Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3
* Jason Gerard DeRose <jderose@novacut.com>, 2012-08-04, 18:26:
dget -x http://mentors.debian.net/debian/pool/main/p/pyskein/pyskein_0.7.1-1.dsc
Let me see:
Build-Depends: debhelper (>= 8.9),
Out of curiosity, why >= 8.9?
python3 (>= 3.2),
python3-dev (>= 3.2),
You don't need to build-depend on both, python3-dev would be enough. Shouldn't
that be python3-all-dev though?
Also, why 3.2? Upstream README says “you need Python 3.0 or later”.
X-Python-Version: 3.2
This is wrong, X-P-V is for 2.X versions only.
X-Python3-Version: 3.2
Shouldn't that be ">= 3.2"?
Depends: python3 (>= 3.2),
Don't hardcode the dependency, use ${python3:Depends} instead.
Description: PySkein implementation of Skein cryptographic hash algorithm
Maybe s/PySkein/Python/?
algorithm, one of the finalists in the NIST SHA-3 Competition. While
originally based on the optimized version of the reference implementation by
Doug Whiting, PySkein is now feature complete and offers a pythonic interface,
Is the fact it was based on $something in the past really important
enough to put it in the package description?
all released as free software under the GNU General Public License. Its
highlights are:
If it wasn't free software, it wouldn't be allowed in Debian. No need to
mention that in the description.
Simple interface following the hash algorithms in the Python standard library
(like hashlib.sha1 or hashlib.sha256)
.
All features of the Skein specification (flexible digest sizes, MAC
generation, tree hashing, and various other arguments)
.
High performance through optimized C implementation (7.1 cycles/byte for
sequential hashing and 4.2 cycles/byte for tree hashing on two cores, measured
on an Athlon 64 X2)
.
Threefish, the tweakable block cipher used in Skein, available for encryption
and decryption on its own
This looks like an itemized lists, except that it doesn't have bullets.
Looks odd to me.
You may want to get your descriptions reviewed by
debian-l10n-english@ldo.
The copyright file doesn't document license/copyright status of
doc/_static/jquery.js. It also doesn't say say where the upstream
sources were obtained; see Policy §12.5.
debian/python3-skein.install is empty. Remove it.
Abstract: Documentation for PySkein in HTML form.
One of the features of doc-base is that you can have the same document
in multiple formats. Mentioning the format in the Abstract field seems
weird to me.
for pyvers in $(shell py3versions -vr); do \
Missing “set -e”; see Policy §4.6.
LC_ALL=en_US.UTF-8 python$$pyvers setup.py install \
--install-layout=deb \
--root $(CURDIR)/debian/python3-skein; \
IIRC “LC_ALL=en_US.UTF-8” is too work around issue 9561. This bug was
fixed in Python 3.2.3 RC 1, so you might want to just bump version in
Build-Depends and drop this work-around. Or you may want to use the
C.UTF-8 locale, which is provided by libc-bin (>= 2.13-1).
dh_auto_build
Uh, this looks wrong. dh_auto_* doesn't support building Python 3
modules. In fact, I see this in the build log:
| Can't exec "pyversions": No such file or directory at /usr/share/perl5/Debian/Debhelper/Buildsystem/python_distutils.pm line 120.
| Use of uninitialized value $python_default in substitution (s///) at /usr/share/perl5/Debian/Debhelper/Buildsystem/python_distutils.pm line 121.
| Use of uninitialized value $python_default in substitution (s///) at /usr/share/perl5/Debian/Debhelper/Buildsystem/python_distutils.pm line 122.
The package will FTBFS once #683551 is fixed…
Lintian reports:
W: python3-skein-doc: embedded-javascript-library usr/share/doc/python3-skein-doc/html/_static/jquery.js
W: python3-skein-doc: embedded-javascript-library usr/share/doc/python3-skein-doc/html/_static/underscore.js
You may want to use dh_sphinxdoc to fix these.
Lintian also emits:
W: python3-skein: hardening-no-fortify-functions usr/lib/python3/dist-packages/_skein.cpython-32mu.so
blhc confirms it's a true positive:
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fPIC -Isrc -I/usr/include/python3.2mu -c src/threefish.c -o build/temp.linux-i686-3.2/src/threefish.o
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fPIC -Isrc -I/usr/include/python3.2mu -c src/_skeinmodule.c -o build/temp.linux-i686-3.2/src/_skeinmodule.o
Last but not least, lintian also emits:
E: python3-skein: python-script-but-no-python-dep usr/bin/skeinsum
This is because /usr/bin/skeinsum has #!/usr/bin/python3.2 shebang, but
the package depends on python3, which of course doesn't guarantee that
/usr/bin/python3.2 exists. You probably want to make this shebang
unversioned.
--
Jakub Wilk
Reply to: