Bug#905339: Some open operations are DENIED by AppArmor
Hi, On 2018年08月04日 11:06, intrigeri wrote: Control: tag -1 + moreinfo Hi, Haruki TSURUMOTO: I had enabled AppArmor on my debian stretch machine. I found some libvirt's open operations are DENIED by apparmor. Indeed, the AppArmor policy for libvirt has been improved a lot since Stretch, where it's far from being perfect. Would you apply this patch for stretch? (I'm not the libvirt maintainer but I work on AppArmor in Debian.) I would happily work on backports for Stretch of fixes to user-visible issues in the AppArmor policy. I probably won't have time to work on fixes to issues that have no perceivable user impact apart of noise in the logs. Could you please extract from your proposed patch the subset that fits into the first category? Cheers, I am searching there are something user inconveniences. libvirt collects host's resource for unknown reason. IMO, I think something user inconveniences is there. Anyway, DENIED log was noisy for me.
Bug#905339: [Pkg-libvirt-maintainers] Bug#905339: Some open operations are DENIED by AppArmor
Hi, sorry for my late reply. On 2018年08月03日 20:42, Guido Günther wrote: Hi, thanks. Some comments inline below: On Fri, Aug 03, 2018 at 08:23:21PM +0800, Haruki TSURUMOTO wrote: Hi, On 2018年08月03日 19:58, Guido Günther wrote: Hi, On Fri, Aug 03, 2018 at 07:31:33PM +0800, Haruki TSURUMOTO wrote: Package: libvirt-daemon-system Version: 3.0.0-4+deb9u3 Severity: normal X-Debbugs-Cc:appar...@packages.debian.org Dear maintainers, (CCed: apparmor-maintainers) I had enabled AppArmor on my debian stretch machine. I found some libvirt's open operations are DENIED by apparmor. Please see below. ``` Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503726] audit: type=1400 audit(1532950522.067:41): apparmor="DENIED" operation="open" profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" name="/sys/devices/system/node/" pid=1307 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503778] audit: type=1400 audit(1532950522.067:42): apparmor="DENIED" operation="open" profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" name="/sys/devices/system/cpu/" pid=1307 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.538158] audit: type=1400 audit(1532950522.103:43): apparmor="DENIED" operation="open" profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" name="/sys/module/vhost/parameters/max_mem_regions" pid=1307 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393592] audit: type=1400 audit(1532950536.959:46): apparmor="DENIED" operation="open" profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f" name="/sys/devices/system/node/" pid=1376 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393648] audit: type=1400 audit(1532950536.959:47): apparmor="DENIED" operation="open" profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f" name="/sys/devices/system/cpu/" pid=1376 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.404634] audit: type=1400 audit(1532950536.967:48): apparmor="DENIED" operation="open" profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f" name="/sys/module/vhost/parameters/max_mem_regions" pid=1376 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Jul 31 12:51:24 debian-tsr-nuc1 kernel: [58602.024293] audit: type=1400 audit(1533009084.686:49): apparmor="DENIED" operation="open" profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" name="/proc/548/cmdline" pid=1307 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 ``` These policy conflicts were fixed in upstream. I attached a patch which backported from these commit. https://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f5d627f93c1c71260d2a795a1227b16b0d3186 https://libvirt.org/git/?p=libvirt.git;a=commit;h=0af5ced4b81b68be7016d1f8755db3d0c3249278 Would you apply this patch for stretch? Can you provide debdiff for a fixed package? -- Guido debdiff is here: Is this a *tested* dediff? Yes, I installed own build package, and tested it. I attach new debdiff. Is this qualifying for condition? diff -Nru libvirt-3.0.0/debian/changelog libvirt-3.0.0/debian/changelog --- libvirt-3.0.0/debian/changelog 2018-03-13 03:11:51.0 +0900 +++ libvirt-3.0.0/debian/changelog 2018-08-03 21:53:49.0 +0900 @@ -1,3 +1,10 @@ +libvirt (3.0.0-4+deb9u4) stretch; urgency=medium + + * apparmor: apply apparmor-allow-access-host-resources-and-cmdline.patch +(Closes: #905339) + + -- Haruki TSURUMOTO Fri, 03 Aug 2018 21:53:49 +0900 + libvirt (3.0.0-4+deb9u3) stretch-security; urgency=high * gbp: switch branch to stretch diff -Nru libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resources-and-cmdline.patch libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resources-and-cmdline.patch --- libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resources-and-cmdline.patch 1970-01-01 09:00:00.0 +0900 +++ libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resources-and-cmdline.patch 2018-08-03 21:53:49.0 +0900 @@ -0,0 +1,25 @@ +Allow apparmor access host resources and process cmdline +These policy conflicts were fixed in upstream. +--- a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu +@@ -21,6 +21,10 @@
Bug#905339: [Pkg-libvirt-maintainers] Bug#905339: Some open operations are DENIED by AppArmor
Hi,
On 2018年08月03日 19:58, Guido Günther wrote:
Hi,
On Fri, Aug 03, 2018 at 07:31:33PM +0800, Haruki TSURUMOTO wrote:
Package: libvirt-daemon-system
Version: 3.0.0-4+deb9u3
Severity: normal
X-Debbugs-Cc: appar...@packages.debian.org
Dear maintainers, (CCed: apparmor-maintainers)
I had enabled AppArmor on my debian stretch machine.
I found some libvirt's open operations are DENIED by apparmor.
Please see below.
```
Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503726] audit: type=1400
audit(1532950522.067:41): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/sys/devices/system/node/" pid=1307 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503778] audit: type=1400
audit(1532950522.067:42): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/sys/devices/system/cpu/" pid=1307 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.538158] audit: type=1400
audit(1532950522.103:43): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/sys/module/vhost/parameters/max_mem_regions" pid=1307
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393592] audit: type=1400
audit(1532950536.959:46): apparmor="DENIED" operation="open"
profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f"
name="/sys/devices/system/node/" pid=1376 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393648] audit: type=1400
audit(1532950536.959:47): apparmor="DENIED" operation="open"
profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f"
name="/sys/devices/system/cpu/" pid=1376 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.404634] audit: type=1400
audit(1532950536.967:48): apparmor="DENIED" operation="open"
profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f"
name="/sys/module/vhost/parameters/max_mem_regions" pid=1376
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 31 12:51:24 debian-tsr-nuc1 kernel: [58602.024293] audit: type=1400
audit(1533009084.686:49): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/proc/548/cmdline" pid=1307 comm="qemu-system-x86" requested_mask="r"
denied_mask="r" fsuid=64055 ouid=0
```
These policy conflicts were fixed in upstream.
I attached a patch which backported from these commit.
https://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f5d627f93c1c71260d2a795a1227b16b0d3186
https://libvirt.org/git/?p=libvirt.git;a=commit;h=0af5ced4b81b68be7016d1f8755db3d0c3249278
Would you apply this patch for stretch?
Can you provide debdiff for a fixed package?
-- Guido
debdiff is here:
```
diff -Nru libvirt-3.0.0/debian/changelog libvirt-3.0.0/debian/changelog
--- libvirt-3.0.0/debian/changelog 2018-03-13 03:11:51.0 +0900
+++ libvirt-3.0.0/debian/changelog 2018-08-03 13:26:45.0 +0900
@@ -1,3 +1,10 @@
+libvirt (3.0.0-4+deb9u3.ownbuild) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * apparmor: Allow-access-host-resource-and-cmdline.patch
+
+ -- Haruki TSURUMOTO Fri, 03 Aug 2018 13:26:45 +0900
+
libvirt (3.0.0-4+deb9u3) stretch-security; urgency=high
* gbp: switch branch to stretch
diff -Nru
libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resource-and-cmdline.patch
libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resource-and-cmdline.patch
---
libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resource-and-cmdline.patch
1970-01-01 09:00:00.0 +0900
+++
libvirt-3.0.0/debian/patches/apparmor-allow-access-host-resource-and-cmdline.patch
2018-08-03 13:26:45.0 +0900
@@ -0,0 +1,25 @@
+Allow apparmor access host resource and process cmdline
+These polociy conflicts were fixed in upstream.
+--- a/examples/apparmor/libvirt-qemu
b/examples/apparmor/libvirt-qemu
+@@ -21,6 +21,10 @@
+ /dev/ptmx rw,
+ /dev/kqemu rw,
+ @{PROC}/*/status r,
++ # When qemu is signaled to terminate, it will read cmdline of signaling
++ # process for reporting purposes. Allowing read access to a process
++ # cmdline may leak sensitive information embedded in the cmdline.
++ @{PROC}/@{pid}/cmdline
Bug#905339: Some open operations are DENIED by AppArmor
Package: libvirt-daemon-system
Version: 3.0.0-4+deb9u3
Severity: normal
X-Debbugs-Cc: appar...@packages.debian.org
Dear maintainers, (CCed: apparmor-maintainers)
I had enabled AppArmor on my debian stretch machine.
I found some libvirt's open operations are DENIED by apparmor.
Please see below.
```
Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503726] audit: type=1400
audit(1532950522.067:41): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/sys/devices/system/node/" pid=1307 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503778] audit: type=1400
audit(1532950522.067:42): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/sys/devices/system/cpu/" pid=1307 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.538158] audit: type=1400
audit(1532950522.103:43): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/sys/module/vhost/parameters/max_mem_regions" pid=1307
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393592] audit: type=1400
audit(1532950536.959:46): apparmor="DENIED" operation="open"
profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f"
name="/sys/devices/system/node/" pid=1376 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393648] audit: type=1400
audit(1532950536.959:47): apparmor="DENIED" operation="open"
profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f"
name="/sys/devices/system/cpu/" pid=1376 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.404634] audit: type=1400
audit(1532950536.967:48): apparmor="DENIED" operation="open"
profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f"
name="/sys/module/vhost/parameters/max_mem_regions" pid=1376
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
Jul 31 12:51:24 debian-tsr-nuc1 kernel: [58602.024293] audit: type=1400
audit(1533009084.686:49): apparmor="DENIED" operation="open"
profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506"
name="/proc/548/cmdline" pid=1307 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
```
These policy conflicts were fixed in upstream.
I attached a patch which backported from these commit.
https://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f5d627f93c1c71260d2a795a1227b16b0d3186
https://libvirt.org/git/?p=libvirt.git;a=commit;h=0af5ced4b81b68be7016d1f8755db3d0c3249278
Would you apply this patch for stretch?
Regards,
Allow apparmor access host resource and process cmdline
These polociy conflicts were fixed in upstream.
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -21,6 +21,10 @@
/dev/ptmx rw,
/dev/kqemu rw,
@{PROC}/*/status r,
+ # When qemu is signaled to terminate, it will read cmdline of signaling
+ # process for reporting purposes. Allowing read access to a process
+ # cmdline may leak sensitive information embedded in the cmdline.
+ @{PROC}/@{pid}/cmdline r,
# Per man(5) proc, the kernel enforces that a thread may
# only modify its comm value or those in its thread group.
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
@@ -152,3 +156,9 @@
/etc/udev/udev.conf r,
/sys/bus/ r,
/sys/class/ r,
+
+ # for gathering information about available host resources
+ /sys/devices/system/cpu/ r,
+ /sys/devices/system/node/ r,
+ /sys/devices/system/node/node[0-9]*/meminfo r,
+ /sys/module/vhost/parameters/max_mem_regions r,
Bug#903242: Is there a canonical way to install libvirt-daemon with systemd settings, such as "libvirt-bin" ?
Package: libvirt Version: 3.0.0-4+deb9u3 Severity: normal Dear maintainers, I have a question about libvirtd packages. I have tried installing libvirtd packages on my machine. According to Debian Administrator's Handbook, https://debian-handbook.info/browse/en-US/stable/sect.virtualization.html#id-1.15.5.14 libvirt-bin provides the libvirtd daemon However, "libvirt-bin" is dropped in debian stretch. So, I installed "libvird-daemon" on my system then I connect to libvirtd from remote machine's virt-manager but error occured. libvirtd is not working since systemd services were not installed. Traditional "libvirt-bin" package depends "libvirt-daemon-system". IMHO, "libvird-daemon" should recommends to install "libvirt-daemon-system" or Is there a canonical way to install libvirt-daemon with systemd settings, such as "libvirt-bin" ? Thanks. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#850335: golang-goyaml: FTBFS (failing tests)
Hi, This package is removed from sid at Jul 2016(#832414) So, golang-goyaml is not present in stretch. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#854851: Please remove or replace lenma images
Package: binaryornot Version: 0.4.0-1 Severity: serious tests/files/lena.gif and tests/files/lena.jpg are not DFSG-compatible files. So please remove or replace with other free images. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#789834: golang-doozer: FTBFS: cannot find package [..] goprotobuf/proto
Hi, I think this FTBFS has already solved. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#854850: Upstream URL is missing
Package: golang-doozer Version: 0.0~git20130909-1 Severity: wishlist Dear maintainer, Homepage's URL(https://github.com/4ad/doozer) is missing. I have searched near repository on GitHub. But I didn't find moved repository(there are a few of same name repository which looks like forked from this) Thanks. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#819641: golang-github-jinzhu-gorm: FTBFS: FAIL: TestScannableSlices (0.00s)
Control: clone -1 -2
Control: reassign -2 golang-github-mattn-go-sqlite3 1.1.0~dfsg1-2
Control: retitle -2 sqlite3.go's bind func causes cgo pointer panic.
Hi,
I think this runtime panic is caused by library of mattn/go-sqlite3.
Debian package version of mattn/go-sqlite3 is v1.1.0 which released at
Sep 2015. it's before Go 1.6 release. Go 1.6 changed spec of cgo pointer.
Upstream Recent Version v1.2.0 is fixed this by this
commit(https://github.com/mattn/go-sqlite3/commit/b76c61051faaf0baf3215e6f811003d98639b702)
I attached a patch ported from this commit which fixed
golang-github-jinzhu-gorm's FTBFS on my local machine.
--
Haruki TSURUMOTO
PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E
This patch fixes cgo's pointer runtime panic
Ported from https://github.com/mattn/go-sqlite3/commit/b76c61051faaf0baf3215e6f811003d98639b702Index: golang-github-mattn-go-sqlite3-1.1.0~dfsg1/sqlite3.go
===
--- golang-github-mattn-go-sqlite3-1.1.0~dfsg1.orig/sqlite3.go 2015-09-05 23:49:54.0 +0900
+++ golang-github-mattn-go-sqlite3-1.1.0~dfsg1/sqlite3.go 2017-02-11 14:16:40.738620174 +0900
@@ -480,11 +480,11 @@
case float64:
rv = C.sqlite3_bind_double(s.s, n, C.double(v))
case []byte:
- var p *byte
- if len(v) > 0 {
-p = [0]
+ if len(v) == 0 {
+rv = C._sqlite3_bind_blob(s.s, n, nil, 0)
+ } else {
+rv = C._sqlite3_bind_blob(s.s, n, unsafe.Pointer([0]), C.int(len(v)))
}
- rv = C._sqlite3_bind_blob(s.s, n, unsafe.Pointer(p), C.int(len(v)))
case time.Time:
b := []byte(v.UTC().Format(SQLiteTimestampFormats[0]))
rv = C._sqlite3_bind_text(s.s, n, (*C.char)(unsafe.Pointer([0])), C.int(len(b)))
signature.asc
Description: OpenPGP digital signature
Bug#828814: grafana: FTBFS: sqlstore/sqlstore.go:96: cannot assign to x.Logger
Hi, IMO, This FTBFS comes from golang-github-go-xorm-xorm-dev package's imcompatible changes. According to the upstream release page(https://github.com/go-xorm/xorm/releases), version 0.5.0 of xorm changed logging interface. v0.5.3 is packaged into unstable at June 2016. Anyone know how to solve this? Regards, -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E
Bug#852601: API key is not available
>Please see #845988 and /usr/share/doc/minitube/NEWS.Debian.gz. > Sorry, but this is wontfix. Oh, I missed d/NEWS file. Thank you for your time. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E
Bug#852601: API key is not available
Package: minitube Version: 2.5.2-2 Severity: important Dear maintainer, minitube requires YouTube API keys.(IMO, it required at build time) Upsteram's binary package (http://flavio.tordini.org/minitube) is usable,But Debian version is not. Thanks. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E ``` $ uname -a Linux debian-vm-tsr 4.8.0-2-amd64 #1 SMP Debian 4.8.11-1 (2016-12-02) x86_64 GNU/Linux $ minitube --version Minitube 2.5.2 Usage: minitube [options] Options: --toggle-playing Start or pause playback. --nextSkip to the next video. --previousGo back to the previous video. --stop-after-this Stop playback at the end of the video. $ minitube QIODevice::read (QFile, ":/functions.js"): device not open No available API keys 403 "Error transferring https://www.googleapis.com/youtube/v3/videoCategories?part=snippet=ja-JP=us - server replied: Forbidden" QNetworkReply::NetworkError(ContentOperationNotPermittedError) 403 "Error transferring https://www.googleapis.com/youtube/v3/videos?part=snippet,contentDetails,statistics=mostPopular=1 - server replied: Forbidden" QNetworkReply::NetworkError(ContentOperationNotPermittedError) 403 "Error transferring https://www.googleapis.com/youtube/v3/videoCategories?part=snippet=en=us - server replied: Forbidden" QNetworkReply::NetworkError(ContentOperationNotPermittedError) 403 "Error transferring https://www.googleapis.com/youtube/v3/search?part=snippet=video=50=ppap - server replied: Forbidden" QNetworkReply::NetworkError(ContentOperationNotPermittedError) "Error transferring https://www.googleapis.com/youtube/v3/search?part=snippet=video=50=ppap - server replied: Forbidden" ``` signature.asc Description: OpenPGP digital signature
Bug#851817: [pkg-go] Bug#851817: Bug#851817: Vendoring libraries
Hi. >When I packaged the prometheus ecosystem, most of the vendored >dependencies were not present in Debian. I packaged about 30 different >libraries to remove vendoring and left just a couple of them. There >were a couple of libs that were just too small and specific to justify >separate packages (not used directly by prometheus), and in the case of >the consul API because there is an API incompatibility with the package >present in Debian. I get the point. I tried to review that vendored library's compability with already debian packaged libraries. Does it make sense? === hashicorp/go-cleanhttp Compability: OK, almost same(only comment change: https://github.com/hashicorp/go-cleanhttp/commit/ad28ea4487f05916463e2423a55166280e8254b5), used from only consul (not prometheus) === hashicorp/consul Compability: Some codes are older than golang-github-hashicorp-consul-dev package === hashicorp/serf Compability: Looks good, Almost same(unnecessary codes were removed and a short comment is different: https://github.com/hashicorp/serf/commit/979180d19cb3c60f58fda490533e8e22a21c5aae) === influxdb/influxdb Compability: Complex, looks hard to replace with golang-github-influxdb-influxdb-dev package, there are incompatible changes. === > But I disagree with the severity of this bug, the policy only marks >this requirement as a "should", so it is not serious. OK. Thanks. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#851817: Vendoring libraries
Package: prometheus Version: 1.2.3+ds2-5 Severity: serious X-Debbugs-CC: pkg-go-maintain...@lists.alioth.debian.org Dear maintainers, Prometheus depends on many libraries, including source codes located into vendor directory. Is this a violation for Debian Policy 4.13 ? "4.13 Convenience copies of code" https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles Some libraries of vendor/* had already packaged in Debian, (ex: golang-github-hashicorp-go-cleanhttp-dev, golang-github-hashicorp-consul-dev) Can't we use these instead of vendoring method ? Regards, -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E
Bug#799454: golang-git2go: FTBFS: could not determine kind of name for C.GIT_CHECKOUT_SAFE_CREATE
Dear Maintainers, I think this bug was solved at upstream. Can't we update? Regards, -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#844469: ITP: golang-github-jessevdk-go-flags -- go command line option parser
Hello Tim golang-github-jessevdk-go-flags is already packaged as golang-go-flags-dev $ apt-cache showsrc golang-go-flags-dev | grep Homepage Homepage: https://github.com/jessevdk/go-flags Thanks -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#846294: [pkg-go] Bug#846294: [peco] Binary ist statically linked
>> Is that intentional? I would expect it to be dynamically linked. Yes, go applications links libraries statically. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#844699: ITP: tdiary-style-gfm -- GFM Style for tDiary
Hello, I have seen upstream repository of this, "tdiary-style-gfm.gemspec" says license is MIT License, but LICENSE.txt is the GPLv3. I think that to fix this mistake is better. In addition, tDiary is licensed under the GPLv2(seems not GPLv2+) http://metadata.ftp-master.debian.org/changelogs/main/t/tdiary/tdiary_3.1.3-3_copyright It can combined with tDiary? Thanks. -- Haruki TSURUMOTO PGP Fingerprint:3718 C84E 4EDA 1B5C 4F26 8639 9D3D EE3F 63A6 000E signature.asc Description: OpenPGP digital signature
Bug#843031: [pkg-go] Bug#843031: golang-github-nsf-termbox-go-dev: fails to upgrade from 'jessie' - trying to overwrite /usr/share/gocode/src/github.com/nsf/termbox-go/_demos/editbox.go
Hi, Thank you for reporting. I am discussing to fix it with my sponsor. -- Haruki TSURUMOTO signature.asc Description: OpenPGP digital signature
Bug#839262: ITP: golang-github-lestrrat-go-pdebug-dev -- Utilities for my print debugging fun
Package: wnpp Severity: wishlist X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: golang-github-lestrrat-go-pdebug-dev Upstream Author : Daisuke Maki * URL : https://github.com/lestrrat/go-pdebug * License : Expat Programming Lang: Go Description : Utilities for my print debugging fun. YMMV Package pdebug provides tools to produce debug logs the way the author (Daisuke Maki a.k.a. lestrrat) likes. All of the functions are no-ops unless you compile with the `-tags debug` option.
Bug#831576: RFP: peco -- Simplistic interactive filtering tool
Package: wnpp Severity: wishlist * Package name: peco Version : 0.3.6 Upstream Author : Daisuke Maki, mattn, syohex * URL : https://github.com/peco/peco * License : MIT Programming Lang: Go Description : Simplistic interactive filtering tool peco (pronounced peh-koh) is based on a python tool, percol. percol was darn useful, but I wanted a tool that was a single binary, and forget about python. peco is written in Go, and therefore you can just grab the binary releases and drop it in your $PATH. peco can be a great tool to filter stuff like logs, process stats, find files, because unlike grep, you can type as you think and look through the current results.
