Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi Salvatore, Am 20.09.2012 um 19:37 schrieb Salvatore Bonaccorso : > Hi Thilo > > I had a quick look again at your current version uploaded to > mentors.d.n. Really thanks for your work you put into that package. > I'm adding only again some comments: > > current lintian reports the following two: > > W: logsurfer: hardening-no-fortify-functions usr/bin/logsurfer > N: > N:This package provides an ELF binary that lacks the use of fortified libc > N:functions. Either there are no potentially unfortified functions called > N:by any routines, all unfortified calls have already been fully validated > N:at compile-time, or the package was not built with the default Debian > N:compiler flags defined by dpkg-buildflags. If built using > N:dpkg-buildflags directly, be sure to import CPPFLAGS. > N: > N:NB: Due to false-positives, Lintian ignores some unprotected functions > N:(e.g. memcpy). > N: > N:Refer to http://wiki.debian.org/Hardening and > N:http://bugs.debian.org/673112 for details. > N: > N:Severity: normal, Certainty: possible > N: > N:Check: binaries, Type: binary, udeb > N: > > This needs patching of Makefile.in. Simply adding @CPPFLAGS@ to the > CPPFLAGS asignmend should do unless I missed something. After doing so > my resulting binary had: > > foo/usr/bin/logsurfer: > Position Independent Executable: no, normal executable! > Stack protected: yes > Fortify Source functions: yes (some protected functions found) > Read-only relocations: yes > Immediate binding: no, not found! Yes, that worked for me, too. I included the patch. > I: logsurfer: FSSTND-dir-in-manual-page > usr/share/man/man5/logsurfer.conf.5.gz:249 /var/adm/ > N: > N:The manual page references a directory that is specified in the FSSTND > N:but not in the FHS which is used by Debian. This can be an indicator of > N:a mismatch of the location of files as installed for Debian and as > N:described by the man page. > N: > N:If you have to change file locations to abide by Debian Policy please > N:also patch the man page to mention these new locations. > N: > N:Severity: wishlist, Certainty: certain > N: > N:Check: manpages, Type: binary > N: While I think that lintian show this warning because of "/var/adm", I get your point. > No files are installed into the wrong directory, but looking at the > manpage logsurfer.conf(5) I see that /usr/local/etc/logsurfer.conf is > references as default configuration file. Trying to start logsurfer: > > # logsurfer > warning: logsurfer started as root > error opening configfile /usr/local/etc/logsurfer.conf > error reading configfile /usr/local/etc/logsurfer.conf > > For more information on Configuration files[1], in particular see > 'Location' and 'Behaviour'. Location of a default configuration file > seems configurable in the configure part. > > [1]: http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files I changed the default to /etc/logsurfer.conf. The warning about /var/adm is still there, but I think that should be ok. > debian/changelog: For the initial upload it is only needed to have the > 'Initial release (Closes: #670875)' entry, the others as part of the > inital packaging could be removed. Fixed. > Hmm, maybe would be good to actually add a README.Debian to give an > introduction on how to use logsurfer on a Debian system? How to set up > monitoring of a logfile? cronjobs? Yes, I thought about that as well. For now I created a small README.Debian. But maybe it would be a good idea to include some examples like an init.d script to start logsrufer on system boot. > Hope this could help you, Yes, very much! I uploaded a new version to mentors.d.n. Thanks again, Thilo -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/bb0551f1-46f2-44e2-95b1-0a33c5b42...@uttendorfer.net
Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi Thilo I had a quick look again at your current version uploaded to mentors.d.n. Really thanks for your work you put into that package. I'm adding only again some comments: current lintian reports the following two: W: logsurfer: hardening-no-fortify-functions usr/bin/logsurfer N: N:This package provides an ELF binary that lacks the use of fortified libc N:functions. Either there are no potentially unfortified functions called N:by any routines, all unfortified calls have already been fully validated N:at compile-time, or the package was not built with the default Debian N:compiler flags defined by dpkg-buildflags. If built using N:dpkg-buildflags directly, be sure to import CPPFLAGS. N: N:NB: Due to false-positives, Lintian ignores some unprotected functions N:(e.g. memcpy). N: N:Refer to http://wiki.debian.org/Hardening and N:http://bugs.debian.org/673112 for details. N: N:Severity: normal, Certainty: possible N: N:Check: binaries, Type: binary, udeb N: This needs patching of Makefile.in. Simply adding @CPPFLAGS@ to the CPPFLAGS asignmend should do unless I missed something. After doing so my resulting binary had: foo/usr/bin/logsurfer: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! I: logsurfer: FSSTND-dir-in-manual-page usr/share/man/man5/logsurfer.conf.5.gz:249 /var/adm/ N: N:The manual page references a directory that is specified in the FSSTND N:but not in the FHS which is used by Debian. This can be an indicator of N:a mismatch of the location of files as installed for Debian and as N:described by the man page. N: N:If you have to change file locations to abide by Debian Policy please N:also patch the man page to mention these new locations. N: N:Severity: wishlist, Certainty: certain N: N:Check: manpages, Type: binary N: No files are installed into the wrong directory, but looking at the manpage logsurfer.conf(5) I see that /usr/local/etc/logsurfer.conf is references as default configuration file. Trying to start logsurfer: # logsurfer warning: logsurfer started as root error opening configfile /usr/local/etc/logsurfer.conf error reading configfile /usr/local/etc/logsurfer.conf For more information on Configuration files[1], in particular see 'Location' and 'Behaviour'. Location of a default configuration file seems configurable in the configure part. [1]: http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files debian/changelog: For the initial upload it is only needed to have the 'Initial release (Closes: #670875)' entry, the others as part of the inital packaging could be removed. Hmm, maybe would be good to actually add a README.Debian to give an introduction on how to use logsurfer on a Debian system? How to set up monitoring of a logfile? cronjobs? Hope this could help you, Regards, Salvatore signature.asc Description: Digital signature
Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi, Thanks for your work! But I'm out and not able to look at those packages untill 12th. Please do find other sponsors if you'd like to see your package available in Wheezy! -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w7drqageushvqmatrfkgebpcpw+5guvattitne0hzu...@mail.gmail.com
Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Am 05.06.2012 um 19:55 schrieb Aron Xu: > For the newly uploaded version, issues remaining: > > 1. debian/* are licensed under GPL-2, so your patches cannot be > directly integrated to upstream unless you re-license it. This is okay > to accept the package, but a suggestion to license at least those > patches under the same license as your upstream. I changed the license of the patches to the upstream license. > 2. debian/copyright said all upstream files are licensed under a > BSD-like license, but at least the following two files are licensed > under GPL-2+: src/regex.c and src/regex.h. Please recheck all files > and document them Fixed. Could you have a look at "regex/regex.ps", I hope I got this one right in debian/copyright. > 3. debian/rules has many template sentences from dh-make, please > remove those unnecessary ones. Fixed. I just uploaded the new version. Thanks again for looking at the package! Thilo -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/a6542a5f-1ac0-4577-90b2-21de2bc7d...@uttendorfer.net
Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi, For the newly uploaded version, issues remaining: 1. debian/* are licensed under GPL-2, so your patches cannot be directly integrated to upstream unless you re-license it. This is okay to accept the package, but a suggestion to license at least those patches under the same license as your upstream. 2. debian/copyright said all upstream files are licensed under a BSD-like license, but at least the following two files are licensed under GPL-2+: src/regex.c and src/regex.h. Please recheck all files and document them 3. debian/rules has many template sentences from dh-make, please remove those unnecessary ones. -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w6kPp=i_gy830eke8gg4ykp66dycdn_brx0b_5gboe...@mail.gmail.com
Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi Aron, thanks for your suggestions. Am 01.06.2012 um 16:45 schrieb Aron Xu: > I see that you've uploaded 1.8-3 to mentors.d.n, I haven't looked at > the details but here are some suggestions: > > 1.New package should close your ITP bug in debian/changelog > 2.You need to target to unstable, but not UNRELEASED in debian/changelog > 3.You don't need to Build-Depends on quilt in most cases. > 4.The package hasn't been released in Debian archive, you'd better > reuse the version 1.8-1 before it actually being accepted and > published. I uploaded a new version 1.8-1 that fixes all the points you mentioned. Thanks, Thilo -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0e27c1e6-da4f-4559-84a5-0dfa77a21...@uttendorfer.net
Bug#670875: About your newly uploaded logsurfer to mentors.d.n
Hi, I see that you've uploaded 1.8-3 to mentors.d.n, I haven't looked at the details but here are some suggestions: 1.New package should close your ITP bug in debian/changelog 2.You need to target to unstable, but not UNRELEASED in debian/changelog 3.You don't need to Build-Depends on quilt in most cases. 4.The package hasn't been released in Debian archive, you'd better reuse the version 1.8-1 before it actually being accepted and published. -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w6btwe98aJR=vumnovdbx-gs7nqutotzdri0xu2z+g...@mail.gmail.com