Bug#956922: ITP: fsverity -- Userspace utilities for fs-verity

To: Romain Perier <romain.perier@gmail.com>, 956922@bugs.debian.org
Subject: Bug#956922: ITP: fsverity -- Userspace utilities for fs-verity
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 17 Apr 2020 10:48:08 +0100
Message-id: <[🔎] 1b0b91c251702fc6e002a3567939a32d40db2767.camel@debian.org>
Reply-to: Luca Boccassi <bluca@debian.org>, 956922@bugs.debian.org
In-reply-to: <[🔎] 158706453368.3110.7509925830595573013.reportbug@debby.home>
References: <[🔎] 158706453368.3110.7509925830595573013.reportbug@debby.home> <[🔎] 158706453368.3110.7509925830595573013.reportbug@debby.home>

On Thu, 2020-04-16 at 21:15 +0200, Romain Perier wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Romain Perier <romain.perier@gmail.com>
> 
> * Package name    : fsverity
>   Version         : 1.0
>   Upstream Author : Eric Biggers <ebiggers@google.com>
> * URL             : https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git
> * License         : GPL
>   Programming Lang: C
>   Description     : Userspace utilities for fs-verity
> 
> This is fsverity, a userspace utility for fs-verity. fs-verity is a Linux kernel
> feature that does transparent on-demand integrity/authenticity verification of
> the contents of read-only files, using a hidden Merkle tree (hash tree) associated
> with the file. The mechanism is similar to dm-verity, but implemented at the file
> level rather than at the block device level. The fsverity utility allows you to
> set up fs-verity protected files.
> 
> This package will be helpful for handling the fsverity feature on a file from
> userspace.
> 
> I want to maintain this package. As DM, I need someone for the initial upload.
> Packaging is currently hosted here https://salsa.debian.org/rperier-guest/fsverity,
> and will be developed at https://salsa.debian.org/debian/fsverity

Hi,

I can sponsor your initial upload, if you haven't found anyone else
yet.

A few things I noticed that would be good to fix beforehand:

1) Given you set compat 12, you can delete debian/compat and change the
build-dep from debhelper (>= 12) to debhelper-compat (= 12)
2) The upstream repository is called fsverity-utils, but the source
package and the salsa repository are called fsverity. It would be
better if they matched. The binary package name can stay as fsverity.
3) Standards-Version is outdated
4) Rules-Requires-Root: no is not set, even though I don't see anything
that would make it not work
5) The license in debian/copyright should be "GPL-2+ with OpenSSL
exception" since the author explicitly added it. Copy the exception
from upstream's README into a paragraph at the bottom of the license
body in d/copyright. Then, remove the lintian-override for possible-
gpl-code-linked-with-openssl
6) Given it's a linux-specific feature, the Architecture should
probably be linux-any instead of any
7) The upstream makefile hard-codes -lcrypto instead of using pkg-
config to get linker and compiler flags. This should be fixed.
8) The upstream makefile does not append to CFLAGS and CPPFLAGS, but
overrides them, so the hardening flags are lost and the build fails
since debhelper's -g is lost and dh_dwz fails as there are no symbols
to strip. This should be fixed as well.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#956922: ITP: fsverity -- Userspace utilities for fs-verity
  - From: Romain Perier <romain.perier@gmail.com>

Prev by Date: Processed: retitle 921679 to ITP: python-aiortc -- implementation of WebRTC and ORTC, owner 921679
Next by Date: Processed: Please enable DLLVM_ENABLE_DUMP
Previous by thread: Bug#956922: ITP: fsverity -- Userspace utilities for fs-verity
Next by thread: Bug#956922: ITP: fsverity -- Userspace utilities for fs-verity
Index(es):
- Date
- Thread