I've been working on more lintian fixes raised by the AA review. Here is today's batch: nvml (1.3.1-0ubuntu1~ppa12) bionic; urgency=medium
* Install pmemobj docs into a html subdir * Enable parallel build (dh $@ --parallel) * Several lintian fixes: - binary-control-field-duplicates-source - duplicate-short-description - extended-description-is-probably-too-short - restore lintian override about ldconfig for the debug libraries, but this time in the -debug packages and not -dev packages. - using-first-person-in-description - extended-description-is-probably-too-short - debian-watch-does-not-check-gpg-signature - d/p/spelling-fixes.patch: assorted spelling fixes - useless-autogenerated-doxygen-file - hardening-no-bindnow That last one, hardening-no-bindnow, meant I changed the build flags. This is what is used now: CPPFLAGS : -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_REENTRANT CFLAGS : -g -O2 -fdebug-prefix-map=/home/ubuntu/nvdimm/nvml/nvml-git=. -fstack-protector-strong -Wformat -Werror=format-security -std=gnu99 -Wall -Werror -pthread -DSRCVERSION="debian/1.3.1-0ubuntu1_ppa5-92-g79c0594" -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -DJEMALLOC_LIBVMEM -fvisibility=hidden LDFLAGS : -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,-z,relro -Wl,--fatal-warnings Before it was: CPPFLAGS : -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_REENTRANT CFLAGS : -g -O2 -fdebug-prefix-map=/home/ubuntu/nvdimm/nvml/nvml-git=. -fstack-protector-strong -Wformat -Werror=format-security -std=gnu99 -Wall -Werror -pthread -DSRCVERSION="debian/1.3.1-0ubuntu1_ppa5-91-g0b93979" -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -DJEMALLOC_LIBVMEM -fvisibility=hidden LDFLAGS : -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro -Wl,--fatal-warnings (don't mind the version, that's just in my local builds) There is another flags-related lintian warning that I have to address: I: libvmem1-debug: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/nvml_dbg/libvmem.so.1.0.0 N: N: This package provides an ELF binary that lacks the use of fortified libc N: functions. Either there are no potentially unfortified functions called N: by any routines, all unfortified calls have already been fully validated N: at compile-time, or the package was not built with the default Debian N: compiler flags defined by dpkg-buildflags. If built using N: dpkg-buildflags directly, be sure to import CPPFLAGS. N: N: NB: Due to false-positives, Lintian ignores some unprotected functions N: (e.g. memcpy). N: N: Refer to https://wiki.debian.org/Hardening and N: https://bugs.debian.org/673112 for details. N: N: Severity: normal, Certainty: wild-guess N: N: Check: binaries, Type: binary, udeb But since this is about the debug libraries, I think I will just add a note to READBE.source and/or override it. ** Bug watch added: Debian Bug tracker #673112 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673112 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1752378 Title: Please add Userspace Packages for NVDIMM support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1752378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs