[Jailkit-dev] jailkit sent to Debian -- comments

jailkit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] jailkit sent to Debian -- comments

From:	Eriberto
Subject:	[Jailkit-dev] jailkit sent to Debian -- comments
Date:	Fri, 18 Oct 2019 23:07:24 -0300

Hi guys,

Today I sent jailkit-2.21 to Debian. Considering that is first time of
jailkit in Debian, now it is in NEW queue[1] to be analised by
FTP-Master Team. The wait time is 1 day up to 3 months. There is a
copy of the package in our git repository[2].

[1] https://ftp-master.debian.org/new.html
[2] https://salsa.debian.org/debian/jailkit

I found some issues and I would like to tell about it.

1. The configure.ac forces to install Python 2. It is bad for Debian
because Python 2 is being removed. As a workaround I did a patch to
cancel the checking lines and allow the build system work.

2. There are some spelling errors (detected by me or by lintian, the
Debian build system check). I did a patch[3] to fix it.

[3] 
https://salsa.debian.org/debian/jailkit/blob/debian/master/debian/patches/20_fix-spelling-manpages.patch

3. When running "# jk_init -v -j /home/chrootusers ssh", I got:
"configparser.DuplicateOptionError: While reading from
'/etc/jailkit/jk_init.ini' [line 118]: option 'includesections' in
section 'openvpn' already exists". This patch[4] will fix it.

[4] 
https://salsa.debian.org/debian/jailkit/blob/debian/master/debian/patches/30_remove-duplicate-option.patch

4. The website[5] says: "The old (<2.20) releases are signed with PGP
key DAC576E6. Releases since 2.20 are signed with key F18D32B9".
However:

$ gpg --verify jailkit-2.21.tar.gz.sig
gpg: assuming signed data in 'jailkit-2.21.tar.gz'
gpg: Signature made dom 29 set 2019 17:39:24 -03
gpg:                using RSA key 58FD02766D031E832560A6A226073EFCDAC576E6

$ gpg --verify jailkit-2.21.tar.bz2.sig
gpg: assuming signed data in 'jailkit-2.21.tar.bz2'
gpg: Signature made dom 29 set 2019 17:39:30 -03
gpg:                using RSA key 58FD02766D031E832560A6A226073EFCDAC576E6

[5] https://olivier.sessink.nl/jailkit/

5. The Debian lintian shows:

jailkit source: source-contains-prebuilt-python-object
py/__pycache__/jk_lib.cpython-37.pyc

Please, see more details here[6].

[6] https://lintian.debian.org/tags/source-contains-prebuilt-python-object.html

6. There are some warnings when building with GCC 9:

gcc -g -O2 -fdebug-prefix-map=/PKGS/jailkit-3/jailkit-2.21=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall -pipe
-pthread -DINIPREFIX=\"/etc/jailkit\" -Wdate-time -D_FORTIFY_SOURCE=2
-c -o jk_lsh.o jk_lsh.c
In file included from /usr/include/string.h:494,
                 from jk_socketd.c:48:
In function ‘strncpy’,
    inlined from ‘new_socketlink’ at jk_socketd.c:121:2:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning:
‘__builtin_strncpy’ specified bound 108 equals destination size
[-Wstringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jk_lsh.c: In function ‘main’:
jk_lsh.c:240:10: warning: variable ‘oldumask’ set but not used
[-Wunused-but-set-variable]
  240 |   mode_t oldumask;
      |          ^~~~~~~~
gcc -g -O2 -fdebug-prefix-map=/PKGS/jailkit-3/jailkit-2.21=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall -pipe
-pthread -DINIPREFIX=\"/etc/jailkit\" -Wdate-time -D_FORTIFY_SOURCE=2
-c -o wordexp.o wordexp.c
In file included from /usr/include/string.h:494,
                 from jk_lsh.c:58:
In function ‘strncpy’,
    inlined from ‘expand_executable_w_path’ at jk_lsh.c:128:14,
    inlined from ‘main’ at jk_lsh.c:273:8:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning:
‘__builtin_strncpy’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jk_lsh.c: In function ‘main’:
jk_lsh.c:125:15: note: length computed here
  125 |    int tlen = strlen(*path);
      |               ^~~~~~~~~~~~~
In file included from /usr/include/string.h:494,
                 from jk_lsh.c:58:
In function ‘strncat’,
    inlined from ‘expand_executable_w_path’ at jk_lsh.c:133:14,
    inlined from ‘main’ at jk_lsh.c:273:8:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: warning:
‘__builtin_strncat’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
  136 |   return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jk_lsh.c: In function ‘main’:
jk_lsh.c:122:14: note: length computed here
  122 |   int elen = strlen(executable);
      |              ^~~~~~~~~~~~~~~~~~


Thanks a lot for your nice work. We will have jailkit approved in Debian soon.

Regards,

Eriberto

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-dev] jailkit sent to Debian -- comments, Eriberto <=
- Re: [Jailkit-dev] jailkit sent to Debian -- comments, Olivier Sessink, 2019/10/19
  - Re: [Jailkit-dev] jailkit sent to Debian -- comments, Eriberto, 2019/10/19

Prev by Date: [Jailkit-dev] [bug #52421] debian/rules:74: recipe for target 'install-arch' failed on Debian Stretch
Next by Date: Re: [Jailkit-dev] jailkit sent to Debian -- comments
Previous by thread: [Jailkit-dev] [bug #52421] debian/rules:74: recipe for target 'install-arch' failed on Debian Stretch
Next by thread: Re: [Jailkit-dev] jailkit sent to Debian -- comments
Index(es):
- Date
- Thread