Re: Reg. packaging pam-kwallet for Debian
On Tuesday 13 January 2015 12:59 AM, Àlex Fiestas wrote: On Sunday 26 October 2014 14:43:14 you wrote: On Saturday 25 October 2014 08:31 PM, Àlex Fiestas wrote: Will check this out and take care of it. Thanks. Thanks Alex. Do update this thread once you are done. - Rahul. Hey I just wanted to say that I haven't had time to look into this, sorry :/ It is still on my todo and will get into it as soon as possible. Best, Àlex. A really old thread. But this can now be closed as libpam-kwallet5 package is now available in Debian :). Thanks, Rahul. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
On Sunday 26 October 2014 14:43:14 you wrote: > On Saturday 25 October 2014 08:31 PM, Àlex Fiestas wrote: > > Will check this out and take care of it. Thanks. > > Thanks Alex. Do update this thread once you are done. > > - Rahul. Hey I just wanted to say that I haven't had time to look into this, sorry :/ It is still on my todo and will get into it as soon as possible. Best, Àlex. signature.asc Description: This is a digitally signed message part. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
On Saturday 25 October 2014 08:31 PM, Àlex Fiestas wrote: Will check this out and take care of it. Thanks. Thanks Alex. Do update this thread once you are done. - Rahul. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
On Friday 24 October 2014 02:17:44 Rahul Amaram wrote: > On Thursday 23 October 2014 05:08 PM, Maximiliano Curia wrote: > > ¡Hola Rahul! > > > > El 2014-10-23 a las 11:44 +0200, Maximiliano Curia escribió: > >> I'm not sure about the socket file in /tmp. The file name is predictable > >> and it's even logged before use... oh, it's never used, mmh. > > > > No, it's used in kde-workspace-bin's startkde, to set the session > > environment. As a result, using pam-kwallet on anything but kde will > > leave a kded "hanged" waiting for the environment socket to be readable. > > > > This needs a proper fix. > > CC'ing the upstream author(s) for his input. I don't think I can do bug > fixes in the code as I don't have sufficient context. I intend to mainly > take care of packaging it :). Will check this out and take care of it. Thanks. signature.asc Description: This is a digitally signed message part. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
On Thursday 23 October 2014 05:08 PM, Maximiliano Curia wrote: ¡Hola Rahul! El 2014-10-23 a las 11:44 +0200, Maximiliano Curia escribió: I'm not sure about the socket file in /tmp. The file name is predictable and it's even logged before use... oh, it's never used, mmh. No, it's used in kde-workspace-bin's startkde, to set the session environment. As a result, using pam-kwallet on anything but kde will leave a kded "hanged" waiting for the environment socket to be readable. This needs a proper fix. CC'ing the upstream author(s) for his input. I don't think I can do bug fixes in the code as I don't have sufficient context. I intend to mainly take care of packaging it :). Thanks, Rahul. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
¡Hola Rahul! El 2014-10-23 a las 11:44 +0200, Maximiliano Curia escribió: > I'm not sure about the socket file in /tmp. The file name is predictable and > it's even logged before use... oh, it's never used, mmh. No, it's used in kde-workspace-bin's startkde, to set the session environment. As a result, using pam-kwallet on anything but kde will leave a kded "hanged" waiting for the environment socket to be readable. This needs a proper fix. -- “There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." -- C.A.R. Hoare Saludos /\/\ /\ >< `/ signature.asc Description: Digital signature -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
¡Hola Rahul! El 2014-10-23 a las 05:09 +0530, Rahul Amaram escribió: > Totally understand and appreciate this. I didn't think that a package in > Ubuntu > mainstream would need so much review. Yeah, well, it happens, we are more picky/we aim to have higher quality software (I guess a bit of both). > Agreed. But it would be great if we can have this in Debian Jessie. Is it > still > possible? I don't know, a new package needs to pass the new queue, which usualy takes some time to graduate from. And then it's 10 days to pass from unstable to jessie, so, most probably, no. But I guess we can push the backport package once jessie is released. > In the code I don't see any obvious errors, but I'm not an expert in pam > modules, some comments though: > In kwallet_hash, after the call to error = gcry_kdf_derive(..) it's not > checking in error returned something. > In prompt_for_password, the memset in the lines: > struct pam_response *response = NULL; > memset (&response, 0, sizeof(response)); > is redundant. > I have not reviewed the upstream code (not sure if I'll be able to understand > it also). Also, I prefer to leave upstream code unchanged unless it breaks > something or has some security or performance issues. It's always a good idea to try to understand some of it. I'm not sure about the socket file in /tmp. The file name is predictable and it's even logged before use... oh, it's never used, mmh. > You can get the source at https://github.com/amaramrahul/pam-kwallet Ok. -- "Don't let what you cannot do interfere with what you can do." -- Wooden's Rule Saludos /\/\ /\ >< `/ signature.asc Description: Digital signature -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
Comments inline. On Tuesday 21 October 2014 06:28 PM, Maximiliano Curia wrote: ¡Hola Rahul! The review process involves checking and fixing the packaging, and checking upstream code for possible errors/incompatibilities with the way things are done in the distribution. It takes time from both of us. Totally understand and appreciate this. I didn't think that a package in Ubuntu mainstream would need so much review. My ultra motive to offer you to review the package is to have more members engaged in the team, not to push things that are not up to the quality expected in Debian. Agreed. But it would be great if we can have this in Debian Jessie. Is it still possible? There are a couple of fixes in the upstream git, last commit is 2014-05-08, you might want to include those. Done. To be under the kde team umbrella the package should be something like: Maintainer: Debian/Kubuntu Qt/KDE Maintainers or: Maintainer: Debian KDE Extras Team or: Maintainer: Debian Krap Maintainers The field: XSBC-Original-Maintainer is not considered valid in Debian packages. Add add yourself to the Uploaders list. Done. In the debian/copyright file: Source: Please update the template to point to the upstream git repository. Done. Also in the debian/copyright file, the debian/* path is licensed under a more restrictive license than the upstream code (GPL, and LGPL respectively), this kind of licensing could block patches in the debian package from ever be applied upstream and should be avoided. I pinged Rohan about this. Ok. In Debian the pam modules are named libpam-$module, please rename the binary package. Done. The description provides almost no information, please extend it. Consider using the kwalletmanager description, and adding a paragraph about the pam module (ala libpam-gnome-keyring). Done. I also added a README file describing the prerequisites and necessary configuration. It's a good idea to set the build dependencies versions to (at least) the ones listed in the CMakeLists.txt, in this case cmake (>= 2.8.8) and libgcrypt11-dev (>= 1.5.0). Done. In the code I don't see any obvious errors, but I'm not an expert in pam modules, some comments though: In kwallet_hash, after the call to error = gcry_kdf_derive(..) it's not checking in error returned something. In prompt_for_password, the memset in the lines: struct pam_response *response = NULL; memset (&response, 0, sizeof(response)); is redundant. I have not reviewed the upstream code (not sure if I'll be able to understand it also). Also, I prefer to leave upstream code unchanged unless it breaks something or has some security or performance issues. Also, the normal review process is done via mentors.debian.net, where you could upload the package and send a RFS, I prefer using a git repository where I can see the changes made, and afterwards integrate the changes in a repository for the package, either one is fine, or even an uri where I can fetch the package source (I don't care about the binary file). You can get the source at *https://github.com/amaramrahul/pam-kwallet* In any case, I would prefer not to have the packages as attachments, specially in bugs and the team mailing lists, so, unless you can't publish the files somewhere else, please avoid sending them like so. And if you really have to send the files as attachments, please send them via direct mail, without copies. Point noted. Thanks, Looking forward to your response. Thanks, Rahul. -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
¡Hola Rahul! El 2014-10-21 a las 01:26 +0530, Rahul Amaram escribió: > Apologies for the delay. Had been caught up with some work. > Kindly review and upload to Debian. The review process involves checking and fixing the packaging, and checking upstream code for possible errors/incompatibilities with the way things are done in the distribution. It takes time from both of us. My ultra motive to offer you to review the package is to have more members engaged in the team, not to push things that are not up to the quality expected in Debian. > Version: 0.0~git20140429-1 There are a couple of fixes in the upstream git, last commit is 2014-05-08, you might want to include those. > Maintainer: Rahul Amaram To be under the kde team umbrella the package should be something like: Maintainer: Debian/Kubuntu Qt/KDE Maintainers or: Maintainer: Debian KDE Extras Team or: Maintainer: Debian Krap Maintainers The field: XSBC-Original-Maintainer is not considered valid in Debian packages. Add add yourself to the Uploaders list. In the debian/copyright file: Source: Please update the template to point to the upstream git repository. Also in the debian/copyright file, the debian/* path is licensed under a more restrictive license than the upstream code (GPL, and LGPL respectively), this kind of licensing could block patches in the debian package from ever be applied upstream and should be avoided. I pinged Rohan about this. In Debian the pam modules are named libpam-$module, please rename the binary package. The description provides almost no information, please extend it. Consider using the kwalletmanager description, and adding a paragraph about the pam module (ala libpam-gnome-keyring). It's a good idea to set the build dependencies versions to (at least) the ones listed in the CMakeLists.txt, in this case cmake (>= 2.8.8) and libgcrypt11-dev (>= 1.5.0). In the code I don't see any obvious errors, but I'm not an expert in pam modules, some comments though: In kwallet_hash, after the call to error = gcry_kdf_derive(..) it's not checking in error returned something. In prompt_for_password, the memset in the lines: struct pam_response *response = NULL; memset (&response, 0, sizeof(response)); is redundant. Also, the normal review process is done via mentors.debian.net, where you could upload the package and send a RFS, I prefer using a git repository where I can see the changes made, and afterwards integrate the changes in a repository for the package, either one is fine, or even an uri where I can fetch the package source (I don't care about the binary file). In any case, I would prefer not to have the packages as attachments, specially in bugs and the team mailing lists, so, unless you can't publish the files somewhere else, please avoid sending them like so. And if you really have to send the files as attachments, please send them via direct mail, without copies. Thanks, -- “There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." -- C.A.R. Hoare Saludos /\/\ /\ >< `/ signature.asc Description: Digital signature -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Re: Reg. packaging pam-kwallet for Debian
On Thursday 16 October 2014 01:29 PM, Maximiliano Curia wrote: But, if you prepare the package and intend to maintain it I won't mind reviewing it. Happy hacking, Apologies for the delay. Had been caught up with some work. Kindly review and upload to Debian. I am not a DD, so cannot upload it to Debian. Also, I've heard that new package takes about 10 days to get into unstable. So, you might want to expedite this. Thanks, Rahul. Format: 1.8 Date: Mon, 20 Oct 2014 23:37:26 +0530 Source: pam-kwallet Binary: pam-kwallet Architecture: source Version: 0.0~git20140429-1 Distribution: unstable Urgency: medium Maintainer: Rahul Amaram Changed-By: Rahul Amaram Description: pam-kwallet - KWallet integration with PAM Closes: 762402 Changes: pam-kwallet (0.0~git20140429-1) unstable; urgency=medium . * Import to Debian (Closes: #762402) Checksums-Sha1: da328e1df2e1aea61b432b1cb2d14c2d26011f9a 977 pam-kwallet_0.0~git20140429-1.dsc dabc1160203efd958bcf8977339eed16c0e81356 2624 pam-kwallet_0.0~git20140429-1.debian.tar.xz Checksums-Sha256: 833c2b4ccc0d5c4a334af33e63b367d135aabe1c6c8db8ed3921323e53735932 977 pam-kwallet_0.0~git20140429-1.dsc 996be90339e50ec0cc7e0b610918e0ce428958d513f13386af3661256df176d7 2624 pam-kwallet_0.0~git20140429-1.debian.tar.xz Files: 5e9780018389b417a79c4834c24db5cd 977 kde optional pam-kwallet_0.0~git20140429-1.dsc c85e9a7c72fe8b857f830ce74363387c 2624 kde optional pam-kwallet_0.0~git20140429-1.debian.tar.xz Original-Maintainer: Rohan Garg pam-kwallet_0.0~git20140429-1_i386.deb Description: application/deb -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 20 Oct 2014 23:37:26 +0530 Source: pam-kwallet Binary: pam-kwallet Architecture: source i386 Version: 0.0~git20140429-1 Distribution: unstable Urgency: medium Maintainer: Rahul Amaram Changed-By: Rahul Amaram Description: pam-kwallet - KWallet integration with PAM Closes: 762402 Changes: pam-kwallet (0.0~git20140429-1) unstable; urgency=medium . * Import to Debian (Closes: #762402) Checksums-Sha1: 53d0749ed2776dbf1a695c2417f9cf0a36b9db63 1846 pam-kwallet_0.0~git20140429-1.dsc d63065bedae0af508ecdcab6248bc5dcfc64cabb 2632 pam-kwallet_0.0~git20140429-1.debian.tar.xz bd7acae85cdd04a43cfbbc82928c910fbaaa4eb4 9518 pam-kwallet_0.0~git20140429-1_i386.deb Checksums-Sha256: 2c3f18609feb91960c7a3b168272ca744d5031369b7f33d7d8a523f427275ccc 1846 pam-kwallet_0.0~git20140429-1.dsc a8abac02b9f01c4773f97089504fa69829b1f45a068a56e6c506e9a6497355ca 2632 pam-kwallet_0.0~git20140429-1.debian.tar.xz 16488f3321a527db508cb62c5edb6727225aeba5a4316564dbed4eeca227567b 9518 pam-kwallet_0.0~git20140429-1_i386.deb Files: 025c6dccd68277f0fcbd2304c1dc633c 1846 kde optional pam-kwallet_0.0~git20140429-1.dsc 37702c2a27fb7ac26b1959a87375e893 2632 kde optional pam-kwallet_0.0~git20140429-1.debian.tar.xz 154651a2c35f206fc5fdc3b13438d72f 9518 kde optional pam-kwallet_0.0~git20140429-1_i386.deb Original-Maintainer: Rohan Garg -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJURWiyAAoJEMxkxzcmTFut/pIP/jc/vs71P82E49XiNhCQ0C1H fRnYKCV2AzvYbgvuDifrX/UX+ggh9xAKSaA1mCfPogNcLvwLZlm4LI9YAstLf4ex 6/4/0ZCCuy/2cuIr/25SJSz5vXzH1wTNiwaigGLAcT7lsMRwXF08U5TP1FloszG8 hGS6nvD0r/vikgM38f3MUh/aS6rkTXkcmN8/YD4y+oSbvbnAdLWoMT/IGY8glEX5 0PGXzDJQgemQZW45nPzQs+2l4/KNnAG9z0P+QOenE3XiCGWh3sTAjBYmMdFhfGfO PbCM3n/lTjRc8yLbJpw7sWAR5rN2VOP1AKKpnr2p9pUUvHV0UeoJ+Gag/xqRFleR CrRO2h/MyV5bNRE8Dv8VQo9fzJER1iz9ajDaMjiTvkLbc7NNsy3zt1Na8MMNlS1x B2LfxOByx+5Qn7oK4D0bbWFM+CIu5qkiD8R7yUX+GkAiajGC44V5vazzWSuMGk3k j+lWeHbaSUYsfu2UYVAS1QGVLzdjxIDkpzdr+WyjNwDYZ6or5itt1nWTNNYwUfnk 8MXbhR6v39EXXtCYvvoNqS0M5B3lSi3ipaMC0t38UKsu3+mgKHkd+mn8NZRUWBug Bsw55+OY7Q7g+38N7fIFDbEgjZ3WCXuLoxP/PpLjhfwTBsN4oPnVHoJbTYSnrmcj A9iu6nU7CyJ3HTFdOK/b =XYWb -END PGP SIGNATURE- -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 3.0 (quilt) Source: pam-kwallet Binary: pam-kwallet Architecture: any Version: 0.0~git20140429-1 Maintainer: Rahul Amaram Standards-Version: 3.9.6 Build-Depends: debhelper (>= 9), cmake, libpam0g-dev, libgcrypt11-dev Package-List: pam-kwallet deb kde optional arch=any Checksums-Sha1: d106bef9c86a1e5ad2a5bb74e2faf21a8dac726a 7136 pam-kwallet_0.0~git20140429.orig.tar.xz d63065bedae0af508ecdcab6248bc5dcfc64cabb 2632 pam-kwallet_0.0~git20140429-1.debian.tar.xz Checksums-Sha256: 0164672678c76cba02fcbc577332a57643a47ff60a22d12101f83800b838da36 7136 pam-kwallet_0.0~git20140429.orig.tar.xz a8abac02b9f01c4773f97089504fa69829b1f45a068a56e6c506e9a6497355ca 2632 pam-kwallet_0.0~git20140429-1.debian.tar.xz Files: 764745b3abea37d445d8176e25a9bcf9 7136 pam-kwallet_0.0~git20140429.orig.tar.xz 37702c2a27fb7ac26b1959a87375e893 2632 pam-kwallet_0.0~git20140429-1.debian.tar.xz Original-Maintainer: Rohan Garg -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJURWhyAAoJEMxkxzcmTFut6eMP/jMZEEYNnL0TstcI6+MltGyT sDFYeXemjGIE4CxD2/jDsBs7kDo0aO4nIu+yEPdQCUOaOyZWg6Kc2D8kQocz8O6y bEFyIYXPkLOcqy88+rLoaJy3xrAuX8+lAPm8gyoWw7
Re: Reg. packaging pam-kwallet for Debian
¡Hola Rahul! El 2014-10-14 a las 23:54 +0530, Rahul Amaram escribió: > I would like to know if it there are any plans for packaging pam-kwallet for > Debian Jessie (Nov 5 freeze). There is already a RFP for this - https:// > bugs.debian.org/cgi-bin/bugreport.cgi?bug=762402. > I think it addresses a very serious security vs. usability issue and addresses > a 10 year old feature request https://bugs.kde.org/show_bug.cgi?id=92845 :). As I mentioned when pam_kwallet was first introduced, I think it's a bad idea to unlock the wallet by default and to promote the use of the password as the passphrase. As such, I don't want to invest my time in this. But, if you prepare the package and intend to maintain it I won't mind reviewing it. Happy hacking, -- A computer scientist is someone who, when told to "Go to Hell," sees the "go to," rather than the destination, as harmful. Saludos /\/\ /\ >< `/ signature.asc Description: Digital signature -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk
Reg. packaging pam-kwallet for Debian
Hi, I would like to know if it there are any plans for packaging pam-kwallet for Debian Jessie (Nov 5 freeze). There is already a RFP for this - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762402. I think it addresses a very serious security vs. usability issue and addresses a 10 year old feature request https://bugs.kde.org/show_bug.cgi?id=92845 :). Thanks, Rahul. -- http://rahul.amaram.name -- http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-talk