Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)

To: Shengjing Zhu <zhsj@debian.org>
Cc: 1060839@bugs.debian.org
Subject: Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
From: Simon Josefsson <simon@josefsson.org>
Date: Tue, 16 Jan 2024 18:31:07 +0100
Message-id: <[🔎] 87le8pchic.fsf@kaka.sjd.se>
Reply-to: Simon Josefsson <simon@josefsson.org>, 1060839@bugs.debian.org
In-reply-to: <[🔎] CAFyCLW9DXyxgs8nye1FcsH=h6zwRR+skJ=4zWve43gXFQ-HHfA@mail.gmail.com> (Shengjing Zhu's message of "Tue, 16 Jan 2024 15:17:14 +0800")
References: <[🔎] 875xzun4o3.fsf@kaka.sjd.se> <[🔎] CAFyCLW-gJxOr+cL74N8x+moXH_Q_Ui=V4nfEmFqW3_TF1TJVjQ@mail.gmail.com> <[🔎] 87zfx6gx37.fsf@kaka.sjd.se> <[🔎] 875xzun4o3.fsf@kaka.sjd.se> <[🔎] CAFyCLW9DXyxgs8nye1FcsH=h6zwRR+skJ=4zWve43gXFQ-HHfA@mail.gmail.com> <[🔎] 875xzun4o3.fsf@kaka.sjd.se>

Shengjing Zhu <zhsj@debian.org> writes:

>> go.sum:github.com/AdamKorcz/go-fuzz-headers-1
>> v0.0.0-20230618160516-e936619f9f18
>> h1:rd389Q26LMy03gG4anandGFC2LW/xvjga5GezeeaxQk=
>> go.sum:github.com/AdamKorcz/go-fuzz-headers-1
>> v0.0.0-20230618160516-e936619f9f18/go.mod
>> h1:fgJuSBrJP5qZtKqaMJE0hmhS2tmRH+44IkfZvjtaf1M=
>> hack/tools/go.sum:github.com/AdamKorcz/go-fuzz-headers-1
>> v0.0.0-20230329111138-12e09aba5ebd
>> h1:1tbEqR4NyQLgiod7vLXSswHteGetAVZrMGCqrJxLKRs=
>> hack/tools/go.sum:github.com/AdamKorcz/go-fuzz-headers-1
>> v0.0.0-20230329111138-12e09aba5ebd/go.mod
>> h1:0vOOKsOMKPThRu9lQMAxcQ8D60f8U+wHXl07SyUw0+U=
>> hack/tools/tools.go:    _ "github.com/AdamKorcz/go-fuzz-headers-1"
>> hack/tools/go.mod:      github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230329111138-12e09aba5ebd
>> pkg/types/hashedrekord/v0.0.1/fuzz_test.go:     fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/rpm/v0.0.1/fuzz_test.go:      fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/alpine/v0.0.1/fuzz_test.go:   fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/alpine/fuzz_test.go:  fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/cose/v0.0.1/fuzz_test.go:     fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/jar/v0.0.1/fuzz_test.go:      fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/rekord/v0.0.1/fuzz_test.go:   fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/intoto/v0.0.1/fuzz_test.go:   fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/intoto/v0.0.2/fuzz_test.go:   fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/tuf/v0.0.1/fuzz_test.go:      fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/helm/v0.0.1/fuzz_test.go:     fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/dsse/v0.0.1/fuzz_test.go:     fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/types/rfc3161/v0.0.1/fuzz_test.go:  fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/fuzz/alpine_utils.go:       fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/fuzz/fuzz_utils.go: fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> pkg/fuzz/jar_utils.go:  fuzz "github.com/AdamKorcz/go-fuzz-headers-1"
>> go.mod: github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18
>>
>> Would we have to patch all of these files?  Or disable building them
>> somehow?
>>
>
> Just remove these files, either via Files-Excluded in
> debian/copyright, or rm in builddir in debian/rules.

Hi.  Ftp-master quickly approved this package, so we have it in Debian
now.  Since I'm not that familiar with Go, maintaining a patch for rekor
to patch out these references to the fuzz library is harder for me than
to maintain golang-github-adamkorcz-go-fuzz-headers-1.  My preference is
to not deviate from upstream here, since adding Debian-specific patches
usually leads to problems down the road in my experience.  If you
strongly prefer to keep this package out of a Debian release, and can
help maintain the patches necessary for rekor, please push a patch to
the rekor git repository to get rid of this dependency, and open a RC
critical bug for golang-github-adamkorcz-go-fuzz-headers-1 package to
keep it ouf of testing.

/Simon

>
>> Let's see if we can develop a workaround before ftp-master approves the
>> packages...  otherwise maybe it doesn't hurt to use it anyway, and may
>> save us time maintaining patches.
>>
>> /Simon

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
  - From: Simon Josefsson <simon@josefsson.org>
- Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
  - From: Shengjing Zhu <zhsj@debian.org>
- Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
  - From: Simon Josefsson <simon@josefsson.org>
- Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
  - From: Shengjing Zhu <zhsj@debian.org>

Prev by Date: Bug#1060841: marked as done (ITP: golang-github-transparency-dev-merkle -- create and manipulate Merkle trees in Go (library))
Next by Date: Processed: RFS: w-scan-cpp/0~20231015-1 [ITA] -- DVB channel scanner (successor of w_scan)
Previous by thread: Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
Next by thread: Bug#1060839: marked as done (ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library))
Index(es):
- Date
- Thread