On Thu, Jun 25, 2015 at 02:41:08PM +0200, Leopold Palomo-Avellaneda wrote: > El Dijous, 25 de juny de 2015, a les 14:01:16, Gilles Chanteperdrix va > escriure: > > On Thu, Jun 25, 2015 at 01:43:51PM +0200, Leopold Palomo-Avellaneda wrote: > > > Hi, > > > > > > in the lasts days I have been working in the Debian package of xenomai. By > > > now 2.6.4, but 3.0 is in the agenda, so I will begin to work on it soon. > > > > > > I'm working for the "officially" Debian package for the Debian > > > organization. I'm not alone, I'm collaborating with official maintainer > > > (Roland Stigge). So, my main target is to have one good package for > > > Debian. > > > > > > However, say that, IMHO it's important that the package could solve the > > > needs of more people, so, I'm open to adapt, modify or whatever in a good > > > manner to help the needs of the users of that package: Debian users or > > > Debian derivatives users. > > > > > > The Debian package follows mainly the upstream (Xenomai project) package. > > > However, I have introduced several changes from the original Debian one: > > > > > > - Renamed linux-patch-xenomai by xenomai-kernel-source > > > We are using Upstream nomenclature. > > > > The move from linux-patch-xenomai to xenomai-kernel-source is not a > > simple rename. Providing patches as linux-patch-xenomai did has been > > obsolete for several debian releases (3 or 4, something like that), > > and so no longer justified the costly maintenance of the script > > generating those patches. So, the xenomai-kernel-source package > > simply contains the part of the xenomai sources and the > > prepare-kernel.sh script allowing to build a kernel with xenomai > > support, making the preparation of a kernel the same as the one > > documented by the upstream package. > > Good. I agree. > > > > - Renamed xenomai-runtime by xenomai-system-tools. > > > Udev files, init file, test utilities, modprobe utilities. All this stuff > > > goes to that package. > > > > > > - Drop /dev from libxenomai1. > > > The /dev directory is created by udev. All debian systems have udev. > > > However, I'm thinking to have another package with this stuff. What do > > > you think? > > You didn't answer this .. > > [...] > > > > N: > > configure.in has been renamed configure.ac in xenomai 3.x. It will > > not be renamed in xenomai 2.6.x. > > > > > P: xenomai source: source-contains-prebuilt-javascript-object > > > doc/generated/html/api/jquery.js mean line length is about 16131 > > > characters > > > N: > > > N: The source tarball contains a prebuilt (minified) JavaScript object. > > > N: They are usually left by mistake when generating the tarball by not > > > N: cleaning the source directory first. You may want to report this as > > > an N: upstream bug, in case there is no sign that this was intended. > > No, this is intended, this file is part of the documentation > > generated by doxygen, and we want that documentation to be > > installable on the users system without any need to install doxygen. > > Ok, I know. > > > > W: xenomai-system-tools: hardening-no-relro usr/bin/cmd_bits > > > N: > > > N: This package provides an ELF binary that lacks the "read-only > > > N: relocation" link flag. This package was likely not built with the > > > N: default Debian compiler flags defined by dpkg-buildflags. If built > > > using N: dpkg-buildflags directly, be sure to import LDFLAGS. > > > N: > > > N: Refer to https://wiki.debian.org/Hardening for details. > > > N: > > > N: Severity: normal, Certainty: certain > > > N: > > > N: Check: binaries, Type: binary, udeb > > > N: > > > W: xenomai-system-tools: hardening-no-relro usr/bin/cmd_read > > > W: xenomai-system-tools: hardening-no-relro usr/bin/cmd_write > > > W: xenomai-system-tools: hardening-no-relro usr/bin/insn_bits > > > W: xenomai-system-tools: hardening-no-relro usr/bin/insn_read > > > W: xenomai-system-tools: hardening-no-relro usr/bin/insn_write > > > W: xenomai-system-tools: hardening-no-relro usr/bin/rtcanrecv > > > W: xenomai-system-tools: hardening-no-relro usr/bin/rtcansend > > > W: xenomai-system-tools: hardening-no-relro usr/bin/wf_generate > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/native+posix/mq_select > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/native/heap > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/native/leaks > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/native/sigdebug > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/native/tsc > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/posix/leaks > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/posix/mprotect > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/posix/nano_test > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/posix/shm > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/posix/test_pip_exit > > > W: xenomai-system-tools: hardening-no-relro usr/lib/x86_64-linux- > > > gnu/xenomai/regression/posix/xddp_test > > > W: xenomai-system-tools: hardening-no-relro usr/sbin/analogy_config > > > W: xenomai-system-tools: hardening-no-relro usr/sbin/rtcanconfig > > > > > > > Please provide the patch to the debian/rules to apply this change. I > > do not think we did anything special to avoid using the default flags. > > > my configure line says: > > CONFIG_OPTS += --prefix=/usr \ > --includedir=/usr/include/xenomai \ > --mandir=/usr/share/man \ > --with-testdir=/usr/lib/$(DEB_HOST_MULTIARCH)/xenomai \ > --enable-fortify \ > --libdir='$${prefix}/lib/$(DEB_HOST_MULTIARCH)/' > > > plus some specific arch params.
What specific arch params? Last time I checked in the in-tree debian/rules, these arch params were obsolete, so, I removed them all. > I have tested it with --enable-fortify and > without. --enable-fortify, as documented, allows applications built for the POSIX skin with the fortify define (_FORTIFY_SOURCE), to correctly link with Xenomai libraries (IOW, it provides implementation of __wrap_printf_chk and the like). It has no influence on building Xenomai with that flag. > > I have also: > DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie > > following > > https://wiki.debian.org/Hardening > > any help in this stuff will help. The in-tree debian/rules exports the variable DEB_BUILD_HARDENING=1 to build the package with hardening. At the time I read the wiki, this was one recommended way, supposing that the wiki was up to date when I read it. I am afraid I can you help more on this, this looks like a debian specific problem. -- Gilles. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 811 bytes Desc: not available URL: <http://xenomai.org/pipermail/xenomai/attachments/20150625/27c09373/attachment.sig> _______________________________________________ Xenomai mailing list Xenomai@xenomai.org http://xenomai.org/mailman/listinfo/xenomai
