[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#683871: RFS: pyskein/0.7.1-1 [ITP] -- Skein hash for Python3

* Jason Gerard DeRose <jderose@novacut.com>, 2012-08-08, 06:40:

Build-Depends: debhelper (>= 8.9),

Out of curiosity, why >= 8.9?
When I started working on this, 8.9 was the version in Debian testing. But as I don't know if the current package actually works with 8.9, I changed this to >= 9.20120608, the current version in Debian testing. 

Is that correct?
Well, using that logic, it should be "debhelper (= 9.20120608)" because you don't know if it'll continue to work with the future versions... ;]
Build-dependencies (and Python version declarations) should be as loose as possible, to ease backporting.
Looking at debhelper changelog, the last change that affects your package appears to be: 

| debhelper (8.9.5) unstable; urgency=low
|
|   * dh_compress: Don't compress _sources documentation subdirectory
|     as used by python-sphinx. Closes: #637492


Also, why 3.2? Upstream README says “you need Python 3.0 or later”.
I did this because Debian testing doesn't contain Python 3.1 or 3.0, plus I personally have only extensively tested this package under 3.2.
Which reminds me: upstream provides a test suite. Please run it at build time.
Is my override_dh_auto_clean hack acceptable? From a few examples I found, this seems to be how people are currently dealing with Python3-only packages.
Firstly, it should be: setup.py clean -a (the -a part is quite important).
Additionally, the current code won't work that well once we have more than one supported Python 3 version. You need to either have a for loop there, or rm -rf the whole build/ directory.
If we are it, the package FTBFS if built twice in a row (not only because of missing -a): 
|  dpkg-source -b pyskein-0.7.1
| dpkg-source: info: using source format `3.0 (quilt)'
| dpkg-source: info: building pyskein using existing ./pyskein_0.7.1.orig.tar.gz
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/searchindex.js has no final newline (either original or modified version)
| dpkg-source: error: cannot represent change to doc_src/_build/html/objects.inv: binary file contents changed
| dpkg-source: error: add doc_src/_build/html/objects.inv in debian/source/include-binaries if you want to store the modified binary in the debian tarball
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/download.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/genindex.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/skein.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/index.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/scripts.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/search.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/threefish.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/random.html has no final newline (either original or modified version)
| dpkg-source: warning: file pyskein-0.7.1/doc_src/_build/html/stream.html has no final newline (either original or modified version)
[snip - more similar warnings and errors]
| dpkg-source: warning: executable mode 0775 of 'build/scripts-3.2/skeinsum' will not be represented in diff
| dpkg-source: error: cannot represent change to build/lib.linux-i686-3.2/_skein.cpython-32mu.so: binary file contents changed
| dpkg-source: error: add build/lib.linux-i686-3.2/_skein.cpython-32mu.so in debian/source/include-binaries if you want to store the modified binary in the debian tarball
| dpkg-source: error: unrepresentable changes to source
| dpkg-buildpackage: error: dpkg-source -b pyskein-0.7.1 gave error exit status 2

Please fix the clean target. :)
Fixed, I removed this and am now only building the sphinx docs in override_dh_auto_build.
But that means the C code is built in the binary(-arch) target, rather than in build(-arch). The former should be normally used for stuff that requires (fake)root privileges. 


Lintian also emits:

W: python3-skein: hardening-no-fortify-functions
usr/lib/python3/dist-packages/_skein.cpython-32mu.so


Apologies, but I don't know where to start on this.
How do I enable this? Does this require a patch to the upstream source code?
That shouldn't be necessary. distutils honours CFLAGS/CPPFLAGS/LDFLAGS set in environment. See also: https://wiki.debian.org/Hardening#dpkg-buildflags 


Last but not least, lintian also emits:

E: python3-skein: python-script-but-no-python-dep usr/bin/skeinsum
This is because /usr/bin/skeinsum has #!/usr/bin/python3.2 shebang, but the package depends on python3, which of course doesn't guarantee that /usr/bin/python3.2 exists. You probably want to make this shebang unversioned.
What's the best way to make the shebang unversioned? I believe calling setup.py with `python3` rather than `python3.2` would do it, but that means not looping through `py3versions -r`. 

TIMTOWTDI!
The way that dh_auto_build does it (for 2.* modules) is indeed to use /usr/bin/python interpreter instead of /usr/bin/python2.X when 2.X happens to be the default version. But it's very easy to get it wrong (see bugs #547510, #589759). Nobody sane would implement such logic directly in debian/rules, ever. :) 

The traditional solution is to fix the shebang by sed.
The modern solution is to pass --executable=/usr/bin/python to the build command.[0]
And finally, there's a “oooh, I'll use this new shiny thing” method: dh_python2 has now a --shebang option. 


[0] Documentation:
http://docs.python.org/dev/distutils/setupscript#installing-scripts

--
Jakub Wilk
Reply to: