[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1110378: RFS: kafel/20231004 [ITP] -- seccomp-bpf language parser for nsjail



Control: tags -1 +moreinfo

I have no decision making athority within the Debian Project. You may reject
this review if you wish.

Stephen,

Review of upload: 2025-08-04 04:57

Test 1 (reproducibility): Information only, not a blocker

Not being performed until bug below is fixed and accurate documentation written.

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108550

Test 2 (pbuilder build): Information only

* Good

Test 3 (pbuilder build --twice): Information only

* Good

Test 4 (sbuild): Information only

Lintian:

W: libkafel-dev: initial-upload-closes-no-bugs [usr/share/doc/libkafel-
dev/changelog.Debian.gz:1]
N: 
N:   This package appears to be the first packaging of a new upstream software
N:   package (there is only one changelog entry and the Debian revision is 1),
N:   but it does not close any bugs. The initial upload of a new package should
N:   close the corresponding ITP bug for that package.
N:   
N:   This warning can be ignored if the package is not intended for Debian or
N:   if it is a split of an existing Debian package.
N: 
N:   Please refer to New packages (Section 5.1) in the Debian Developer's
N:   Reference for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/changelog
N:   Renamed from: new-package-should-close-itp-bug
N: 
N:
W: libkafel1: initial-upload-closes-no-bugs
[usr/share/doc/libkafel1/changelog.Debian.gz:1]
N:
I: libkafel1: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libkafel.so.1.0.0]
N: 
N:   This package provides an ELF binary that lacks the "bindnow" linker flag.
N:   
N:   This is needed (together with "relro") to make the "Global Offset Table"
N:   (GOT) fully read-only. The bindnow feature trades startup time for
N:   improved security. Please consider enabling this feature or consider
N:   overriding the tag (possibly with a comment about why).
N:   
N:   If you use dpkg-buildflags, you may have to add hardening=+bindnow or
N:   hardening=+all to DEB_BUILD_MAINT_OPTIONS.
N:   
N:   The relevant compiler flags are set in LDFLAGS.
N: 
N:   Please refer to https://wiki.debian.org/Hardening for details.
N: 
N:   Visibility: info
N:   Show-Always: no
N:   Check: binaries/hardening
N: 
N:
I: libkafel1: no-symbols-control-file usr/lib/x86_64-linux-gnu/libkafel.so.1.0.0
N: 
N:   Although the package includes a shared library, the package does not have
N:   a symbols control file.
N:   
N:   dpkg can use symbols files in order to generate more accurate library
N:   dependencies for applications, based on the symbols from the library that
N:   are actually used by the application.
N: 
N:   Please refer to the dpkg-gensymbols(1) manual page and
N:   https://wiki.debian.org/UsingSymbolsFiles for details.
N: 
N:   Visibility: info
N:   Show-Always: no
N:   Check: debian/shlibs
N: 
N:
P: kafel source: trailing-whitespace [debian/rules:31]
N: 
N:   This file contains lines with trailing whitespace characters.
N:   
N:   Whilst often harmless and unsightly, such extra whitespaces can also cause
N:   tools to interpret the whitespace characters literally. The tool diff(1)
N:   does not like them, either. They are best avoided.
N:   
N:   Some of these problems can be hard to track down.
N:   
N:   Whitespace at the end of lines may be removed with the following:
N:   
N:    $ sed -i -e 's@[[:space:]]*$@@g' debian/control debian/changelog
N:   
N:   If you use Emacs, you can also use "M-x wh-cl" (whitespace-cleanup).
N:   
N:   However, if you wish to only remove trailing spaces and leave trailing
N:   tabs (eg. for Makefiles), you can use the following code snippet:
N:   
N:    $ sed -i -e 's@[ ]*$@@g' debian/rules
N:   
N:   To remove empty lines from the end of a file, you can use:
N:   
N:    $ sed -i -e :a -e '/^\n*$/{$d;N;};/\n$/ba' debian/rules
N: 
N:   Visibility: pedantic
N:   Show-Always: no
N:   Check: debian/trailing-whitespace
N:   Renamed from: file-contains-trailing-whitespace

Test 5 (ratt): Information only, not a blocker

Note: Possible false positives.

* Good

Test 6 (debian/watch): Information only

* Good

Test 7 (licenserecon): Information only

* Good

Summary
=======

Looking very promising indeed.

A new package requires an Intent To Package (ITP)[1] bug to be filed and then
closed in your initial changelog entry, like below.

* Initial release. (Closes: #ITP_BUG_NUMBER)

[1] https://wiki.debian.org/ITP

Tags
====

If a 'moreinfo' tag has been added to your RFS bug. You can remove the tag using
the line below at the top of a reply that is supplying information and/or
indicating a new upload.

Control: tags -1 -moreinfo

Regards

Phil

-- 

Blog: https://blog.kathenas.org

Buy me a coffee: https://buymeacoffee.com/kathenasorg

GPG Fingerprint: 70A0 AC45 AC77 9EFE 84F6 3AED 724A A9B5 2F02 4C8B

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: