this documented by the security team?
One warning from dpkg-shlibdeps:
dpkg-shlibdeps: warning:
debian/libacsccid1/usr/lib/pcsc/drivers/ifd-acsccid.bundle/Contents/Linux/libacsccid.so.1.0.3
contains an unresolvable reference to symbol log_xxd: it's probably a
plugin.
dpkg-shlibdeps: warning: 1 similar warning has been skipped (use -v to see
it).
log_xxd is a internal API provided by pcscd. Therefore, dpkg-shlibdeps
cannot find the function from other shared libraries.
lintian complaints:
X: libacsccid1: shlib-calls-exit
usr/lib/pcsc/drivers/ifd-acsccid.bundle/Contents/Linux/libacsccid.so.1.0.3
The exit function call is generated automatically by flex (tokenparser.l -->
tokenparser.c). It seems to be difficult to modify the code.
I have updated the package with the following change log. Please have a
look.
* New upstream release.
* Removed debian/patches/pcsc-lite-1_7_3.patch.
* Updated debian/copyright.
* Updated debian/libacsccid1.udev with a symbolic link to
src/92_pcscd_acsccid.rules.
* Removed comment starting with "Vcs-" and added perl to Build-Depends in
debian/control.
* Added --parallel option to dh in debian/rules.
* Removed a blank line and replaced ".*" with "[\d\.]+" in debian/watch.
Regards
Godfrey
Reply to: