[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#924872: unblock: knot-resolver/3.2.1-3

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Control: block -1 by 924019
Control: affects -1 + src:knot-resolver

Please unblock package knot-resolver, package version 3.2.1-3.

knot-resolver 3.2.1-1 (in testing) ships libkres-dev, which does not
work for building other tools against libkres9 :( Upstream packaging
tries to install the development files, but they just aren't
functional (see more discussion on the RC-critical bug
https://bugs.debian.org/923970).

3.2.1-3 solves the issue by folding the .so back into the
knot-resolver binary package, and removing the libkres-dev and
libkres9 packages.

However, those packages linger on the arm64 platform, which hasn't
supported the knot-resolver binary itself for a while.  see
https://bugs.debian.org/924019 for the request to the ftp team to
remove those binary packages on that platform to avoid shipping
lingering unusable packages.  i'm marking this bug as blocked by that
one, because i believe this all needs to happen together.

In the course of package review, i discovered that the
debian/missing-sources/ file for the dygraphs javascript library was
outdated, so i've replaced it as well -- that huge difference between
3.2.1-1 and 3.2.1-3 has been filtered out of the debdiff, but feel
free to take a look at commit 0ca501d492beca924e1e5dd20314f0e5640a5102
in https://salsa.debian.org/dns-team/knot-resolver.git for the
comparison.

This update also avoids shipping an embedded copy of font file
glyphs-halfling.woff, and converts from debhelper 11 to debhelper 12
(which causes no changes in the underlying package).  And it fixes
passing CXXFLAGS to the text-string matching Aho Corasick Lua module
that it uses, further expanding the scope of automatic debian
hardening.

Thanks for your work on the debian release,

        --dkg

unblock knot-resolver/3.2.1-3

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git knot-resolver-3.2.1/debian/changelog knot-resolver-3.2.1/debian/changelog
index 8e18a042..4af50d4e 100644
--- knot-resolver-3.2.1/debian/changelog
+++ knot-resolver-3.2.1/debian/changelog
@@ -1,3 +1,23 @@
+knot-resolver (3.2.1-3) unstable; urgency=medium
+
+  * knot-resolver-module-http is arch: all, not arch: any
+  * Explicitly list all non-arm64 architectures
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 08 Mar 2019 00:56:09 -0500
+
+knot-resolver (3.2.1-2) unstable; urgency=medium
+
+  * Standards-Version: move to 4.3.0 (no changes needed)
+  * move to debhelper 12
+  * Avoid breakage when built against knot-dns 2.8.0
+  * d/tests/control: wrap-and-sort
+  * Drop libkres9 and libkres-dev packages (Closes: #923970)
+  * avoid clobbering CXXFLAGS when compiling lua-aho-corasick
+  * missing-sources: updated dygraph-combined.js to match minified version
+  * avoid shipping pre-built glyphicons-halflings-regular.woff2
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 07 Mar 2019 16:23:16 -0500
+
 knot-resolver (3.2.1-1) unstable; urgency=medium
 
   * new upstream release (Closes: #922172)
diff --git knot-resolver-3.2.1/debian/clean knot-resolver-3.2.1/debian/clean
index a8241244..ce17de8f 100644
--- knot-resolver-3.2.1/debian/clean
+++ knot-resolver-3.2.1/debian/clean
@@ -1,5 +1,5 @@
 doc/kresd.8
 libkres.pc
 lib/libkres.a
-lib/libkres.so.9
+lib/libkres.so.*
 test-modules/
diff --git knot-resolver-3.2.1/debian/compat knot-resolver-3.2.1/debian/compat
deleted file mode 100644
index b4de3947..00000000
+++ /dev/null
@@ -1 +0,0 @@
-11
diff --git knot-resolver-3.2.1/debian/control knot-resolver-3.2.1/debian/control
index 4da0323a..4ed0dad4 100644
--- knot-resolver-3.2.1/debian/control
+++ knot-resolver-3.2.1/debian/control
@@ -11,7 +11,7 @@ Build-Depends-Indep:
  python3-sphinx,
  python3-sphinx-rtd-theme,
 Build-Depends:
- debhelper (>= 11~),
+ debhelper-compat (= 12),
  dns-root-data,
  gnutls-bin <!nocheck>,
  knot-dnsutils <!nocheck>,
@@ -20,6 +20,7 @@ Build-Depends:
  libgeoip-dev,
  libgnutls28-dev,
  libknot-dev (>= 2.7.2),
+ libknot-dev (<< 2.8.0),
  liblmdb-dev,
  libluajit-5.1-dev,
  libsystemd-dev (>= 227) [linux-any],
@@ -27,23 +28,26 @@ Build-Depends:
  luajit,
  pkg-config,
  socat <!nocheck>,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
 Homepage: https://www.knot-resolver.cz/
 Vcs-Browser: https://salsa.debian.org/dns-team/knot-resolver
 Vcs-Git: https://salsa.debian.org/dns-team/knot-resolver.git
 Rules-Requires-Root: no
 
 Package: knot-resolver
-# actually "Architecture: any [!arm64]" via debian/rules, see #907729
-Architecture: any
+# intended to be "Architecture: any [!arm64]", see #907729
+Architecture: amd64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el
 Depends:
  adduser,
  dns-root-data,
- libkres9 (= ${binary:Version}),
  lua-sec,
  lua-socket,
  ${misc:Depends},
  ${shlibs:Depends},
+Replaces:
+  libkres9 (<< 3.2.1-2),
+Breaks:
+  libkres9 (<< 3.2.1-2),
 Recommends:
  knot-resolver-module-http,
  lua-basexx,
@@ -65,9 +69,9 @@ Description: caching, DNSSEC-validating DNS resolver
  nodes depending on the contention without downtime.
 
 Package: knot-resolver-module-http
-# actually "Architecture: any [!arm64]" via debian/rules, see #907729
 Architecture: all
 Depends:
+ fonts-glyphicons-halflings,
  libjs-bootstrap,
  libjs-d3,
  libjs-jquery,
@@ -105,44 +109,3 @@ Description: Documentation for Knot Resolver
  validator, and many external.
  .
  This package contains Knot Resolver Documentation.
-
-Package: libkres9
-Architecture: any
-Section: libs
-Depends:
- ${misc:Depends},
- ${shlibs:Depends},
-Breaks:
- knot-resolver (<< 1.5.0-5),
-Replaces:
- knot-resolver (<< 1.5.0-5),
-Description: caching, DNSSEC-validating DNS resolver (shared library)
- The Knot DNS Resolver is a caching full resolver implementation
- written in C and LuaJIT, including both a resolver library and a
- daemon. Modular architecture of the library keeps the core tiny and
- efficient, and provides a state-machine like API for
- extensions.
- .
- This package contains the libkres shared library used by Knot
- Resolver.
-
-Package: libkres-dev
-Architecture: any
-Section: libdevel
-Depends:
- libkres9 (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends},
-Breaks:
- knot-resolver (<< 1.5.0-5),
-Replaces:
- knot-resolver (<< 1.5.0-5),
-Description: caching, DNSSEC-validating DNS resolver (shared library development files)
- The Knot DNS Resolver is a caching full resolver implementation
- written in C and LuaJIT, including both a resolver library and a
- daemon. Modular architecture of the library keeps the core tiny and
- efficient, and provides a state-machine like API for
- extensions.
- .
- This package provides development files for use when building against
- the libkres shared library.
diff --git knot-resolver-3.2.1/debian/knot-resolver-module-http.links knot-resolver-3.2.1/debian/knot-resolver-module-http.links
index 322529c8..d651f6fc 100644
--- knot-resolver-3.2.1/debian/knot-resolver-module-http.links
+++ knot-resolver-3.2.1/debian/knot-resolver-module-http.links
@@ -1,3 +1,4 @@
+/usr/share/fonts-glyphicons/glyphicons-halflings-regular.woff2 /usr/lib/knot-resolver/http/glyphicons-halflings-regular.woff2
 /usr/share/javascript/bootstrap/css/bootstrap-theme.min.css /usr/lib/knot-resolver/http/bootstrap-theme.min.css
 /usr/share/javascript/bootstrap/css/bootstrap.min.css /usr/lib/knot-resolver/http/bootstrap.min.css
 /usr/share/javascript/bootstrap/js/bootstrap.min.js /usr/lib/knot-resolver/http/bootstrap.min.js
diff --git knot-resolver-3.2.1/debian/knot-resolver.install knot-resolver-3.2.1/debian/knot-resolver.install
index 6d1ebb1b..429a43b4 100644
--- knot-resolver-3.2.1/debian/knot-resolver.install
+++ knot-resolver-3.2.1/debian/knot-resolver.install
@@ -7,6 +7,7 @@ distro/common/systemd/kresd.target lib/systemd/system/
 distro/common/systemd/kresd@.service lib/systemd/system/
 distro/common/tmpfiles/knot-resolver.conf usr/lib/tmpfiles.d/
 etc/knot-resolver/config.* /usr/share/doc/knot-resolver/examples/
+usr/lib/*.so.*
 usr/lib/knot-resolver/*.so
 usr/lib/knot-resolver/daf.lua
 usr/lib/knot-resolver/daf/
diff --git knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides
index b65480bc..5ac85653 100644
--- knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides
+++ knot-resolver-3.2.1/debian/knot-resolver.lintian-overrides
@@ -2,3 +2,6 @@
 # see https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/597
 # and https://github.com/systemd/systemd/issues/9080#issuecomment-393552613
 knot-resolver: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/kresd@.service kresd.target
+# libkres9 is not currently functional independently.  see https://bugs.debian.org/923970
+knot-resolver: package-name-doesnt-match-sonames libkres9
+knot-resolver: no-symbols-control-file usr/lib/libkres.so.9
diff --git knot-resolver-3.2.1/debian/libkres-dev.install knot-resolver-3.2.1/debian/libkres-dev.install
deleted file mode 100644
index d565b386..00000000
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/include/libkres/*.h
-usr/lib/*.so
-usr/lib/pkgconfig/libkres.pc
diff --git knot-resolver-3.2.1/debian/libkres9.install knot-resolver-3.2.1/debian/libkres9.install
deleted file mode 100644
index 093956b1..00000000
+++ /dev/null
@@ -1 +0,0 @@
-usr/lib/*.so.*
diff --git knot-resolver-3.2.1/debian/libkres9.symbols knot-resolver-3.2.1/debian/libkres9.symbols
deleted file mode 100644
index b7baf5a1..00000000
+++ /dev/null
@@ -1,146 +0,0 @@
-libkres.so.9 libkres9 #MINVER#
-* Build-Depends-Package: libkres-dev
- cache_api@Base 2.2.0
- iterate_api@Base 2.2.0
- kr_bitcmp@Base 2.2.0
- kr_cache_clear@Base 2.2.0
- kr_cache_close@Base 2.2.0
- kr_cache_closest_apex@Base 3.0.0
- kr_cache_emergency_file_to_remove@Base 3.1.0
- kr_cache_insert_rr@Base 2.4.0
- kr_cache_match@Base 3.0.0
- kr_cache_materialize@Base 2.2.0
- kr_cache_open@Base 2.2.0
- kr_cache_peek_exact@Base 2.2.0
- kr_cache_remove@Base 3.0.0
- kr_cache_remove_subtree@Base 3.0.0
- kr_cache_sync@Base 2.2.0
- kr_cache_ttl@Base 2.2.0
- kr_cdb_lmdb@Base 2.2.0
- kr_crypto_cleanup@Base 2.2.0
- kr_crypto_init@Base 2.2.0
- kr_crypto_reinit@Base 2.2.0
- kr_dnssec_key_ksk@Base 2.2.0
- kr_dnssec_key_match@Base 2.2.0
- kr_dnssec_key_revoked@Base 2.2.0
- kr_dnssec_key_tag@Base 2.2.0
- kr_dnssec_key_zsk@Base 2.2.0
- kr_family_len@Base 2.2.0
- kr_inaddr@Base 2.2.0
- kr_inaddr_family@Base 2.2.0
- kr_inaddr_len@Base 2.2.0
- kr_inaddr_port@Base 2.2.0
- kr_inaddr_set_port@Base 3.1.0
- kr_inaddr_str@Base 2.2.0
- kr_log_qverbose_impl@Base 3.2.0
- kr_log_trace@Base 2.2.0
- kr_log_verbose@Base 2.2.0
- kr_make_query@Base 2.4.0
- kr_memreserve@Base 2.2.0
- kr_module_call@Base 2.2.0
- kr_module_embedded@Base 2.2.0
- kr_module_load@Base 2.2.0
- kr_module_unload@Base 2.2.0
- kr_now@Base 2.2.0
- kr_nsrep_elect@Base 2.2.0
- kr_nsrep_elect_addr@Base 2.2.0
- kr_nsrep_set@Base 2.2.0
- kr_nsrep_sort@Base 2.2.0
- kr_nsrep_update_rep@Base 2.2.0
- kr_nsrep_update_rtt@Base 2.2.0
- kr_pkt_clear_payload@Base 2.2.0
- kr_pkt_make_auth_header@Base 2.2.0
- kr_pkt_put@Base 2.2.0
- kr_pkt_qclass@Base 3.0.0
- kr_pkt_qtype@Base 3.0.0
- kr_pkt_recycle@Base 2.2.0
- kr_qflags_clear@Base 2.2.0
- kr_qflags_set@Base 2.2.0
- kr_ranked_rrarray_add@Base 2.2.0
- kr_resolve_begin@Base 2.2.0
- kr_resolve_checkout@Base 2.2.0
- kr_resolve_consume@Base 2.2.0
- kr_resolve_finish@Base 2.2.0
- kr_resolve_plan@Base 2.2.0
- kr_resolve_pool@Base 2.2.0
- kr_resolve_produce@Base 2.2.0
- kr_rnd_buffered@Base 3.2.0
- kr_rplan_deinit@Base 2.2.0
- kr_rplan_empty@Base 2.2.0
- kr_rplan_find_resolved@Base 2.2.0
- kr_rplan_init@Base 2.2.0
- kr_rplan_last@Base 2.2.0
- kr_rplan_pop@Base 2.2.0
- kr_rplan_push@Base 2.2.0
- kr_rplan_push_empty@Base 2.2.0
- kr_rplan_resolved@Base 2.2.0
- kr_rplan_satisfies@Base 2.2.0
- kr_rrkey@Base 2.2.0
- kr_rrset_init@Base 3.0.0
- kr_rrsig_sig_expiration@Base 3.0.0
- kr_rrsig_sig_inception@Base 3.0.0
- kr_rrsig_type_covered@Base 3.0.0
- kr_sockaddr_cmp@Base 2.4.0
- kr_sockaddr_len@Base 2.2.0
- kr_straddr_family@Base 2.2.0
- kr_straddr_join@Base 2.2.0
- kr_straddr_socket@Base 2.2.0
- kr_straddr_split@Base 2.2.0
- kr_straddr_subnet@Base 2.2.0
- kr_strcatdup@Base 2.2.0
- kr_strptime_diff@Base 3.2.1
- kr_ta_add@Base 2.2.0
- kr_ta_clear@Base 2.2.0
- kr_ta_covers@Base 2.2.0
- kr_ta_covers_qry@Base 2.2.0
- kr_ta_del@Base 2.2.0
- kr_ta_get@Base 2.2.0
- kr_ta_get_longest_name@Base 2.2.0
- kr_unpack_cache_key@Base 3.0.0
- kr_verbose_set@Base 2.2.0
- kr_verbose_status@Base 2.2.0
- kr_zonecut_add@Base 2.2.0
- kr_zonecut_copy@Base 2.2.0
- kr_zonecut_copy_trust@Base 2.2.0
- kr_zonecut_deinit@Base 2.2.0
- kr_zonecut_del@Base 2.2.0
- kr_zonecut_del_all@Base 2.2.0
- kr_zonecut_find@Base 2.2.0
- kr_zonecut_find_cached@Base 2.2.0
- kr_zonecut_init@Base 2.2.0
- kr_zonecut_is_empty@Base 2.3.0
- kr_zonecut_move@Base 3.2.0
- kr_zonecut_set@Base 2.2.0
- kr_zonecut_set_sbelt@Base 2.2.0
- lru_apply_impl@Base 2.2.0
- lru_create_impl@Base 2.2.0
- lru_free_items_impl@Base 2.2.0
- lru_get_impl@Base 2.2.0
- map_clear@Base 2.2.0
- map_contains@Base 2.2.0
- map_del@Base 2.2.0
- map_get@Base 2.2.0
- map_set@Base 2.2.0
- map_walk_prefixed@Base 2.2.0
- mm_realloc@Base 3.2.0
- queue_deinit_impl@Base 3.1.0
- queue_init_impl@Base 3.1.0
- queue_push_head_impl@Base 3.1.0
- queue_push_impl@Base 3.1.0
- trie_clear@Base 2.3.0
- trie_create@Base 2.3.0
- trie_del@Base 2.3.0
- trie_del_first@Base 3.1.0
- trie_free@Base 2.3.0
- trie_get_first@Base 3.1.0
- trie_get_ins@Base 2.3.0
- trie_get_leq@Base 3.1.0
- trie_get_try@Base 2.3.0
- trie_it_begin@Base 2.3.0
- trie_it_finished@Base 2.3.0
- trie_it_free@Base 2.3.0
- trie_it_key@Base 2.3.0
- trie_it_next@Base 2.3.0
- trie_it_val@Base 2.3.0
- trie_weight@Base 2.3.0
- validate_api@Base 2.2.0
diff --git knot-resolver-3.2.1/debian/not-installed knot-resolver-3.2.1/debian/not-installed
index 2bfaf64a..dce28d5d 100644
--- knot-resolver-3.2.1/debian/not-installed
+++ knot-resolver-3.2.1/debian/not-installed
@@ -1,2 +1,5 @@
 usr/lib/knot-resolver/http/LICENSE
 usr/lib/knot-resolver/basexx.lua
+usr/include/libkres/*.h
+usr/lib/*.so
+usr/lib/pkgconfig/libkres.pc
diff --git knot-resolver-3.2.1/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch knot-resolver-3.2.1/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch
new file mode 100644
index 00000000..8d3d869d
--- /dev/null
+++ knot-resolver-3.2.1/debian/patches/0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch
@@ -0,0 +1,24 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 7 Mar 2019 14:36:33 -0500
+Subject: Avoid clobbering CXX flags when compiling lua-aho-corasick
+
+Without this patch, any externally-set CXXFLAGS are not passed through
+to the underlying C++ compiler.
+
+---
+ modules/policy/policy.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/policy/policy.mk b/modules/policy/policy.mk
+index 98c9f88..43964dd 100644
+--- a/modules/policy/policy.mk
++++ b/modules/policy/policy.mk
+@@ -7,7 +7,7 @@ $(call make_lua_module,policy)
+ policy-clean:
+ 	$(MAKE) -C $(AHOCORASICK_DIR) clean
+ $(AHOCORASICK_DIR)ahocorasick$(LIBEXT): $(AHOCORASICK_DIR)Makefile
+-	$(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS)"
++	$(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS) $(CXXFLAGS)"
+ 
+ policy-install: ahocorasick-install
+ ahocorasick-install: $(AHOCORASICK_DIR)ahocorasick$(LIBEXT) $(DESTDIR)$(MODULEDIR)
diff --git knot-resolver-3.2.1/debian/patches/series knot-resolver-3.2.1/debian/patches/series
index cd2df8ce..815a16ce 100644
--- knot-resolver-3.2.1/debian/patches/series
+++ knot-resolver-3.2.1/debian/patches/series
@@ -1,2 +1,3 @@
 0001-Update-documentation-of-keyfile-ro.patch
 0002-avoid-invocations-of-git-during-make-installcheck.patch
+0003-Avoid-clobbering-CXX-flags-when-compiling-lua-aho-co.patch
diff --git knot-resolver-3.2.1/debian/rules knot-resolver-3.2.1/debian/rules
index 13912d11..87831d0c 100755
--- knot-resolver-3.2.1/debian/rules
+++ knot-resolver-3.2.1/debian/rules
@@ -18,14 +18,8 @@ export PREFIX=/usr
 export MODULEDIR=/usr/lib/knot-resolver
 export ETCDIR=/etc/knot-resolver
 
-# see https://bugs.debian.org/907729
-LUA_LUD_BROKEN_ARCHES := arm64
-ifneq (, $(filter $(DEB_HOST_ARCH), $(LUA_LUD_BROKEN_ARCHES)))
-  KRESD_EXCLUDE_ARCHES := -Nknot-resolver -Nknot-resolver-module-http
-endif
-
 %:
-	dh $@ $(KRESD_EXCLUDE_ARCHES)
+	dh $@
 
 override_dh_auto_clean-indep:
 	dh_auto_clean -- doc-clean http-clean
@@ -59,11 +53,9 @@ override_dh_auto_test-indep:
 override_dh_auto_test-arch:
 	dh_auto_test -- V=1
 ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS)))
-ifeq (, $(filter $(DEB_HOST_ARCH), $(LUA_LUD_BROKEN_ARCHES)))
 	mkdir -p test-modules && (cd test-modules && ln -sf ../modules/*/*.lua ../modules/*/*.so ../modules/policy/lua-aho-corasick/*.lua ../modules/policy/lua-aho-corasick/*.so ../daemon/lua/* ./)
 	MODULE_DIR=$(CURDIR)/test-modules LD_LIBRARY_PATH=$(CURDIR)/lib KRESD=$(CURDIR)/daemon/kresd debian/tests/roundtrip
 endif
-endif
 
 override_dh_missing:
 	dh_missing --fail-missing
diff --git knot-resolver-3.2.1/debian/tests/control knot-resolver-3.2.1/debian/tests/control
index 2acaeb7f..975fc1ef 100644
--- knot-resolver-3.2.1/debian/tests/control
+++ knot-resolver-3.2.1/debian/tests/control
@@ -1,6 +1,13 @@
 Test-Command: make -k installcheck V=1 PREFIX=/usr ROOTHINTS=/usr/share/dns/root.hints KEYFILE_DEFAULT=/usr/share/dns/root.key
-Depends: @, @builddeps@, lua-cqueues
+Depends:
+ lua-cqueues,
+ @,
+ @builddeps@,
 Restrictions: allow-stderr
 
 Tests: roundtrip
-Depends: gnutls-bin, knot-dnsutils, knot-resolver, socat
+Depends:
+ gnutls-bin,
+ knot-dnsutils,
+ knot-resolver,
+ socat,
Reply to: