Bug#1064077: RFS: qt5ct/1.8-1 -- Qt5 Configuration Utility
Mateusz, Thank you for your work on this package. It is quite impressive and I am happy to sponsor it. As this source package now contains new binary packages, I have done a source upload to the NEW queue. Soren On Thursday, March 7, 2024 12:19:47 PM MST Mateusz Łukasik wrote: > Hi Soren, > > Sorry for delay. I converted the sources into separate libraries in new > mentors upload. The soname will change every new version. -- Soren Stoutner so...@debian.org signature.asc Description: This is a digitally signed message part.
Bug#1064077: RFS: qt5ct/1.8-1 -- Qt5 Configuration Utility
W dniu 6.03.2024 o 18:32, Soren Stoutner pisze: Mateusz, Did you have any questions about what I was asking here? Soren On Tuesday, February 20, 2024 2:40:04 PM MST Soren Stoutner wrote: Mateusz, When compiling locally on my system, the current version of lintian (2.117.0) found the following problems. These are not displayed on mentors.debian.net, leading me to believe they were recently added checks. W: qt5ct: link-to-shared-library-in-wrong-package usr/lib/x86_64-linux-gnu/ libqt5ct-common.so.1.8 [usr/lib/x86_64-linux-gnu/libqt5ct-common.so] N: N: Although this package is not a "-dev" package, it installs a N: "libsomething.so" symbolic link referencing the corresponding shared N: library. When the link doesn't include the version number, it is used by N: the linker when other programs are built against this shared library. N: N: Shared libraries are supposed to place such symbolic links in their N: respective "-dev" packages, so it is a bug to include it with the main N: library package. N: N: However, if this is a small package which includes the runtime and the N: development libraries, this is not a bug. In the latter case, please N: override this warning. N: N: Please refer to Development files (Section 8.4) in the Debian Policy N: Manual for details. N: N: Visibility: warning N: Show-Always: no N: Check: libraries/shared/links N: Renamed from: non-dev-pkg-with-shlib-symlink N: N: W: qt5ct: package-name-doesnt-match-sonames libqt5ct-common1.8 N: N: The package name of a library package should usually reflect the soname of N: the included library. The package name can determined from the library N: file name with the following code snippet: N: N:$ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/ ^[[:space:]]*SONAME[[:space:]]*//p' | \ N:sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/ \L&/' N: N: Visibility: warning N: Show-Always: no N: Check: libraries/shared/soname N: N: I: qt5ct: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqt5ct- common.so. 1.8 N: N: Although the package includes a shared library, the package does not have N: a symbols control file. N: N: dpkg can use symbols files in order to generate more accurate library N: dependencies for applications, based on the symbols from the library that N: are actually used by the application. N: N: Please refer to the dpkg-gensymbols(1) manual page and N:https://wiki.debian.org/UsingSymbolsFiles for details. N: N: Visibility: info N: Show-Always: no N: Check: debian/shlibs As noted in the text of the checks, there are scenarios where these do not apply (like small packages that include the runtime and the development files), which appears to be the case with qt5ct. Can you please help me to understand why qt5ct is including this shared library, if there are any other packages in Debian that are building against this library, and if you feel that any of the lintian checks above apply? If you feel they don’t apply I would recommend you add lintian overrides and I will be happy to upload your package. Soren Hi Soren, Sorry for delay. I converted the sources into separate libraries in new mentors upload. The soname will change every new version. Now in lintian only left: P: qt5ct source: maintainer-manual-page [debian/qt5ct.1] N: N: The maintainer keeps a manual page in ./debian. Please forward the manual N: page upstream and ask them to include in their version control system, and N: in their next release. N: N: If the manual page was already forwarded or rejected, or the upstream is N: gone, please override the tag and annotate it with a suitable comment. N: N: Please refer to social contract item 2, Coordination with upstream N: developers (Section 3.1.4) in the Debian Developer's Reference, and N: Changes to the upstream sources (Section 4.3) in the Debian Policy Manual N: for details. N: N: Visibility: pedantic N: Show-Always: no N: Check: debian/manual-pages N: Renamed from: maintainer-manpage N: N: X: qt5ct source: debian-watch-does-not-check-openpgp-signature [debian/watch] N: N: This watch file does not specify a means to verify the upstream tarball N: using a cryptographic signature. N: N: If upstream distributions provides such signatures, please use the N: pgpsigurlmangle options in this watch file's opts= to generate the URL of N: an upstream OpenPGP signature. This signature is automatically downloaded N: and verified against a keyring stored in debian/upstream/signing-key.asc N: N: Of course, not all upstreams provide such signatures but you could request N: them as a way of verifying that no third party has modified the code after N: its release (projects such as phpmyadmin, unrealircd, and proftpd have N: suffered from this kind of attack). N: N: Please refer to the uscan(1) manual page for details. N: N: Visibility: pedantic N:
Bug#1064077: RFS: qt5ct/1.8-1 -- Qt5 Configuration Utility
Mateusz, Did you have any questions about what I was asking here? Soren On Tuesday, February 20, 2024 2:40:04 PM MST Soren Stoutner wrote: > Mateusz, > > When compiling locally on my system, the current version of lintian (2.117.0) > found the following problems. These are not displayed on mentors.debian.net, > leading me to believe they were recently added checks. > > W: qt5ct: link-to-shared-library-in-wrong-package usr/lib/x86_64-linux-gnu/ > libqt5ct-common.so.1.8 [usr/lib/x86_64-linux-gnu/libqt5ct-common.so] > N: > N: Although this package is not a "-dev" package, it installs a > N: "libsomething.so" symbolic link referencing the corresponding shared > N: library. When the link doesn't include the version number, it is used by > N: the linker when other programs are built against this shared library. > N: > N: Shared libraries are supposed to place such symbolic links in their > N: respective "-dev" packages, so it is a bug to include it with the main > N: library package. > N: > N: However, if this is a small package which includes the runtime and the > N: development libraries, this is not a bug. In the latter case, please > N: override this warning. > N: > N: Please refer to Development files (Section 8.4) in the Debian Policy > N: Manual for details. > N: > N: Visibility: warning > N: Show-Always: no > N: Check: libraries/shared/links > N: Renamed from: non-dev-pkg-with-shlib-symlink > N: > N: > W: qt5ct: package-name-doesnt-match-sonames libqt5ct-common1.8 > N: > N: The package name of a library package should usually reflect the soname > of N: the included library. The package name can determined from the > library N: file name with the following code snippet: > N: > N:$ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/ > ^[[:space:]]*SONAME[[:space:]]*//p' | \ > N:sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/ \L&/' > N: > N: Visibility: warning > N: Show-Always: no > N: Check: libraries/shared/soname > N: > N: > I: qt5ct: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqt5ct- common.so. > 1.8 > N: > N: Although the package includes a shared library, the package does not have > N: a symbols control file. > N: > N: dpkg can use symbols files in order to generate more accurate library > N: dependencies for applications, based on the symbols from the library that > N: are actually used by the application. > N: > N: Please refer to the dpkg-gensymbols(1) manual page and > N: https://wiki.debian.org/UsingSymbolsFiles for details. > N: > N: Visibility: info > N: Show-Always: no > N: Check: debian/shlibs > > As noted in the text of the checks, there are scenarios where these do not > apply (like small packages that include the runtime and the development > files), which appears to be the case with qt5ct. Can you please help me to > understand why qt5ct is including this shared library, if there are any other > packages in Debian that are building against this library, and if you feel > that any of the lintian checks above apply? If you feel they don’t apply I > would recommend you add lintian overrides and I will be happy to upload your > package. > > Soren -- Soren Stoutner so...@debian.org signature.asc Description: This is a digitally signed message part.
Re: Bug#1064077: RFS: qt5ct/1.8-1 -- Qt5 Configuration Utility
Mateusz, When compiling locally on my system, the current version of lintian (2.117.0) found the following problems. These are not displayed on mentors.debian.net, leading me to believe they were recently added checks. W: qt5ct: link-to-shared-library-in-wrong-package usr/lib/x86_64-linux-gnu/ libqt5ct-common.so.1.8 [usr/lib/x86_64-linux-gnu/libqt5ct-common.so] N: N: Although this package is not a "-dev" package, it installs a N: "libsomething.so" symbolic link referencing the corresponding shared N: library. When the link doesn't include the version number, it is used by N: the linker when other programs are built against this shared library. N: N: Shared libraries are supposed to place such symbolic links in their N: respective "-dev" packages, so it is a bug to include it with the main N: library package. N: N: However, if this is a small package which includes the runtime and the N: development libraries, this is not a bug. In the latter case, please N: override this warning. N: N: Please refer to Development files (Section 8.4) in the Debian Policy N: Manual for details. N: N: Visibility: warning N: Show-Always: no N: Check: libraries/shared/links N: Renamed from: non-dev-pkg-with-shlib-symlink N: N: W: qt5ct: package-name-doesnt-match-sonames libqt5ct-common1.8 N: N: The package name of a library package should usually reflect the soname of N: the included library. The package name can determined from the library N: file name with the following code snippet: N: N:$ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/ ^[[:space:]]*SONAME[[:space:]]*//p' | \ N:sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/' N: N: Visibility: warning N: Show-Always: no N: Check: libraries/shared/soname N: N: I: qt5ct: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqt5ct-common.so. 1.8 N: N: Although the package includes a shared library, the package does not have N: a symbols control file. N: N: dpkg can use symbols files in order to generate more accurate library N: dependencies for applications, based on the symbols from the library that N: are actually used by the application. N: N: Please refer to the dpkg-gensymbols(1) manual page and N: https://wiki.debian.org/UsingSymbolsFiles for details. N: N: Visibility: info N: Show-Always: no N: Check: debian/shlibs As noted in the text of the checks, there are scenarios where these do not apply (like small packages that include the runtime and the development files), which appears to be the case with qt5ct. Can you please help me to understand why qt5ct is including this shared library, if there are any other packages in Debian that are building against this library, and if you feel that any of the lintian checks above apply? If you feel they don’t apply I would recommend you add lintian overrides and I will be happy to upload your package. Soren -- Soren Stoutner so...@debian.org signature.asc Description: This is a digitally signed message part.
Bug#1064077: RFS: qt5ct/1.8-1 -- Qt5 Configuration Utility
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "qt5ct": * Package name : qt5ct Version : 1.8-1 Upstream contact : [fill in name and email of upstream] * URL :https://sourceforge.net/projects/qt5ct/ * License : BSD-2-clause * Vcs :https://salsa.debian.org/qt-kde-team/extras/qt5ct Section : utils The source builds the following binary packages: qt5ct - Qt5 Configuration Utility To access further information about this package, please visit the following URL: https://mentors.debian.net/package/qt5ct/ Alternatively, you can download the package with 'dget' using this command: dget -xhttps://mentors.debian.net/debian/pool/main/q/qt5ct/qt5ct_1.8-1.dsc Changes since the last upload: qt5ct (1.8-1) unstable; urgency=medium . * New upstream release. * Remove patches included upstream. * Bump Standards-Version to 4.6.2, no changes needed. * Update d/copyright. * Add d/clean for fix fails to build source after successful build. (Closes: #1045559) * d/control: Remove build depends on obsolete package. Regards, -- Mateusz Łukasik
