Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3

To: 683871@bugs.debian.org
Subject: Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3
From: Jakub Wilk <jwilk@debian.org>
Date: Sun, 5 Aug 2012 11:30:30 +0200
Message-id: <[🔎] 20120805093030.GA1510@jwilk.net>
Mail-followup-to: 683871@bugs.debian.org
Reply-to: Jakub Wilk <jwilk@debian.org>, 683871@bugs.debian.org
In-reply-to: <[🔎] CACZ=4fso45Whfp50M6ss3SjVS+iaeEhK9cfdsJt_nJLYZO4y1w@mail.gmail.com>
References: <[🔎] CACZ=4fso45Whfp50M6ss3SjVS+iaeEhK9cfdsJt_nJLYZO4y1w@mail.gmail.com>

* Jason Gerard DeRose <jderose@novacut.com>, 2012-08-04, 18:26:

 dget -x http://mentors.debian.net/debian/pool/main/p/pyskein/pyskein_0.7.1-1.dsc


Let me see:

Build-Depends: debhelper (>= 8.9),


Out of curiosity, why >= 8.9?

   python3 (>= 3.2),
   python3-dev (>= 3.2),


You don't need to build-depend on both, python3-dev would be enough. Shouldn't
that be python3-all-dev though?

Also, why 3.2? Upstream README says “you need Python 3.0 or later”.

X-Python-Version: 3.2


This is wrong, X-P-V is for 2.X versions only.

X-Python3-Version: 3.2


Shouldn't that be ">= 3.2"?

Depends: python3 (>= 3.2),


Don't hardcode the dependency, use ${python3:Depends} instead.

Description: PySkein implementation of Skein cryptographic hash algorithm


Maybe s/PySkein/Python/?

algorithm, one of the finalists in the NIST SHA-3 Competition.  While
originally based on the optimized version of the reference implementation by
Doug Whiting, PySkein is now feature complete and offers a pythonic interface,

Is the fact it was based on $something in the past really importantenough to put it in the package description?

all released as free software under the GNU General Public License.  Its
highlights are:

If it wasn't free software, it wouldn't be allowed in Debian. No need tomention that in the description.

Simple interface following the hash algorithms in the Python standard library
(like hashlib.sha1 or hashlib.sha256)
.
All features of the Skein specification (flexible digest sizes, MAC
generation, tree hashing, and various other arguments)
.
High performance through optimized C implementation (7.1 cycles/byte for
sequential hashing and 4.2 cycles/byte for tree hashing on two cores, measured
on an Athlon 64 X2)
.
Threefish, the tweakable block cipher used in Skein, available for encryption
and decryption on its own

This looks like an itemized lists, except that it doesn't have bullets.Looks odd to me.

You may want to get your descriptions reviewed bydebian-l10n-english@ldo.

The copyright file doesn't document license/copyright status ofdoc/_static/jquery.js. It also doesn't say say where the upstreamsources were obtained; see Policy §12.5.


debian/python3-skein.install is empty. Remove it.

Abstract: Documentation for PySkein in HTML form.

One of the features of doc-base is that you can have the same documentin multiple formats. Mentioning the format in the Abstract field seemsweird to me.

       for pyvers in $(shell py3versions -vr); do \


Missing “set -e”; see Policy §4.6.

               LC_ALL=en_US.UTF-8 python$$pyvers setup.py install \
                               --install-layout=deb \
                               --root $(CURDIR)/debian/python3-skein; \

IIRC “LC_ALL=en_US.UTF-8” is too work around issue 9561. This bug wasfixed in Python 3.2.3 RC 1, so you might want to just bump version inBuild-Depends and drop this work-around. Or you may want to use theC.UTF-8 locale, which is provided by libc-bin (>= 2.13-1).

       dh_auto_build

Uh, this looks wrong. dh_auto_* doesn't support building Python 3modules. In fact, I see this in the build log:


| Can't exec "pyversions": No such file or directory at /usr/share/perl5/Debian/Debhelper/Buildsystem/python_distutils.pm line 120.
| Use of uninitialized value $python_default in substitution (s///) at /usr/share/perl5/Debian/Debhelper/Buildsystem/python_distutils.pm line 121.
| Use of uninitialized value $python_default in substitution (s///) at /usr/share/perl5/Debian/Debhelper/Buildsystem/python_distutils.pm line 122.

The package will FTBFS once #683551 is fixed…

Lintian reports:

W: python3-skein-doc: embedded-javascript-library usr/share/doc/python3-skein-doc/html/_static/jquery.js
W: python3-skein-doc: embedded-javascript-library usr/share/doc/python3-skein-doc/html/_static/underscore.js

You may want to use dh_sphinxdoc to fix these.

Lintian also emits:

W: python3-skein: hardening-no-fortify-functions usr/lib/python3/dist-packages/_skein.cpython-32mu.so

blhc confirms it's a true positive:

CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fPIC -Isrc -I/usr/include/python3.2mu -c src/threefish.c -o build/temp.linux-i686-3.2/src/threefish.o
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fPIC -Isrc -I/usr/include/python3.2mu -c src/_skeinmodule.c -o build/temp.linux-i686-3.2/src/_skeinmodule.o

Last but not least, lintian also emits:

E: python3-skein: python-script-but-no-python-dep usr/bin/skeinsum

This is because /usr/bin/skeinsum has #!/usr/bin/python3.2 shebang, butthe package depends on python3, which of course doesn't guarantee that/usr/bin/python3.2 exists. You probably want to make this shebangunversioned.


--
Jakub Wilk

Reply to:

Follow-Ups:
- Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3
  - From: Jason Gerard DeRose <jderose@novacut.com>

References:
- Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3
  - From: Jason Gerard DeRose <jderose@novacut.com>

Prev by Date: logkeys in Debian
Next by Date: Bug#658713: RFS: manaplus/1.2.3.4-1 [NEW] -- Extended client for Evol Online and The Mana World
Previous by thread: Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3
Next by thread: Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3
Index(es):
- Date
- Thread