[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-dev] jailkit sent to Debian -- comments
From: |
Eriberto |
Subject: |
[Jailkit-dev] jailkit sent to Debian -- comments |
Date: |
Fri, 18 Oct 2019 23:07:24 -0300 |
Hi guys,
Today I sent jailkit-2.21 to Debian. Considering that is first time of
jailkit in Debian, now it is in NEW queue[1] to be analised by
FTP-Master Team. The wait time is 1 day up to 3 months. There is a
copy of the package in our git repository[2].
[1] https://ftp-master.debian.org/new.html
[2] https://salsa.debian.org/debian/jailkit
I found some issues and I would like to tell about it.
1. The configure.ac forces to install Python 2. It is bad for Debian
because Python 2 is being removed. As a workaround I did a patch to
cancel the checking lines and allow the build system work.
2. There are some spelling errors (detected by me or by lintian, the
Debian build system check). I did a patch[3] to fix it.
[3]
https://salsa.debian.org/debian/jailkit/blob/debian/master/debian/patches/20_fix-spelling-manpages.patch
3. When running "# jk_init -v -j /home/chrootusers ssh", I got:
"configparser.DuplicateOptionError: While reading from
'/etc/jailkit/jk_init.ini' [line 118]: option 'includesections' in
section 'openvpn' already exists". This patch[4] will fix it.
[4]
https://salsa.debian.org/debian/jailkit/blob/debian/master/debian/patches/30_remove-duplicate-option.patch
4. The website[5] says: "The old (<2.20) releases are signed with PGP
key DAC576E6. Releases since 2.20 are signed with key F18D32B9".
However:
$ gpg --verify jailkit-2.21.tar.gz.sig
gpg: assuming signed data in 'jailkit-2.21.tar.gz'
gpg: Signature made dom 29 set 2019 17:39:24 -03
gpg: using RSA key 58FD02766D031E832560A6A226073EFCDAC576E6
$ gpg --verify jailkit-2.21.tar.bz2.sig
gpg: assuming signed data in 'jailkit-2.21.tar.bz2'
gpg: Signature made dom 29 set 2019 17:39:30 -03
gpg: using RSA key 58FD02766D031E832560A6A226073EFCDAC576E6
[5] https://olivier.sessink.nl/jailkit/
5. The Debian lintian shows:
jailkit source: source-contains-prebuilt-python-object
py/__pycache__/jk_lib.cpython-37.pyc
Please, see more details here[6].
[6] https://lintian.debian.org/tags/source-contains-prebuilt-python-object.html
6. There are some warnings when building with GCC 9:
gcc -g -O2 -fdebug-prefix-map=/PKGS/jailkit-3/jailkit-2.21=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall -pipe
-pthread -DINIPREFIX=\"/etc/jailkit\" -Wdate-time -D_FORTIFY_SOURCE=2
-c -o jk_lsh.o jk_lsh.c
In file included from /usr/include/string.h:494,
from jk_socketd.c:48:
In function ‘strncpy’,
inlined from ‘new_socketlink’ at jk_socketd.c:121:2:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning:
‘__builtin_strncpy’ specified bound 108 equals destination size
[-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jk_lsh.c: In function ‘main’:
jk_lsh.c:240:10: warning: variable ‘oldumask’ set but not used
[-Wunused-but-set-variable]
240 | mode_t oldumask;
| ^~~~~~~~
gcc -g -O2 -fdebug-prefix-map=/PKGS/jailkit-3/jailkit-2.21=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall -pipe
-pthread -DINIPREFIX=\"/etc/jailkit\" -Wdate-time -D_FORTIFY_SOURCE=2
-c -o wordexp.o wordexp.c
In file included from /usr/include/string.h:494,
from jk_lsh.c:58:
In function ‘strncpy’,
inlined from ‘expand_executable_w_path’ at jk_lsh.c:128:14,
inlined from ‘main’ at jk_lsh.c:273:8:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning:
‘__builtin_strncpy’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jk_lsh.c: In function ‘main’:
jk_lsh.c:125:15: note: length computed here
125 | int tlen = strlen(*path);
| ^~~~~~~~~~~~~
In file included from /usr/include/string.h:494,
from jk_lsh.c:58:
In function ‘strncat’,
inlined from ‘expand_executable_w_path’ at jk_lsh.c:133:14,
inlined from ‘main’ at jk_lsh.c:273:8:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: warning:
‘__builtin_strncat’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jk_lsh.c: In function ‘main’:
jk_lsh.c:122:14: note: length computed here
122 | int elen = strlen(executable);
| ^~~~~~~~~~~~~~~~~~
Thanks a lot for your nice work. We will have jailkit approved in Debian soon.
Regards,
Eriberto
- [Jailkit-dev] jailkit sent to Debian -- comments,
Eriberto <=