Bug#826718: Fwknop 2.6.9 packaged

[gregor herrmann]

On Sat, 27 Aug 2016 22:39:35 +0200, Franck Joncourt wrote:

> > > Note: Right now I do not have access to the git repository but I will
> > > investigate if I can do something for that.
> > Ok.
> I cannot use my previous Debian account anymore - the SSH key has been
> disabled.

Hm, right; I think there's a possibility to get access with a -guest
Alioth account but I don't remember from the top off my head how this
works.
 
> Everything should be up-to-date on mentors.debian.net. I hope everything is
> fine now.

Looks good, thank you.
Uploaded.

> PS: I am glad, I have reinstalled my cowbuilder chroots along with my old
> utilities to check the Debian packages.

Great :)
 
> Best regards and thanks again for your time Gregor.

You're very welcome! 


Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: lorry box/Tontauben: a lie too


signature.asc
Description: Digital Signature

Bug#826718: Fwknop 2.6.9 packaged

[Franck Joncourt]

Hello Gregor,


> > The package has been accepted on the mentor queue and is available here:
> > https://mentors.debian.net/package/fwknop
>
> Thanks, and sorry for the delay in reviewing.
>

Do not worry :)


> > Note: Right now I do not have access to the git repository but I will
> > investigate if I can do something for that.
>
> Ok.
>

I cannot use my previous Debian account anymore - the SSH key has been
disabled.


> Some notes:
>
> - d/copyright:
>   This needs an update, according to the diff the new copyright
>   statement (for "Files: *") is now:
>
> - Copyright 2009-2013, Damien Stuart and Michael Rash
> +Copyright (C) 2009-2015 fwknop developers and contributors. For a full
> +list of contributors, see the file 'CREDITS'.
>

Updated


> - d/rules:
>   Another way to set bindnow is:
>   export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
>   Cf. man 1 dpkg-buildflags
>

I did see this method, but I did not use it a few weeks ago, since I wanted
to give a try manually first. I forgot to update the debian/rules with
DEB_BUILD_MAINT_OPTIONS afterwards. It is done in the new package I have
uploaded to mentors.debian.net


> - debug packages:
>   You can drop the -dbg packages, we have automatic -dbgsym packages
>   now. Cf. e.g. man 1 dh_strip.
>   (And since the packages are renamed, I think we don't need the
>   migration handling here.)
>

That is good to know.


> - there's a warning about sysmbols during build:
> dpkg-gensymbols: warning: some libraries disappeared in the symbols file:
> libfko.so.2
> dpkg-gensymbols: warning: debian/libfko3/DEBIAN/symbols doesn't match
> completely debian/libfko3.symbols
> [..]
>   not sure if this is a problem or not ...
>   hm, why "libfko.so.2"
>

I forgot to remove the libfko2 symbols from the debian/libfko3.symbols. It
is fixed.


> - As for the renaming of the libraries, I'm not sure if we need to do
>   a bit more. I guess there are no reverse dependencies outside this
>   source package? But even then, we should help users to get rid of
>   the libfko2* packages, probably with Breaks: libfko2*
>   (I see that libfko3-dev has a "Conflicts: libfko-dev".)
>   Cf. https://wiki.debian.org/RenamingPackages (although I guess we
>   need only the Breaks. -- Oh, no, we also need Replaces, as e.g.
>   libfko3-dev installs ./usr/include/fko.h and
>   ./usr/lib/x86_64-linux-gnu/libfko.a
>   And for the dbg/dbgsym-package we probably do also need
>   dh_strip --dbgsym-migration ...
>
>   And lots of time later I have something which seems to work; cf.
>   attached diff.
>

Good catch for the replace/break/conflicts.

Everything should be up-to-date on mentors.debian.net. I hope everything is
fine now.
The package is lintian clean (except from one experimental tag) and it
builds fine in a sid/amd64 cowbuilder chroot.

PS: I am glad, I have reinstalled my cowbuilder chroots along with my old
utilities to check the Debian packages.

Best regards and thanks again for your time Gregor.

--
Franck

Bug#826718: Fwknop 2.6.9 packaged

[gregor herrmann]

On Wed, 24 Aug 2016 13:12:11 +0200, Franck Joncourt wrote:

> The package has been accepted on the mentor queue and is available here:
> https://mentors.debian.net/package/fwknop

Thanks, and sorry for the delay in reviewing.
 
> Note: Right now I do not have access to the git repository but I will
> investigate if I can do something for that.

Ok.

Some notes:

- d/copyright:
  This needs an update, according to the diff the new copyright
  statement (for "Files: *") is now:

- Copyright 2009-2013, Damien Stuart and Michael Rash
+Copyright (C) 2009-2015 fwknop developers and contributors. For a full
+list of contributors, see the file 'CREDITS'.

- d/rules:
  Another way to set bindnow is:
  export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
  Cf. man 1 dpkg-buildflags

- debug packages:
  You can drop the -dbg packages, we have automatic -dbgsym packages
  now. Cf. e.g. man 1 dh_strip.
  (And since the packages are renamed, I think we don't need the
  migration handling here.)

- there's a warning about sysmbols during build:
dpkg-gensymbols: warning: some libraries disappeared in the symbols file: 
libfko.so.2
dpkg-gensymbols: warning: debian/libfko3/DEBIAN/symbols doesn't match 
completely debian/libfko3.symbols
[..]
  not sure if this is a problem or not ...
  hm, why "libfko.so.2"?

- As for the renaming of the libraries, I'm not sure if we need to do
  a bit more. I guess there are no reverse dependencies outside this
  source package? But even then, we should help users to get rid of
  the libfko2* packages, probably with Breaks: libfko2*
  (I see that libfko3-dev has a "Conflicts: libfko-dev".)
  Cf. https://wiki.debian.org/RenamingPackages (although I guess we
  need only the Breaks. -- Oh, no, we also need Replaces, as e.g.
  libfko3-dev installs ./usr/include/fko.h and
  ./usr/lib/x86_64-linux-gnu/libfko.a
  And for the dbg/dbgsym-package we probably do also need 
  dh_strip --dbgsym-migration ...
  
  And lots of time later I have something which seems to work; cf.
  attached diff.


Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Babyface Leroy: Rollin' & Tumblin'
diff -Nru fwknop-2.6.9/debian/control fwknop-2.6.9/debian/control
--- fwknop-2.6.9/debian/control	2016-08-10 16:37:21.0 +0200
+++ fwknop-2.6.9/debian/control	2016-08-27 14:22:43.0 +0200
@@ -15,8 +15,8 @@
 Package: libfko3-dev
 Architecture: linux-any
 Section: libdevel
-Provides: libfko-dev
-Conflicts: libfko-dev
+Breaks: libfko2-dev
+Replaces: libfko2-dev
 Suggests: libfko-doc
 Depends: ${shlibs:Depends}, libfko3 (= ${binary:Version}), ${misc:Depends}
 Description: FireWall KNock OPerator - development library
@@ -34,29 +34,11 @@
  .
  This package provides the development library and its headers.
 
-Package: libfko3-dbg
-Architecture: linux-any
-Section: debug
-Depends: libfko3 (= ${binary:Version}), ${misc:Depends}
-Description: FireWall KNock OPerator - debugging symbols
- The FireWall KNock OPerator implements an authorization scheme called
- Single Packet Authorization (SPA), based on Netfilter and libpcap.
- .
- Its main application is to protect services such as OpenSSH with
- an additional layer of security in order to make the exploitation of
- vulnerabilities (both 0-day and unpatched code) much more difficult.
- .
- The authorization server passively listens for authorization packets via
- libcap, so there is no service listening for network connections on the
- traditional port. Access to a protected service is only granted after a
- valid encrypted and non-replayed packet is detected. 
- .
- This package provides the debugging symbols for the library as well as for
- the fwknop server and client programs (C version only).
-
 Package: libfko3
 Section: libs
 Architecture: linux-any
+Breaks: libfko2
+Replaces: libfko2
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: FireWall KNock OPerator - shared library
diff -Nru fwknop-2.6.9/debian/rules fwknop-2.6.9/debian/rules
--- fwknop-2.6.9/debian/rules	2016-08-10 16:37:21.0 +0200
+++ fwknop-2.6.9/debian/rules	2016-08-27 14:22:43.0 +0200
@@ -65,4 +65,5 @@
 	chmod 600 $(CURDIR)/debian/fwknop-server/etc/fwknop/fwknopd.conf
 
 override_dh_strip:
-	dh_strip --dbg-package=libfko3-dbg
+	dh_strip -plibfko3 --dbgsym-migration='libfko2-dbg'
+	dh_strip --remaining-packages


signature.asc
Description: Digital Signature

Bug#826718: Fwknop 2.6.9 packaged

[Franck Joncourt]

Hi Gregor,

I hope you are well :)

The package has been accepted on the mentor queue and is available here:

https://mentors.debian.net/package/fwknop

If you can take a look at it. The package is lintian clean except for an
experimental tag:

X: libfko3: shlib-calls-exit usr/lib/x86_64-linux-gnu/libfko.so.3.0.0
I have checked and the exit function is not called without proper exit code.

Note: Right now I do not have access to the git repository but I will
investigate if I can do something for that.

Regards,

--
Franck

Bug#826718: fwknop 2.6.9

[Markus Gerstel]

Hi all,

I just started working on packaging fwknop 2.6.9 from scratch when I 
found this bug. I have spoken to infinity0 today, who would be happy to 
sponsor the upload as well.


As I only just started reading the Debian maintainers guide I tend to 
trust your work more than mine, too. I can try and have a look to see if 
I can identify what's going wrong with hardening flags though.


-Markus

Bug#826718: Fwknop 2.6.9 packaged

[gregor herrmann]

On Wed, 10 Aug 2016 22:52:09 +0200, Franck Joncourt wrote:

> I am almost ready to push new files to debian mentor (updated package with
> QA upload + patches + lintian fixes) - I have just detected a minor problem
> with hardening flags. I hoped I could achieve this before going on holidays
> but I currently run out of time. I will continue at the end of August and I
> would be delighted if you or Gregor could sponsor the upload if you have
> time.

I'm happy to take a look once the package is ready.
If you still have access to the git repo, working there would also be
nice.
 

Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Pink Floyd: A New Machine (Part 2)


signature.asc
Description: Digital Signature

Bug#826718: Fwknop 2.6.9 packaged

[Michael Rash]

On Wed, Aug 10, 2016 at 1:52 PM, Franck Joncourt 
wrote:

> Hi Santiago,
>
> Thanks for your quick reply. I did add the deb files to the bug report to
> provide them to users since it has been a while since the last real update
> of fwknop on Debian.
>
> I am almost ready to push new files to debian mentor (updated package with
> QA upload + patches + lintian fixes) - I have just detected a minor problem
> with hardening flags. I hoped I could achieve this before going on holidays
> but I currently run out of time. I will continue at the end of August and I
> would be delighted if you or Gregor could sponsor the upload if you have
> time.
>
> I would like to maintain the fwknop package again but with my family and
> my job it is sometimes difficult to find the time to do it correctly. I may
> be unavailable for weeks and that is why I resigned.
>

Hello Franck,

Just wanted to thank you for putting together the new package...

--Mike



>
> Best regards,
>
> --
> Franck Joncourt
>

Bug#826718: Fwknop 2.6.9 packaged

[Franck Joncourt]

Hi Santiago,

Thanks for your quick reply. I did add the deb files to the bug report to
provide them to users since it has been a while since the last real update
of fwknop on Debian.

I am almost ready to push new files to debian mentor (updated package with
QA upload + patches + lintian fixes) - I have just detected a minor problem
with hardening flags. I hoped I could achieve this before going on holidays
but I currently run out of time. I will continue at the end of August and I
would be delighted if you or Gregor could sponsor the upload if you have
time.

I would like to maintain the fwknop package again but with my family and my
job it is sometimes difficult to find the time to do it correctly. I may be
unavailable for weeks and that is why I resigned.

Best regards,

--
Franck Joncourt

Bug#826718: Fwknop 2.6.9 packaged

[Santiago Vila]

On Wed, Aug 10, 2016 at 06:09:15PM +0200, Franck Joncourt wrote:

> I have packaged fwknop 2.6.9. I have used the latest git commit from Debian
> repository to add my changes.
> Please find enclosed files. If you could give it a try and upload them
> since I am not the maintainer anymore and I may be a bit rusty :) Check
> debian archive for changes,

Even if the package is currently orphaned, you can become the
maintainer again if you wish, and you can also make a QA upload if you
still care about the package enough to update it but not enough to
maintain it.

But please follow established procedures for that. For example, if you
need a sponsor, try debian-mentors, or upload the package to
mentors.debian.net, or maybe both.

In particular, sending binary .deb packages to the BTS should be
completely unnecessary. We work with sources. Binary packages are
created automatically.

Thanks.