[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#720063: RFS: capnproto/0.2.0-1 [ITP] -- Tool for working with the Cap'n Proto data interchange format

On Mon, Aug 19, 2013 at 1:47 AM, Vincent Bernat <bernat@debian.org> wrote:
 ❦ 19 août 2013 09:56 CEST, Tom Lee <debian@tomlee.co> :

>>  - The hardening stuff does not seem to work correctly. Maybe you could
>>    just try with debhelper 9 and debian/compat to 9 to have them apply
>>    automatically.
>>
>>
> Happy to try compat 9, but what can I do to verify that the hardening stuff
> has been fixed? I mean, what's telling you that it's not working correctly?
> Maybe I need to go reading more documentation.

The easiest way is to use Lintian (I use it with -viI).


Odd, I don't see any warnings:

tom@desktop:~/Source$ lintian -viI capnproto_0.2.0-1.dsc 
N: Using profile debian/main.
N: Setting up lab in /tmp/temp-lintian-lab-q9W0nEVK6F ...
N: Unpacking packages in group capnproto/0.2.0-1
N: ----
N: Processing source package capnproto (version 0.2.0-1, arch source) ...

I also see what looks like hardening-related CXXFLAGS during the build. Stuff like this:

-D_FORTIFY_SOURCE=2 -I./src -I./src  -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security 

The warning appears on mentors.debian.net: http://mentors.debian.net/package/capnproto

Maybe related to this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673112#10

Based on this bug & assuming you can see the _FORTIFY_SOURCE etc. during your build I'd be inclined to add another override for this -- what do you think?

Weird I can't reproduce it locally.
 
>>  - You use --with python2. I don't see any Python files in the resulting
>>    packages. Therefore, you don't need to use dh_python2. I suppose
>>    Python is only used in tests. Just keep it as a Build-Depends.
>>
>>
> I can do that, but without it I think I was getting a warning about
> python-support being deprecated & I should use --with python2 to "fix" it.
> I'll try it again tomorrow to be sure, but is that safe enough to ignore?
> Easy enough either way.

Well, you shouldn't get this warning. Maybe it was here because you were
build-depending on python-support?

Doesn't seem that way. From the control file:

Build-Depends: debhelper (>= 8.0.0), gcc (>= 4.7),
 python-all (>= 2.6), dpkg-dev (>= 1.16.1.1), docbook-xsl, docbook-xml,
 xsltproc, autotools-dev

Removed --with python2 from debian/rules and I see this near the end of the build:

...
   dh_install
   dh_installdocs
   dh_installchangelogs
   dh_installman
   dh_pysupport
dh_pysupport: This program is deprecated, you should use dh_python2 instead. Migration guide: http://deb.li/dhs2p
   dh_lintian
   dh_perl
   dh_link
   dh_compress
   dh_fixperms
   dh_strip
   dh_makeshlibs
...

Adding --with python2 back in makes the warning go away. I'm not really sure I understand why the Python debhelper stuff is being invoked at all, so I'm happy to go with whatever you feel is best here.

Cheers,
Tom
 
--
if (user_specified)
    /* Didn't work, but the user is convinced this is the
     * place. */
        2.4.0-test2 /usr/src/linux/drivers/parport/parport_pc.c



--
Tom Lee http://tomlee.co / @tglee

Reply to: