Re: [Debian-med-packaging] librcsb-core-wrapper read for inspection

To: debian-med-packaging@lists.alioth.debian.org, debian-python@lists.debian.org
Subject: Re: [Debian-med-packaging] librcsb-core-wrapper read for inspection
From: Jakub Wilk <jwilk@debian.org>
Date: Mon, 20 Aug 2012 16:10:47 +0200
Message-id: <20120820141047.GA1924@jwilk.net>
Mail-followup-to: debian-med-packaging@lists.alioth.debian.org, debian-python@lists.debian.org
In-reply-to: <502E7669.4080107@rostlab.org>
References: <502D44FA.8060003@rostlab.org> <20120817140038.GA8752@jwilk.net> <502E7669.4080107@rostlab.org>

* Laszlo Kajan <lkajan@rostlab.org>, 2012-08-17, 18:50:

Lintian says:

W: python-librcsb-core-wrapper: hardening-no-fortify-functions usr/lib/python2.6/dist-packages/CorePyWrap.so
W: python-librcsb-core-wrapper: hardening-no-fortify-functions usr/lib/python2.7/dist-packages/CorePyWrap.so

which might be false-positive, but on the other hand blhc seems to confirm that *FLAGS are lost somewhere:

CFLAGS missing (-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): libtool --mode=compile gcc
-D_FORTIFY_SOURCE=2 -O  -fPIC    -DHAVE_STRCASECMP -DINCL_TEMPLATE_SRC -DHAVE_PLACEMENT_NEW  -I./include -I../include    -DPOSIX_MISTAKE -c
src/regcomp.c -o ./obj/regcomp.o
[snip - more complaints about CFLAGS missing]
LDFLAGS missing (-Wl,-z,relro): g++ -D_FORTIFY_SOURCE=2  -w -L/usr/lib obj/xml2mmcif.o ../lib/pdbml-parser.a ../lib/dict-obj-file.a
../lib/cif-file-util.a ../lib/cif-file.a ../lib/cifparse-obj.a ../lib/tables.a ../lib/common.a ../lib/regex.a -lxerces-c  -lm -o ./bin/xml2mmcif

Ok, I tried to address this. svn-buildpackage | tee ... blhc does notreport anything for me now. The gcc/g++ lines look right to my eyes.But I still get the lintian warning! *What can I do now?*


Run away screaming? Wait, no, maybe not. ;)

In my experience, blhc is much more reliable than lintian. So mostlikely hardening-no-fortify-functions is a false-positive.

It's customary to build extension modules also with python2.X-dbginterpreters, and put them into a separate python-foo-dbg package. Ifyou build-depend on python-all-dbg then dh_auto_* will do most of thework for you. (It's a feature added in debhelper 7.3.5, so you shouldbump debhelper build-dependency if you decide to use it.)
Ok, I added this. Building the wrapper (the binding) is painfullyslow... it's a pity the four versions of this module can not be builtin parallel.

They probably can, it's just somebody has to write code to make thathappen. See e.g. how gamera[0] does this. Or you could write a patch todebhelper, so that dh_auto_build takes care of parallel buildingautomatically. :)



[0] http://anonscm.debian.org/viewvc/python-modules/packages/gamera/trunk/debian/rules?revision=22402&view=markup

--
Jakub Wilk

Reply to:

Follow-Ups:
- librcsb-core-wrapper - ready for upload
  - From: Laszlo Kajan <lkajan@rostlab.org>

References:
- librcsb-core-wrapper read for inspection
  - From: Laszlo Kajan <lkajan@rostlab.org>
- Re: librcsb-core-wrapper read for inspection
  - From: Jakub Wilk <jwilk@debian.org>
- Re: [Debian-med-packaging] librcsb-core-wrapper read for inspection
  - From: Laszlo Kajan <lkajan@rostlab.org>

Prev by Date: PyPI to Debian repository converter
Next by Date: librcsb-core-wrapper - ready for upload
Previous by thread: Re: [Debian-med-packaging] librcsb-core-wrapper read for inspection
Next by thread: librcsb-core-wrapper - ready for upload
Index(es):
- Date
- Thread