Control: tags -1 +confirmed Ahmad, Preamble... Thank you for taking the time to prepare this package and your contribution to the Debian project. The review below is for assistance. This review is offered to help package submitters to Debian mentors inorder to improve their packages prior to possible sponsorship into Debian. There is no obligation on behalf of the submitter to make any alterations based upon information provided in the review. Review... 1. Build: * pbuilder [1]: Good * sbuild [2]: Good 2. Lintian [3]: Information only Running lintian... N: W: coreboot-utils-dbgsym: debug-file-with-no-debug-symbols [usr/lib/debug/.build-id/34/5fddeac0fcedd685f121f5bdf1c11c952684e0.debug] N: N: The binary is installed as a detached "debug symbols" ELF file, but it N: does not appear to have debug information associated with it. N: N: A common cause is not passing -g to GCC when compiling. N: N: Implementation detail: Lintian checks for the ".debug_line" and the N: ".debug_str" sections. If either of these are present, the binary is N: assumed to contain debug information. N: N: Please refer to Bug#668437 for details. N: N: Visibility: warning N: Show-Always: no N: Check: binaries/debug-symbols/detached N: N: W: coreboot-utils-dbgsym: debug-file-with-no-debug-symbols [usr/lib/debug/.build-id/ad/d8fb514184ad25222aa7e70d409a74d5505846.debug] N: W: coreboot-utils-dbgsym: debug-file-with-no-debug-symbols [usr/lib/debug/.build-id/ad/fc0ae5ddd9274630e000447403f6f65bc4ad16.debug] N: W: coreboot-utils-dbgsym: debug-file-with-no-debug-symbols [usr/lib/debug/.build-id/e2/849ba5d11d40d60e88b263939e7edac2590bc3.debug] N: I: coreboot-utils: file-references-package-build-path [usr/sbin/cbfstool] N: N: The listed file or maintainer script appears to reference the build path N: used to build the package as specified in the Build-Path field of the N: .buildinfo file. N: N: This is likely to cause the package to be unreproducible, but it may also N: indicate that the package will not work correctly outside of the N: maintainer's own system. N: N: Please note that this tag will not appear unless the .buildinfo file N: contains a Build-Path field. That field is optional. You may have to set N: DEB_BUILD_OPTIONS=buildinfo=+path or use N: --buildinfo-option=--always-include-path with dpkg-buildpackage when N: building. N: N: Please refer to https://reproducible-builds.org/, N: https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles, and the N: dpkg-genbuildinfo(1) manual page for details. N: N: Visibility: info N: Show-Always: no N: Check: files/contents N: N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/cbfs-compression-tool] N: N: This package provides an ELF binary that lacks the "bindnow" linker flag. N: N: This is needed (together with "relro") to make the "Global Offset Table" N: (GOT) fully read-only. The bindnow feature trades startup time for N: improved security. Please consider enabling this feature or consider N: overriding the tag (possibly with a comment about why). N: N: If you use dpkg-buildflags, you may have to add hardening=+bindnow or N: hardening=+all to DEB_BUILD_MAINT_OPTIONS. N: N: The relevant compiler flags are set in LDFLAGS. N: N: Please refer to https://wiki.debian.org/Hardening for details. N: N: Visibility: info N: Show-Always: no N: Check: binaries/hardening N: N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/cbfstool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/elogtool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/fmaptool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/ifittool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/ifwitool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/intelvbttool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/msrtool] N: I: coreboot-utils: hardening-no-bindnow [usr/sbin/rmodtool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/bucts] N: N: This package provides an ELF binary that lacks the use of fortified libc N: functions. Either there are no potentially unfortified functions called by N: any routines, all unfortified calls have already been fully validated at N: compile-time, or the package was not built with the default Debian N: compiler flags defined by dpkg-buildflags. If built using dpkg- buildflags N: directly, be sure to import CPPFLAGS. N: N: NB: Due to false-positives, Lintian ignores some unprotected functions N: (e.g. memcpy). N: N: Please refer to https://wiki.debian.org/Hardening and Bug#673112 for N: details. N: N: Visibility: info N: Show-Always: no N: Check: binaries/hardening N: N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/cbfs-compression- tool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/cbfstool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/ectool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/elogtool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/fmaptool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/ifdtool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/ifittool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/ifwitool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/pmh7tool] N: I: coreboot-utils: hardening-no-fortify-functions [usr/sbin/rmodtool] N: I: coreboot source: out-of-date-standards-version 4.6.2 (released 2022-12-17) (current is 4.7.0) N: N: The source package refers to a Standards-Version older than the one that N: was current at the time the package was created (according to the N: timestamp of the latest debian/changelog entry). Please consider updating N: the package to current Policy and setting this control field N: appropriately. N: N: If the package is already compliant with the current standards, you don't N: have to re-upload the package just to adjust the Standards-Version control N: field. However, please remember to update this field next time you upload N: the package. N: N: See /usr/share/doc/debian-policy/upgrading-checklist.txt.gz in the N: debian-policy package for a summary of changes in newer versions of N: Policy. N: N: Please refer to N: https://www.debian.org/doc/debian-policy/upgrading-checklist.html for N: details. N: N: Visibility: info N: Show-Always: no N: Check: fields/standards-version N: N: I: coreboot-utils: spelling-error-in-binary Emmits Emits [usr/sbin/inteltool] N: N: Lintian found a spelling error in the given binary. Lintian has a list of N: common misspellings that it looks for. It does not have a dictionary like N: a spelling checker does. N: N: If the string containing the spelling error is translated with the help of N: gettext or a similar tool, please fix the error in the translations as N: well as the English text to avoid making the translations fuzzy. With N: gettext, for example, this means you should also fix the spelling mistake N: in the corresponding msgids in the *.po files. N: N: You can often find the word in the source code by running: N: N: grep -rw <word> <source-tree> N: N: This tag may produce false positives for words that contain non-ASCII N: characters due to limitations in strings. N: N: Visibility: info N: Show-Always: no N: Check: binaries/spelling N: N: I: coreboot source: unused-license-paragraph-in-dep5-copyright cpl-1 [debian/copyright:4170] N: N: The license paragraph in the machine-readable copyright file is not N: referenced by any files paragraph. It could be a typo in the license name N: or the license paragraph is simply not needed and can be removed. N: N: Please refer to N: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for N: details. N: N: Visibility: info N: Show-Always: no N: Check: debian/copyright/dep5 N: N: P: coreboot-utils: copyright-refers-to-symlink-license usr/share/common- licenses/LGPL N: N: The copyright file refers to the versionless symlink in N: /usr/share/common-licenses for the full text of the GPL, LGPL, or GFDL N: license. This symlink is updated to point to the latest version of the N: license when a new one is released. The package appears to allow N: relicensing under later versions of its license, so this is legally N: consistent, but it implies that Debian will relicense the package under N: later versions of those licenses as they're released. It is normally N: better to point to the version of the license the package references in N: its license statement. N: N: For example, if the package says something like "you may redistribute it N: and/or modify it under the terms of the GNU General Public License as N: published by the Free Software Foundation; either version 2, or (at your N: option) any later version", the debian/copyright file should refer to N: /usr/share/common-licenses/GPL-2, not /GPL. N: N: For packages released under the same terms as Perl, Perl references the N: GPL version 1, so point to /usr/share/common-licenses/GPL-1. N: N: Visibility: pedantic N: Show-Always: no N: Check: debian/copyright N: N: P: coreboot-utils-doc: copyright-refers-to-symlink-license usr/share/common- licenses/LGPL N: P: coreboot source: maintainer-manual-page [debian/manpages/bucts.8] N: N: The maintainer keeps a manual page in ./debian. Please forward the manual N: page upstream and ask them to include in their version control system, and N: in their next release. N: N: If the manual page was already forwarded or rejected, or the upstream is N: gone, please override the tag and annotate it with a suitable comment. N: N: Please refer to social contract item 2, Coordination with upstream N: developers (Section 3.1.4) in the Debian Developer's Reference, and N: Changes to the upstream sources (Section 4.3) in the Debian Policy Manual N: for details. N: N: Visibility: pedantic N: Show-Always: no N: Check: debian/manual-pages N: Renamed from: maintainer-manpage N: N: P: coreboot source: maintainer-manual-page [debian/manpages/cbfs-compression- tool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/cbfstool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/cbmem.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/ectool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/elogtool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/fmaptool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/ifdtool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/ifittool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/ifwitool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/intelmetool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/intelvbttool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/msrtool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/pmh7tool.8] N: P: coreboot source: maintainer-manual-page [debian/manpages/rmodtool.8] I: Lintian run was successful. You may wish to spend some time where able on some of the above lintian warnings. 3. Licenses [4]: Good This is an extensive list and I will leave it to you to make updates as required. It looks good to me. 4. Watch file [uscan --force-download]: Good 5. Build Twice [sudo pbuilder build --twice <package>.dsc]: Good 6. Reproducible builds [5]: Good 7. Install [No previous installs]: good 8. Upgrade [Over previous installs if any]: Good Summary... I believe coreboot is ready for review/possible sponsorship. Could a Debian Developer (DD) with available free time, please review this package and upload if you feel it is ready. Regards Phil [1] pbuilder: * Command: sudo pbuilder build <PACKAGE>.dsc * Document: https://wiki.ubuntu.com/PbuilderHowto. * Document: https://wiki.debian.org/PbuilderTricks [2] sbuild: * Command: sbuild <PACKAGE>.dsc * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000002 * Document: https://wiki.debian.org/sbuild [3] lintian: * Command: lintian -v -i -I -E --pedantic --profile debian (*.dsc, *.changes, *.buildinfo). Each can throw up different results, so be thorough. * Document: https://wiki.debian.org/Lintian [4] lrc: * Command: lrc * Document: https://wiki.debian.org/CopyrightReviewTools#licenserecon [5] reprotest * Command: sudo reprotest --vary=-build_path,domain_host.use_sudo=1 --auto- build <PACKAGE>.dsc -- schroot unstable-amd64-sbuild * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000004 * Document: https://wiki.debian.org/ReproducibleBuilds/ * Document: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method -- Donations... Buy Me A Coffee: https://buymeacoffee.com/kathenasorg Liberapay: https://liberapay.com/kathenas -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Internet Relay Chat (IRC): kathenas Matrix: #kathenas:matrix.org Website: https://kathenas.org Wiki: https://wiki.kathenas.org Instagram: https://instagram.com/kathenasorg/ Threads: https://www.threads.net/@kathenasorg --
Attachment:
signature.asc
Description: This is a digitally signed message part