Bug#816433: RFS: complexity/1.5+dfsg-1 ITP

To: Dmitry Bogatov <KAction@gnu.org>, 816433@bugs.debian.org
Subject: Bug#816433: RFS: complexity/1.5+dfsg-1 ITP
From: Paul Wise <pabs@debian.org>
Date: Wed, 2 Mar 2016 10:35:10 +0800
Message-id: <[🔎] CAKTje6ERGqQRXg68BGjX6ZXWuFQRP=+L2iJVe-B=UQWkNd7oyg@mail.gmail.com>
Reply-to: Paul Wise <pabs@debian.org>, 816433@bugs.debian.org
In-reply-to: <[🔎] E1aaqSM-0008AX-Dv@eggs.gnu.org>
References: <[🔎] E1aaqSM-0008AX-Dv@eggs.gnu.org>

On Wed, Mar 2, 2016 at 3:59 AM, Dmitry Bogatov wrote:

>   * New upstream release, which fix issues with non-Unix line endings
>     (Closes: #816244)
>   * Standards version bump -- 3.9.7 (No changes needed)

Uploaded, thanks for the fix.

Some things you might want to get fixed:

The file src/char-types.h cannot be automatically rebuilt from its
source (src/char-types.map) on Debian because char-mapper is not
available in a Debian binary package. This is an important bug. I
recommend upstream remove this file from the VCS and source tarballs
and always build it from source. If they don't want to do that, please
remove the file either using Files-Excluded (if still doing a
DFSG-repack) or in debian/rules before dh_auto_configure. Looks like
char-mapper is from autogen but is not packaged in any Debian binary
package.

Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata

Upstream seems to have forgotten to update the NEWS file.

The uversionmangle in the watch file breaks downloading files, please
make sure this command works and saves the tarball correctly using
uscan from stable and unstable:

uscan --verbose --download-current-version --destdir .

I don't see -Wall in the compiler flags.

You might want to fuzz-test the program using zzuf and afl. Please
report any exploitable issues you find to the Debian security team and
privately to upstream.

http://caca.zoy.org/wiki/zzuf
http://lcamtuf.coredump.cx/afl/

Automatic checks:

build:

You may need to add #include directives for the following .h files.
  #include <stdbool.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <unistd.h>

Don't forget to
  - add "lib/Makefile" to AC_CONFIG_FILES in ./configure.ac,
  - mention "lib" in SUBDIRS in Makefile.am,
  - mention "-I m4" in ACLOCAL_AMFLAGS in Makefile.am,
  - mention "m4/gnulib-cache.m4" in EXTRA_DIST in Makefile.am,
  - invoke gl_EARLY in ./configure.ac, right after AC_PROG_CC_C99,
  - invoke gl_INIT in ./configure.ac.

lintian:

I: complexity source: vcs-field-uses-insecure-uri vcs-git
git://anonscm.debian.org/users/kaction-guest/complexity.git

check-all-the-things:

$ find -type f -iname '*.sh' -exec checkbashisms {} +
possible bashism in ./doc/mk.sh line 3 ('command' with option other than -p):
ag=`command -v autogen`

$ cme check dpkg
Warning in 'control source Vcs-Git' value
'git://anonscm.debian.org/users/kaction-guest/complexity.git': An
unencrypted transport protocol is used for this URI. It is recommended
to use a secure transport such as HTTPS for anonymous read-only
access.
Warning in 'control source Vcs-Git' value
'git://anonscm.debian.org/users/kaction-guest/complexity.git': URL to
debian system is not the recommended one (this can be fixed with 'cme
fix' command)

$ codespell --quiet-level=3
./bootstrap:1785: alse  ==> else
./bootstrap:1818: propogate  ==> propagate
<lots in ./build-aux/>
./src/char-types.map:23: caracter  ==> character
./src/char-types.h:5: caracter  ==> character

# check if these can be switched to https://
$ grep -rF http: .
<lots>

$ find -type f \( -iname '*.c' -o -iname '*.cc' -o -iname '*.cxx' -o
-iname '*.cpp' -o -iname '*.h' -o -iname '*.hh' -o -iname '*.hxx' -o
-iname '*.hpp' \) -exec include-what-you-use {} \;
<lots>

# Please report a bug on lacheck and
# use the usertags/affects from
https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git/tree/doc/README
$ find -type f -iname '*.tex' -exec lacheck {} +
<lots>
SIGSEGV

# Users of binary packages do not need install instructions.
$ find -type f -iname '*README*' -a ! \( -iname README.md -o -iname
README.install \) -exec grep --ignore-case --fixed-strings
--with-filename install {} +
./README:Provided you have the full installation of autogen:
./README:(including libopts and templates), then building and installing
./README:  configure && make && make install

$ find -type f -iname '*.sh' -exec sh -n {} \;
./src/cx-vs-mc.sh: 135: ./src/cx-vs-mc.sh: Syntax error: "&" unexpected

$ find -type f \( -iname '*.sh' -o -iname '*.bash' -o -iname '*.zsh'
\) -exec shellcheck {} +
<lots>

$ find -type d \( -iname .bzr -o -iname .git -o -iname .hg -o -iname
.svn -o -iname CVS -o -iname RCS -o -iname SCCS -o -iname _MTN -o
-iname _darcs -o -iname .pc -o -iname .cabal-sandbox -o -iname .cdv -o
-iname .metadata -o -iname CMakeFiles -o -iname _build -o -iname
_sgbak -o -iname autom4te.cache -o -iname blib -o -iname cover_db -o
-iname node_modules -o -iname '~.dep' -o -iname '~.dot' -o -iname
'~.nib' -o -iname '~.plst' \) -prune -o -type f ! \( -iname '*.bak' -o
-iname '*.swp' -o -iname '#.*' -o -iname '#*#' -o -iname 'core.*' -o
-iname '*~' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' -o
-iname '*.png' -o -iname '*.min.js' -o -iname '*.js.map' -o -iname
'*.js.min' -o -iname '*.min.css' -o -iname '*.css.map' -o -iname
'*.css.min' \) -exec spellintian --picky {} +
./configure: gnu -> GNU
./build-aux/gendocs.sh: docbook -> DocBook
./build-aux/texinfo.tex: necesary -> necessary
./build-aux/texinfo.tex: latex -> LaTeX
./bootstrap: automaticaly -> automatically
./bootstrap: propogate -> propagate
./src/score.c: tk -> Tk
./src/tokenize.c: tk -> Tk

$ grep -riE 'fixme|todo|hack|xxx|broken' .
...
./bootstrap:    # FIXME: Solaris /bin/sh will try to execute '-' if any of

$ flawfinder -Q -c .
<lots>

$ find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name
.hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o
-empty -print
./doc/texi-stamp

# Please file a bug on hopenpgp-tools and
# use the usertags/affects from
https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git/tree/doc/README
$ find -type f -iname '*.asc' -exec cat {} + | hot dearmor | hokey lint
hot (hopenpgp-tools) 0.17
Copyright (C) 2012-2015  Clint Adams
hot comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions.
hokey (hopenpgp-tools) 0.17
Copyright (C) 2012-2015  Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions.
hokey: Unexpected finalization failure

$ licensecheck --check=. --recursive --copyright . | grep -F 'GENERATED FILE'
...
./src/char-types.h: GPL (v3 or later) GENERATED FILE

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- Bug#816433: RFS: complexity/1.5+dfsg-1 ITP
  - From: Dmitry Bogatov <KAction@gnu.org>

Prev by Date: Re: how to take advantage of uscan for git upstream source with only commits (read no tags) ?
Next by Date: Re: how to take advantage of uscan for git upstream source with only commits (read no tags) ?
Previous by thread: Bug#816433: RFS: complexity/1.5+dfsg-1 ITP
Next by thread: Bug#816433: marked as done (RFS: complexity/1.5+dfsg-1 ITP)
Index(es):
- Date
- Thread