On Sat, 3 Jul 2021 21:36:53 +0900 Hideki Yamane <henr...@iijmio-mail.jp> wrote: > Mostly done, still have an error with autopkgtest for python3-openscap
Updated. Passed all salsa-ci test as below, and eliminate most of lintian warning/info. https://salsa.debian.org/henrich/openscap/-/pipelines/265972 diff -Nru openscap-1.3.4/debian/changelog openscap-1.3.4/debian/changelog --- openscap-1.3.4/debian/changelog 2021-02-02 00:22:30.000000000 +0900 +++ openscap-1.3.4/debian/changelog 2021-06-30 16:33:53.000000000 +0900 @@ -1,3 +1,37 @@ +openscap (1.3.4-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + + * Package structure changes + - Apply soname change (libopenscap8 -> 25) + - Split libopenscap25 to openscap-scanner, openscap-utils and + openscap-common + - Drop -dbg package and unnecessary lintian-overrides + * debian/control + - Specify https for upstream URL + - Use debhelper-compat (= 13) to not forget to install necessary files + with dh_missing + - Add missing dependencies: libacl1-dev, libblkid-dev, libglib2.0-dev, + libyaml-dev, librpm-dev, libpopt-dev, libprocps-dev, libopendbx1-dev, + libxmlsec1-dev, doxygen, graphviz, asciidoc, + * Drop unnecessary debian/compat + * debian/rules + - Enable documentation build + - Enable hardening + * Add openscap-common.docs to install HTML docs + * debian/openscap-scanner.install + - Install bash-completion + * openscap-utils.install + - Install autotailor and scap-as-rpm + * Add debian/openscap-{scanner,utils}.manpages + + * Trim trailing whitespace. + * Update watch file format version to 4. + * Set upstream metadata fields: Bug-Database, Bug-Submit. + * Drop unnecessary dependency on dh-autoreconf. + + -- Hideki Yamane <henr...@debian.org> Wed, 30 Jun 2021 16:33:53 +0900 + openscap (1.3.4-1) unstable; urgency=medium * New upstream version 1.3.4 diff -Nru openscap-1.3.4/debian/compat openscap-1.3.4/debian/compat --- openscap-1.3.4/debian/compat 2021-02-02 00:22:30.000000000 +0900 +++ openscap-1.3.4/debian/compat 1970-01-01 09:00:00.000000000 +0900 @@ -1 +0,0 @@ -11 diff -Nru openscap-1.3.4/debian/control openscap-1.3.4/debian/control --- openscap-1.3.4/debian/control 2021-02-02 00:22:30.000000000 +0900 +++ openscap-1.3.4/debian/control 2021-06-30 16:33:53.000000000 +0900 @@ -2,7 +2,7 @@ Priority: optional Maintainer: Pierre Chifflier <pol...@debian.org> Uploaders: Philippe Thierry <phi...@debian.org> -Build-Depends: debhelper (>= 13), +Build-Depends: debhelper-compat (= 13), cmake, libpcre3-dev, libxml2-dev, @@ -18,19 +18,30 @@ libattr1-dev, libldap2-dev, libbz2-dev, + libacl1-dev, + libblkid-dev, + libglib2.0-dev, + libyaml-dev, + librpm-dev, + libpopt-dev, + libprocps-dev, + libopendbx1-dev, + libxmlsec1-dev, + doxygen, graphviz, + asciidoc, pkg-config, dh-python, chrpath, libdbus-1-dev +Section: admin X-Python3-Version: >= 3.9 Standards-Version: 4.5.1 -Section: libs -Homepage: http://www.open-scap.org/ +Homepage: https://www.open-scap.org/ Package: libopenscap-dev Section: libdevel Architecture: linux-any -Depends: libopenscap8 (= ${binary:Version}), ${misc:Depends}, ${python3:Depends}, libjs-jquery +Depends: libopenscap25 (= ${binary:Version}), ${misc:Depends}, ${python3:Depends}, libjs-jquery Description: Set of libraries enabling integration of the SCAP line of standards OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards. SCAP is a line of @@ -48,13 +59,13 @@ . This package contains the development files for OpenSCAP. -Package: libopenscap8 +Package: libopenscap25 Section: libs Architecture: linux-any -Conflicts: libopenscap0, libopenscap1, libopenscap3 -Replaces: libopenscap0, libopenscap1, libopenscap3 +Conflicts: libopenscap0, libopenscap1, libopenscap3, libopenscap8, +Replaces: libopenscap0, libopenscap1, libopenscap3, libopenscap8, Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, Description: Set of libraries enabling integration of the SCAP line of standards OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards. SCAP is a line of @@ -69,11 +80,13 @@ * Common Vulnerability Scoring System (CVSS) * Extensible Configuration Checklist Description Format (XCCDF) * Open Vulnerability and Assessment Language (OVAL) + . + This package contains libraries for OpenSCAP. Package: python3-openscap Section: python Architecture: linux-any -Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, libopenscap8 (= ${binary:Version}) +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, libopenscap25 (= ${binary:Version}) X-Python3-Version: ${python3:Versions} Provides: ${python3:Provides} Description: Set of libraries enabling integration of the SCAP line of standards @@ -96,7 +109,7 @@ Package: libopenscap-perl Section: perl Architecture: linux-any -Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libopenscap8 (= ${binary:Version}) +Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libopenscap25 (= ${binary:Version}) Description: Set of libraries enabling integration of the SCAP line of standards OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards. SCAP is a line of @@ -114,13 +127,12 @@ . This package contains the Perl bindings for OpenSCAP. -Package: libopenscap8-dbg -Section: debug +Package: openscap-scanner Architecture: linux-any -Conflicts: libopenscap0-dbg -Replaces: libopenscap0-dbg -Depends: ${shlibs:Depends}, libopenscap8 (= ${binary:Version}), ${misc:Depends} -Description: Set of libraries enabling integration of the SCAP line of standards +Depends: libopenscap25 (= ${binary:Version}), + ${shlibs:Depends}, ${misc:Depends}, +Recommends: openscap-common (= ${binary:Version}), +Description: OpenScap Scanner Tool (oscap) OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards. SCAP is a line of standards managed by NIST with the goal of providing a standard language @@ -135,5 +147,47 @@ * Extensible Configuration Checklist Description Format (XCCDF) * Open Vulnerability and Assessment Language (OVAL) . - This package contains debugging symbols for OpenSCAP. + This package contains oscap command-line tool, configuration and + vulnerability scanner. It can use for compliance checking with SCAP contents. +Package: openscap-utils +Architecture: linux-any +Depends: openscap-scanner (= ${binary:Version}), ${python3:Depends}, + ${shlibs:Depends}, ${misc:Depends}, rpm, +Recommends: openscap-common (= ${binary:Version}), +Description: OpenSCAP utilities + OpenSCAP is a set of open source libraries providing an easier path + for integration of the SCAP line of standards. SCAP is a line of + standards managed by NIST with the goal of providing a standard language + for the expression of Computer Network Defense related information. + . + The intended scope of this project is to implement working interface + wrappers for parsing and querying SCAP content including: + * Common Vulnerabilities and Exposures (CVE) + * Common Configuration Enumeration (CCE) + * Common Platform Enumeration (CPE) + * Common Vulnerability Scoring System (CVSS) + * Extensible Configuration Checklist Description Format (XCCDF) + * Open Vulnerability and Assessment Language (OVAL) + . + This package contains command line utilities. + +Package: openscap-common +Architecture: all +Depends: ${misc:Depends}, +Description: OpenSCAP schema files + OpenSCAP is a set of open source libraries providing an easier path + for integration of the SCAP line of standards. SCAP is a line of + standards managed by NIST with the goal of providing a standard language + for the expression of Computer Network Defense related information. + . + The intended scope of this project is to implement working interface + wrappers for parsing and querying SCAP content including: + * Common Vulnerabilities and Exposures (CVE) + * Common Configuration Enumeration (CCE) + * Common Platform Enumeration (CPE) + * Common Vulnerability Scoring System (CVSS) + * Extensible Configuration Checklist Description Format (XCCDF) + * Open Vulnerability and Assessment Language (OVAL) + . + This package contains schema files. diff -Nru openscap-1.3.4/debian/docs openscap-1.3.4/debian/docs --- openscap-1.3.4/debian/docs 2021-02-01 23:55:08.000000000 +0900 +++ openscap-1.3.4/debian/docs 1970-01-01 09:00:00.000000000 +0900 @@ -1,2 +0,0 @@ -NEWS -README diff -Nru openscap-1.3.4/debian/libopenscap25.install openscap-1.3.4/debian/libopenscap25.install --- openscap-1.3.4/debian/libopenscap25.install 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/libopenscap25.install 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* diff -Nru openscap-1.3.4/debian/libopenscap8.dirs openscap-1.3.4/debian/libopenscap8.dirs --- openscap-1.3.4/debian/libopenscap8.dirs 2021-02-01 23:55:08.000000000 +0900 +++ openscap-1.3.4/debian/libopenscap8.dirs 1970-01-01 09:00:00.000000000 +0900 @@ -1,2 +0,0 @@ -usr/lib -usr/lib/openscap diff -Nru openscap-1.3.4/debian/libopenscap8.install openscap-1.3.4/debian/libopenscap8.install --- openscap-1.3.4/debian/libopenscap8.install 2021-02-02 00:22:30.000000000 +0900 +++ openscap-1.3.4/debian/libopenscap8.install 1970-01-01 09:00:00.000000000 +0900 @@ -1,14 +0,0 @@ -usr/bin/oscap -usr/bin/oscap-chroot -usr/bin/oscap-docker -usr/bin/oscap-ssh -usr/bin/oscap-vm -usr/bin/oscap-podman -usr/share/man/man8/oscap.8* -usr/share/man/man8/oscap-chroot.8* -usr/share/man/man8/oscap-docker.8* -usr/share/man/man8/oscap-ssh.8* -usr/share/man/man8/oscap-vm.8* -usr/share/man/man8/oscap-podman.8* -usr/lib/*/lib*.so.* -usr/share/openscap/* diff -Nru openscap-1.3.4/debian/libopenscap8.lintian-overrides openscap-1.3.4/debian/libopenscap8.lintian-overrides --- openscap-1.3.4/debian/libopenscap8.lintian-overrides 2021-02-02 00:22:30.000000000 +0900 +++ openscap-1.3.4/debian/libopenscap8.lintian-overrides 1970-01-01 09:00:00.000000000 +0900 @@ -1,2 +0,0 @@ -# historical package named keeped -libopenscap8: package-name-doesnt-match-sonames libopenscap25 libopenscap-sce25 diff -Nru openscap-1.3.4/debian/openscap-common.docs openscap-1.3.4/debian/openscap-common.docs --- openscap-1.3.4/debian/openscap-common.docs 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-common.docs 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1 @@ +usr/share/doc/openscap/html diff -Nru openscap-1.3.4/debian/openscap-common.install openscap-1.3.4/debian/openscap-common.install --- openscap-1.3.4/debian/openscap-common.install 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-common.install 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1 @@ +usr/share/openscap/* diff -Nru openscap-1.3.4/debian/openscap-scanner.docs openscap-1.3.4/debian/openscap-scanner.docs --- openscap-1.3.4/debian/openscap-scanner.docs 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-scanner.docs 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1,3 @@ +NEWS +README* +usr/share/doc/openscap/manual diff -Nru openscap-1.3.4/debian/openscap-scanner.examples openscap-1.3.4/debian/openscap-scanner.examples --- openscap-1.3.4/debian/openscap-scanner.examples 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-scanner.examples 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1 @@ +docs/oscap-scan.cron diff -Nru openscap-1.3.4/debian/openscap-scanner.install openscap-1.3.4/debian/openscap-scanner.install --- openscap-1.3.4/debian/openscap-scanner.install 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-scanner.install 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1,2 @@ +usr/bin/oscap +etc/bash_completion.d/oscap usr/share/bash-completion/completions/ diff -Nru openscap-1.3.4/debian/openscap-scanner.manpages openscap-1.3.4/debian/openscap-scanner.manpages --- openscap-1.3.4/debian/openscap-scanner.manpages 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-scanner.manpages 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1 @@ +usr/share/man/man8/oscap.8 diff -Nru openscap-1.3.4/debian/openscap-utils.install openscap-1.3.4/debian/openscap-utils.install --- openscap-1.3.4/debian/openscap-utils.install 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-utils.install 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1,8 @@ +usr/bin/oscap-chroot +usr/bin/oscap-docker +usr/bin/oscap-podman +usr/bin/oscap-run-sce-script +usr/bin/oscap-ssh +usr/bin/oscap-vm +usr/bin/autotailor +usr/bin/scap-as-rpm diff -Nru openscap-1.3.4/debian/openscap-utils.manpages openscap-1.3.4/debian/openscap-utils.manpages --- openscap-1.3.4/debian/openscap-utils.manpages 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/openscap-utils.manpages 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1,7 @@ +usr/share/man/man8/oscap-chroot.8 +usr/share/man/man8/oscap-docker.8 +usr/share/man/man8/oscap-podman.8 +usr/share/man/man8/oscap-ssh.8 +usr/share/man/man8/oscap-vm.8 +usr/share/man/man8/autotailor.8 +usr/share/man/man8/scap-as-rpm.8 diff -Nru openscap-1.3.4/debian/pyversions openscap-1.3.4/debian/pyversions --- openscap-1.3.4/debian/pyversions 2021-02-01 23:55:08.000000000 +0900 +++ openscap-1.3.4/debian/pyversions 1970-01-01 09:00:00.000000000 +0900 @@ -1 +0,0 @@ -2.4- diff -Nru openscap-1.3.4/debian/rules openscap-1.3.4/debian/rules --- openscap-1.3.4/debian/rules 2021-02-02 00:22:30.000000000 +0900 +++ openscap-1.3.4/debian/rules 2021-06-30 16:33:53.000000000 +0900 @@ -4,19 +4,18 @@ # Uncomment this to turn on verbose mode. export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS := hardening=+all + DEFAULTPY=$(shell py3versions -v -d) PYVERSIONS=$(shell py3versions -v -r) ALLPY=$(PYVERSIONS) PERL_VERSION:=$(shell perl -e 'my @ver=split /\./, sprintf("%vd", $$^V); print("$$ver[0].$$ver[1]");') - -override_dh_auto_test: - # disable tests until they work as expected - : +CMAKE_OPTS=-DENABLE_DOCS=ON =DOEPNSCAP_PROBE_UNIX_GCONF=OFF -DGCONF_LIBRARY= override_dh_auto_configure: $(ALLPY:%=override_dh_auto_configure-%) override_dh_auto_configure-%: - dh_auto_configure -Bbuild-python-$* -- --enable-sce --enable-perl -DPERL_VERSION=$(PERL_VERSION) PYTHON=/usr/bin/python$* + dh_auto_configure -Bbuild-python-$* -- --enable-sce --enable-perl -DPERL_VERSION=$(PERL_VERSION) PYTHON=/usr/bin/python$* $(CMAKE_OPTS) override_dh_auto_build: $(ALLPY:%=override_dh_auto_build-%) @@ -28,9 +27,9 @@ rm -f debian/libopenscap-dev/usr/share/doc/libopenscap-dev/html/jquery.js mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION)* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION) chrpath -d debian/tmp/usr/bin/oscap - chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap.so.25.3.0 - chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap_sce.so.25.3.0 - chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/5.32/openscap_pm.so + chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap.so.* + chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap_sce.so.* + chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/5.*/openscap_pm.so chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_py.py chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_api.py @@ -38,12 +37,13 @@ dh_auto_install -Bbuild-python-$* --destdir=debian/tmp override_dh_strip: - dh_strip -plibopenscap8 --dbg-package=libopenscap8-dbg - dh_strip -ppython3-openscap --dbg-package=libopenscap8-dbg - dh_strip -plibopenscap-perl --dbg-package=libopenscap8-dbg + dh_strip -popenscap-scanner --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)' + dh_strip -plibopenscap25 --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)' + dh_strip -ppython3-openscap --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)' + dh_strip -plibopenscap-perl --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)' override_dh_auto_clean: rm -rf build-* %: - dh $@ --with autoreconf,python3 + dh $@ --with python3 diff -Nru openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf --- openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/tests/autopkgtest-pkg-python.conf 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1 @@ +import_name = oscap_docker_python diff -Nru openscap-1.3.4/debian/upstream/metadata openscap-1.3.4/debian/upstream/metadata --- openscap-1.3.4/debian/upstream/metadata 1970-01-01 09:00:00.000000000 +0900 +++ openscap-1.3.4/debian/upstream/metadata 2021-06-30 16:33:53.000000000 +0900 @@ -0,0 +1,3 @@ +--- +Bug-Database: https://github.com/OpenSCAP/openscap/issues +Bug-Submit: https://github.com/OpenSCAP/openscap/issues/new diff -Nru openscap-1.3.4/debian/watch openscap-1.3.4/debian/watch --- openscap-1.3.4/debian/watch 2021-02-01 23:55:08.000000000 +0900 +++ openscap-1.3.4/debian/watch 2021-06-30 16:33:53.000000000 +0900 @@ -1,10 +1,2 @@ -# watch control file for uscan -# Run the "uscan" command to check for upstream updates and more. -# See uscan(1) for format - -# Compulsory line, this is a version 3 file -version=3 - -opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/openscap-$1\.tar\.gz/ \ - https://github.com/OpenSCAP/openscap/tags .*/v?(\d\S*)\.tar\.gz - +version=4 +opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/openscap-$1\.tar\.gz/ https://github.com/OpenSCAP/openscap/tags .*/v?(\d\S*)\.tar\.gz