Hi On 2021-07-04 04:04:13 +0900, Hideki Yamane wrote: > On Sat, 3 Jul 2021 21:36:53 +0900 > Hideki Yamane <henr...@iijmio-mail.jp> wrote: > > Mostly done, still have an error with autopkgtest for python3-openscap > > Updated. Passed all salsa-ci test as below, and eliminate most of > lintian warning/info. > https://salsa.debian.org/henrich/openscap/-/pipelines/265972 > > > diff -Nru openscap-1.3.4/debian/changelog openscap-1.3.4/debian/changelog > --- openscap-1.3.4/debian/changelog 2021-02-02 00:22:30.000000000 +0900 > +++ openscap-1.3.4/debian/changelog 2021-06-30 16:33:53.000000000 +0900 > @@ -1,3 +1,37 @@ > +openscap (1.3.4-1.1) UNRELEASED; urgency=medium > + > + * Non-maintainer upload. > + > + * Package structure changes > + - Apply soname change (libopenscap8 -> 25) > + - Split libopenscap25 to openscap-scanner, openscap-utils and > + openscap-common > + - Drop -dbg package and unnecessary lintian-overrides > + * debian/control > + - Specify https for upstream URL > + - Use debhelper-compat (= 13) to not forget to install necessary files > + with dh_missing > + - Add missing dependencies: libacl1-dev, libblkid-dev, libglib2.0-dev, > + libyaml-dev, librpm-dev, libpopt-dev, libprocps-dev, libopendbx1-dev, > + libxmlsec1-dev, doxygen, graphviz, asciidoc, > + * Drop unnecessary debian/compat > + * debian/rules > + - Enable documentation build > + - Enable hardening > + * Add openscap-common.docs to install HTML docs > + * debian/openscap-scanner.install > + - Install bash-completion > + * openscap-utils.install > + - Install autotailor and scap-as-rpm > + * Add debian/openscap-{scanner,utils}.manpages > + > + * Trim trailing whitespace. > + * Update watch file format version to 4. > + * Set upstream metadata fields: Bug-Database, Bug-Submit. > + * Drop unnecessary dependency on dh-autoreconf. > + > + -- Hideki Yamane <henr...@debian.org> Wed, 30 Jun 2021 16:33:53 +0900
Doing a transition now and adding new binary packages is already stretching the rules a lot. So please keep all the other changes to a minimum. Especially changing debhelper compat level is undesirable during the freeze (see https://release.debian.org/bullseye/freeze_policy.html) More comments below. > + > openscap (1.3.4-1) unstable; urgency=medium > > * New upstream version 1.3.4 > diff -Nru openscap-1.3.4/debian/compat openscap-1.3.4/debian/compat > --- openscap-1.3.4/debian/compat 2021-02-02 00:22:30.000000000 +0900 > +++ openscap-1.3.4/debian/compat 1970-01-01 09:00:00.000000000 +0900 > @@ -1 +0,0 @@ > -11 > diff -Nru openscap-1.3.4/debian/control openscap-1.3.4/debian/control > --- openscap-1.3.4/debian/control 2021-02-02 00:22:30.000000000 +0900 > +++ openscap-1.3.4/debian/control 2021-06-30 16:33:53.000000000 +0900 > @@ -2,7 +2,7 @@ > Priority: optional > Maintainer: Pierre Chifflier <pol...@debian.org> > Uploaders: Philippe Thierry <phi...@debian.org> > -Build-Depends: debhelper (>= 13), > +Build-Depends: debhelper-compat (= 13), > cmake, > libpcre3-dev, > libxml2-dev, > @@ -18,19 +18,30 @@ > libattr1-dev, > libldap2-dev, > libbz2-dev, > + libacl1-dev, > + libblkid-dev, > + libglib2.0-dev, > + libyaml-dev, > + librpm-dev, > + libpopt-dev, > + libprocps-dev, > + libopendbx1-dev, > + libxmlsec1-dev, > + doxygen, graphviz, > + asciidoc, > pkg-config, > dh-python, > chrpath, > libdbus-1-dev > +Section: admin > X-Python3-Version: >= 3.9 > Standards-Version: 4.5.1 > -Section: libs > -Homepage: http://www.open-scap.org/ > +Homepage: https://www.open-scap.org/ > > Package: libopenscap-dev > Section: libdevel > Architecture: linux-any > -Depends: libopenscap8 (= ${binary:Version}), ${misc:Depends}, > ${python3:Depends}, libjs-jquery > +Depends: libopenscap25 (= ${binary:Version}), ${misc:Depends}, > ${python3:Depends}, libjs-jquery > Description: Set of libraries enabling integration of the SCAP line of > standards > OpenSCAP is a set of open source libraries providing an easier path > for integration of the SCAP line of standards. SCAP is a line of > @@ -48,13 +59,13 @@ > . > This package contains the development files for OpenSCAP. > > -Package: libopenscap8 > +Package: libopenscap25 > Section: libs > Architecture: linux-any > -Conflicts: libopenscap0, libopenscap1, libopenscap3 > -Replaces: libopenscap0, libopenscap1, libopenscap3 > +Conflicts: libopenscap0, libopenscap1, libopenscap3, libopenscap8, > +Replaces: libopenscap0, libopenscap1, libopenscap3, libopenscap8, > Pre-Depends: ${misc:Pre-Depends} > -Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} > +Depends: ${shlibs:Depends}, ${misc:Depends}, > Description: Set of libraries enabling integration of the SCAP line of > standards > OpenSCAP is a set of open source libraries providing an easier path > for integration of the SCAP line of standards. SCAP is a line of > @@ -69,11 +80,13 @@ > * Common Vulnerability Scoring System (CVSS) > * Extensible Configuration Checklist Description Format (XCCDF) > * Open Vulnerability and Assessment Language (OVAL) > + . > + This package contains libraries for OpenSCAP. > > Package: python3-openscap > Section: python > Architecture: linux-any > -Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, > libopenscap8 (= ${binary:Version}) > +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, > libopenscap25 (= ${binary:Version}) > X-Python3-Version: ${python3:Versions} > Provides: ${python3:Provides} > Description: Set of libraries enabling integration of the SCAP line of > standards > @@ -96,7 +109,7 @@ > Package: libopenscap-perl > Section: perl > Architecture: linux-any > -Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libopenscap8 > (= ${binary:Version}) > +Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libopenscap25 > (= ${binary:Version}) > Description: Set of libraries enabling integration of the SCAP line of > standards > OpenSCAP is a set of open source libraries providing an easier path > for integration of the SCAP line of standards. SCAP is a line of > @@ -114,13 +127,12 @@ > . > This package contains the Perl bindings for OpenSCAP. > > -Package: libopenscap8-dbg > -Section: debug > +Package: openscap-scanner > Architecture: linux-any > -Conflicts: libopenscap0-dbg > -Replaces: libopenscap0-dbg > -Depends: ${shlibs:Depends}, libopenscap8 (= ${binary:Version}), > ${misc:Depends} > -Description: Set of libraries enabling integration of the SCAP line of > standards > +Depends: libopenscap25 (= ${binary:Version}), > + ${shlibs:Depends}, ${misc:Depends}, > +Recommends: openscap-common (= ${binary:Version}), > +Description: OpenScap Scanner Tool (oscap) > OpenSCAP is a set of open source libraries providing an easier path > for integration of the SCAP line of standards. SCAP is a line of > standards managed by NIST with the goal of providing a standard language > @@ -135,5 +147,47 @@ > * Extensible Configuration Checklist Description Format (XCCDF) > * Open Vulnerability and Assessment Language (OVAL) > . > - This package contains debugging symbols for OpenSCAP. > + This package contains oscap command-line tool, configuration and > + vulnerability scanner. It can use for compliance checking with SCAP > contents. > > +Package: openscap-utils > +Architecture: linux-any > +Depends: openscap-scanner (= ${binary:Version}), ${python3:Depends}, > + ${shlibs:Depends}, ${misc:Depends}, rpm, > +Recommends: openscap-common (= ${binary:Version}), > +Description: OpenSCAP utilities > + OpenSCAP is a set of open source libraries providing an easier path > + for integration of the SCAP line of standards. SCAP is a line of > + standards managed by NIST with the goal of providing a standard language > + for the expression of Computer Network Defense related information. > + . > + The intended scope of this project is to implement working interface > + wrappers for parsing and querying SCAP content including: > + * Common Vulnerabilities and Exposures (CVE) > + * Common Configuration Enumeration (CCE) > + * Common Platform Enumeration (CPE) > + * Common Vulnerability Scoring System (CVSS) > + * Extensible Configuration Checklist Description Format (XCCDF) > + * Open Vulnerability and Assessment Language (OVAL) > + . > + This package contains command line utilities. This will require a versioned Breaks + Replaces on the old libopenscap8 package. > + > +Package: openscap-common > +Architecture: all > +Depends: ${misc:Depends}, > +Description: OpenSCAP schema files > + OpenSCAP is a set of open source libraries providing an easier path > + for integration of the SCAP line of standards. SCAP is a line of > + standards managed by NIST with the goal of providing a standard language > + for the expression of Computer Network Defense related information. > + . > + The intended scope of this project is to implement working interface > + wrappers for parsing and querying SCAP content including: > + * Common Vulnerabilities and Exposures (CVE) > + * Common Configuration Enumeration (CCE) > + * Common Platform Enumeration (CPE) > + * Common Vulnerability Scoring System (CVSS) > + * Extensible Configuration Checklist Description Format (XCCDF) > + * Open Vulnerability and Assessment Language (OVAL) > + . > + This package contains schema files. Same as above. Cheers > diff -Nru openscap-1.3.4/debian/docs openscap-1.3.4/debian/docs > --- openscap-1.3.4/debian/docs 2021-02-01 23:55:08.000000000 +0900 > +++ openscap-1.3.4/debian/docs 1970-01-01 09:00:00.000000000 +0900 > @@ -1,2 +0,0 @@ > -NEWS > -README > diff -Nru openscap-1.3.4/debian/libopenscap25.install > openscap-1.3.4/debian/libopenscap25.install > --- openscap-1.3.4/debian/libopenscap25.install 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/libopenscap25.install 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1 @@ > +usr/lib/*/lib*.so.* > diff -Nru openscap-1.3.4/debian/libopenscap8.dirs > openscap-1.3.4/debian/libopenscap8.dirs > --- openscap-1.3.4/debian/libopenscap8.dirs 2021-02-01 23:55:08.000000000 > +0900 > +++ openscap-1.3.4/debian/libopenscap8.dirs 1970-01-01 09:00:00.000000000 > +0900 > @@ -1,2 +0,0 @@ > -usr/lib > -usr/lib/openscap > diff -Nru openscap-1.3.4/debian/libopenscap8.install > openscap-1.3.4/debian/libopenscap8.install > --- openscap-1.3.4/debian/libopenscap8.install 2021-02-02 > 00:22:30.000000000 +0900 > +++ openscap-1.3.4/debian/libopenscap8.install 1970-01-01 > 09:00:00.000000000 +0900 > @@ -1,14 +0,0 @@ > -usr/bin/oscap > -usr/bin/oscap-chroot > -usr/bin/oscap-docker > -usr/bin/oscap-ssh > -usr/bin/oscap-vm > -usr/bin/oscap-podman > -usr/share/man/man8/oscap.8* > -usr/share/man/man8/oscap-chroot.8* > -usr/share/man/man8/oscap-docker.8* > -usr/share/man/man8/oscap-ssh.8* > -usr/share/man/man8/oscap-vm.8* > -usr/share/man/man8/oscap-podman.8* > -usr/lib/*/lib*.so.* > -usr/share/openscap/* > diff -Nru openscap-1.3.4/debian/libopenscap8.lintian-overrides > openscap-1.3.4/debian/libopenscap8.lintian-overrides > --- openscap-1.3.4/debian/libopenscap8.lintian-overrides 2021-02-02 > 00:22:30.000000000 +0900 > +++ openscap-1.3.4/debian/libopenscap8.lintian-overrides 1970-01-01 > 09:00:00.000000000 +0900 > @@ -1,2 +0,0 @@ > -# historical package named keeped > -libopenscap8: package-name-doesnt-match-sonames libopenscap25 > libopenscap-sce25 > diff -Nru openscap-1.3.4/debian/openscap-common.docs > openscap-1.3.4/debian/openscap-common.docs > --- openscap-1.3.4/debian/openscap-common.docs 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-common.docs 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1 @@ > +usr/share/doc/openscap/html > diff -Nru openscap-1.3.4/debian/openscap-common.install > openscap-1.3.4/debian/openscap-common.install > --- openscap-1.3.4/debian/openscap-common.install 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-common.install 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1 @@ > +usr/share/openscap/* > diff -Nru openscap-1.3.4/debian/openscap-scanner.docs > openscap-1.3.4/debian/openscap-scanner.docs > --- openscap-1.3.4/debian/openscap-scanner.docs 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-scanner.docs 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1,3 @@ > +NEWS > +README* > +usr/share/doc/openscap/manual > diff -Nru openscap-1.3.4/debian/openscap-scanner.examples > openscap-1.3.4/debian/openscap-scanner.examples > --- openscap-1.3.4/debian/openscap-scanner.examples 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-scanner.examples 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1 @@ > +docs/oscap-scan.cron > diff -Nru openscap-1.3.4/debian/openscap-scanner.install > openscap-1.3.4/debian/openscap-scanner.install > --- openscap-1.3.4/debian/openscap-scanner.install 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-scanner.install 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1,2 @@ > +usr/bin/oscap > +etc/bash_completion.d/oscap usr/share/bash-completion/completions/ > diff -Nru openscap-1.3.4/debian/openscap-scanner.manpages > openscap-1.3.4/debian/openscap-scanner.manpages > --- openscap-1.3.4/debian/openscap-scanner.manpages 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-scanner.manpages 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1 @@ > +usr/share/man/man8/oscap.8 > diff -Nru openscap-1.3.4/debian/openscap-utils.install > openscap-1.3.4/debian/openscap-utils.install > --- openscap-1.3.4/debian/openscap-utils.install 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-utils.install 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1,8 @@ > +usr/bin/oscap-chroot > +usr/bin/oscap-docker > +usr/bin/oscap-podman > +usr/bin/oscap-run-sce-script > +usr/bin/oscap-ssh > +usr/bin/oscap-vm > +usr/bin/autotailor > +usr/bin/scap-as-rpm > diff -Nru openscap-1.3.4/debian/openscap-utils.manpages > openscap-1.3.4/debian/openscap-utils.manpages > --- openscap-1.3.4/debian/openscap-utils.manpages 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/openscap-utils.manpages 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1,7 @@ > +usr/share/man/man8/oscap-chroot.8 > +usr/share/man/man8/oscap-docker.8 > +usr/share/man/man8/oscap-podman.8 > +usr/share/man/man8/oscap-ssh.8 > +usr/share/man/man8/oscap-vm.8 > +usr/share/man/man8/autotailor.8 > +usr/share/man/man8/scap-as-rpm.8 > diff -Nru openscap-1.3.4/debian/pyversions openscap-1.3.4/debian/pyversions > --- openscap-1.3.4/debian/pyversions 2021-02-01 23:55:08.000000000 +0900 > +++ openscap-1.3.4/debian/pyversions 1970-01-01 09:00:00.000000000 +0900 > @@ -1 +0,0 @@ > -2.4- > diff -Nru openscap-1.3.4/debian/rules openscap-1.3.4/debian/rules > --- openscap-1.3.4/debian/rules 2021-02-02 00:22:30.000000000 +0900 > +++ openscap-1.3.4/debian/rules 2021-06-30 16:33:53.000000000 +0900 > @@ -4,19 +4,18 @@ > # Uncomment this to turn on verbose mode. > export DH_VERBOSE=1 > > +export DEB_BUILD_MAINT_OPTIONS := hardening=+all > + > DEFAULTPY=$(shell py3versions -v -d) > PYVERSIONS=$(shell py3versions -v -r) > ALLPY=$(PYVERSIONS) > PERL_VERSION:=$(shell perl -e 'my @ver=split /\./, sprintf("%vd", $$^V); > print("$$ver[0].$$ver[1]");') > - > -override_dh_auto_test: > - # disable tests until they work as expected > - : > +CMAKE_OPTS=-DENABLE_DOCS=ON =DOEPNSCAP_PROBE_UNIX_GCONF=OFF -DGCONF_LIBRARY= > > override_dh_auto_configure: $(ALLPY:%=override_dh_auto_configure-%) > > override_dh_auto_configure-%: > - dh_auto_configure -Bbuild-python-$* -- --enable-sce --enable-perl > -DPERL_VERSION=$(PERL_VERSION) PYTHON=/usr/bin/python$* > + dh_auto_configure -Bbuild-python-$* -- --enable-sce --enable-perl > -DPERL_VERSION=$(PERL_VERSION) PYTHON=/usr/bin/python$* $(CMAKE_OPTS) > > override_dh_auto_build: $(ALLPY:%=override_dh_auto_build-%) > > @@ -28,9 +27,9 @@ > rm -f > debian/libopenscap-dev/usr/share/doc/libopenscap-dev/html/jquery.js > mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION)* > debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION) > chrpath -d debian/tmp/usr/bin/oscap > - chrpath -d > debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap.so.25.3.0 > - chrpath -d > debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap_sce.so.25.3.0 > - chrpath -d > debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/5.32/openscap_pm.so > + chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap.so.* > + chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap_sce.so.* > + chrpath -d > debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/5.*/openscap_pm.so > chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_py.py > chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_api.py > > @@ -38,12 +37,13 @@ > dh_auto_install -Bbuild-python-$* --destdir=debian/tmp > > override_dh_strip: > - dh_strip -plibopenscap8 --dbg-package=libopenscap8-dbg > - dh_strip -ppython3-openscap --dbg-package=libopenscap8-dbg > - dh_strip -plibopenscap-perl --dbg-package=libopenscap8-dbg > + dh_strip -popenscap-scanner --dbgsym-migration='libopenscap8-dbg (<< > 1.3.4-1.1~)' > + dh_strip -plibopenscap25 --dbgsym-migration='libopenscap8-dbg (<< > 1.3.4-1.1~)' > + dh_strip -ppython3-openscap --dbgsym-migration='libopenscap8-dbg (<< > 1.3.4-1.1~)' > + dh_strip -plibopenscap-perl --dbgsym-migration='libopenscap8-dbg (<< > 1.3.4-1.1~)' > > override_dh_auto_clean: > rm -rf build-* > > %: > - dh $@ --with autoreconf,python3 > + dh $@ --with python3 > diff -Nru openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf > openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf > --- openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf 1970-01-01 > 09:00:00.000000000 +0900 > +++ openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf 2021-06-30 > 16:33:53.000000000 +0900 > @@ -0,0 +1 @@ > +import_name = oscap_docker_python > diff -Nru openscap-1.3.4/debian/upstream/metadata > openscap-1.3.4/debian/upstream/metadata > --- openscap-1.3.4/debian/upstream/metadata 1970-01-01 09:00:00.000000000 > +0900 > +++ openscap-1.3.4/debian/upstream/metadata 2021-06-30 16:33:53.000000000 > +0900 > @@ -0,0 +1,3 @@ > +--- > +Bug-Database: https://github.com/OpenSCAP/openscap/issues > +Bug-Submit: https://github.com/OpenSCAP/openscap/issues/new > diff -Nru openscap-1.3.4/debian/watch openscap-1.3.4/debian/watch > --- openscap-1.3.4/debian/watch 2021-02-01 23:55:08.000000000 +0900 > +++ openscap-1.3.4/debian/watch 2021-06-30 16:33:53.000000000 +0900 > @@ -1,10 +1,2 @@ > -# watch control file for uscan > -# Run the "uscan" command to check for upstream updates and more. > -# See uscan(1) for format > - > -# Compulsory line, this is a version 3 file > -version=3 > - > -opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/openscap-$1\.tar\.gz/ \ > - https://github.com/OpenSCAP/openscap/tags .*/v?(\d\S*)\.tar\.gz > - > +version=4 > +opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/openscap-$1\.tar\.gz/ > https://github.com/OpenSCAP/openscap/tags .*/v?(\d\S*)\.tar\.gz > > -- Sebastian Ramacher
signature.asc
Description: PGP signature