Bug#739056: RFS: cwm/5.1-1 [ITP] -- Lightweight and efficient window manager for X11
* James McDonald <james@jamesmcdonald.com>, 2014-02-23, 18:59:
http://mentors.debian.net/debian/pool/main/c/cwm/cwm_5.1-1.dsc
[...]
blhc says that at least some parts of the package were built without
hardening:
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): cc -c -Wall -O2 -g -D_FORTIFY_SOURCE=2
`pkg-config --cflags fontconfig x11 xft xinerama xrandr` calmwm.c
I have modified debian/rules to override CFLAGS and include these
additions.
It would be better to use dpkg-buildflags instead of hardcoding the
flags in debian/rules.
Upstream PGP-signed his tarball, so you may want to enable signature
checking in d/watch.
Done. The lintian on mentors doesn't seem to like the new
debian/upstream/signing-key.asc yet, so I've put the key in
debian/upstream-signing-key.pgp for the moment.
gpg doesn't grok ASCII-armored keyrings. uscan can unarmor them, but it
does it only if the extension is ".asc". So now the verification fails:
-- Downloading updated package cwm-5.1.tar.gz
-- Downloading OpenPGP signature for package as cwm-5.1.tar.gz.pgp
-- Verifying OpenPGP signature cwm-5.1.tar.gz.pgp for cwm-5.1.tar.gz
gpgv: Signature made 2012-05-02T14:34:13 CEST using DSA key ID BC1B04C8
gpgv: [don't know]: invalid packet (ctb=2d)
gpgv: keydb_search failed: invalid packet
gpgv: Can't check signature: public key not found
uscan warning: OpenPGP signature did not verify.
I'd rather not patch upstream makefile to change PREFIX, but override
it in debian/rules instead.
I have made this change. That does make more sense.
FWIW, you could use this in the override instead:
dh_auto_install -- PREFIX=/usr
fix-man-hyphens is not complete. There are more places where hyphen is
used as minus sign, although likely Lintian is not smart enough to
detect them.
I'm not sure exactly which of them to fix. Should I just mark up the
hyphens in the 'bind' and 'mousebind' sections of the description, or
should all the hyphens in the example configuration also count as minus
signs?
The whole EXAMPLE CONFIGURATION section looks like something that should
be copy-pasteable, so it should use minuses.
These two needs fixing, too:
* "The modifier keys come first, followed by a ‘‐’."
* "The ‘‐’ should be followed by either a keysym name,"
Upstream embeds a few BSD-specific functions (fgetln, strlcat,
strlcpy, strtonum). It would be nice if Debian package could link to
libbsd instead of using these embedded copies.
I have not included this patch, but I am now running it on my desktop.
The upstream porter wasn't keen to add a dependency on libbsd as it
doesn't seem to be used a lot. It might affect portability to some
Linux distributions or potentially compatibility with the OpenBSD
original.
OK.
As regards the name /usr/bin/cwm, is there a reference for the correct
or recommended way to rename files in the event of such collisions?
I'm not sure if you ask about politics or technicalities. I'll assume
it's about both. :)
Politics:
Policy §10.1 says: “Two different packages must not install programs
with different functionality but with the same filenames. […] If this
case happens, one of the programs must be renamed. The maintainers
should report this to the debian-devel mailing list and try to find a
consensus about which program will have to be renamed. If a consensus
cannot be reached, both programs must be renamed.”
But we have a bit of special case here, because our cwm hasn't been
uploaded yet (while swap-cwm has been in Debian since 2009). So it would
be civil for your package to yield the name without a discussion.
I'd suggest to contact upstream about this problem. Even if they are not
willing to rename the binary themselves, it would be great if Debian
could use a name that upstream likes (or maybe, s/likes/hates the
least/).
Technicalities:
Use mv(1). :P
--
Jakub Wilk
Reply to: