Control: tags -1 -moreinfo On 23.08.2024 20:09, Phil Wyett wrote: > Control: tags -1 +moreinfo > > Havard, > > Preamble... > > Thank you for taking the time to prepare this package and your contribution > to the Debian project. > > The review below is for assistance. This review is offered to help package > submitters to Debian mentors inorder to improve their packages prior to > possible sponsorship into Debian. There is no obligation on behalf of the > submitter to make any alterations based upon information provided in the > review. > > Review... > > 1. Build: > > * pbuilder [1]: Good > * sbuild [2]: Good > > 2. Lintian [3]: Warning > > W: libopenscap33: uses-dpkg-database-directly [usr/lib/x86_64-linux- > gnu/libopenscap.so.33.0.0] > N: > N: The listed file or maintainer script appears to access the internal > N: database(s) of dpkg. > N: > N: The entire dpkg database, its layout and files are an internal interface > N: and no program or package should be accessing it, other than dpkg itself > N: and the suite of dpkg tools. > N: > N: Whilst the files may be editable by an admin, that's a supported (but > N: unrecommended) feature reserved for humans and not for automatic tools. > N: > N: Please refer to https://wiki.debian.org/DpkgConffileHandling for > details. > N: > N: Visibility: warning > N: Show-Always: no > N: Check: files/contents > > 3. Licenses [4]: Issue > > Some maybe false positive, but a review is in order due to so many files > being flagged. > > philwyett@ks-tarkin:~/Development/builder/debian/mentoring/openscap- > 1.4.0+dfsg$ lrc -t > : Versions: recon 1.14 check 3.3.9-1 > > Parsing Source Tree .... > Reading copyright .... > Running licensecheck .... > > d/copyright | licensecheck > > | BSD-2-clause cmake/FindDBUS.cmake > | LGPL-2.1+ compat/compat.h > | LGPL-3+ compat/strptime.c > | LGPL-2.1+ compat/strsep.c > | LGPL-2.1 lgpl-2.1.rtf > | LGPL-2 openscap.spec > LGPL-2.0+ | LGPL-2+ oscap_wrapper.in > | LGPL-2+ run.in > W3C | W3C~unknown schemas/common/xmldsig-core-schema.xsd > | W3C~unknown schemas/oval/5.11.3/xmldsig-core- > schema.xsd > LGPL-2.1+ and expat| Expat and/or LGPL-2.1+ schemas/sce/1.0/sce-result- > schema.xsd > | LGPL-2.1+ src/CPE/cpe_ctx_priv.c > | public-domain src/OVAL/probes/SEAP/MurmurHash3.c > | LGPL-2.1+ src/OVAL/probes/SEAP/_seap-command.h > | LGPL-2.1 tests/API/probes/test_memusage.c > | LGPL-2.1+ tests/bz2/test_bz2_memory_source.c > | GPL-2 tests/probes/rpm/foo.spec > | LGPL-2.1+ tests/sce/script_tester.py > | Perl tests/xmldiff.pl > LGPL-2.0+ | LGPL-2+ utils/autotailor > | LGPL-2.1+ utils/oscap-cpe.c > LGPL-2.0+ | LGPL-2+ utils/oscap-docker.in > | LGPL-2.1+ utils/oscap-ds.c > LGPL-2.0+ | LGPL-2+ utils/oscap-podman > GPL-2+ | GPL-2 utils/oscap-remediate > LGPL-2.0+ | LGPL-2+ utils/oscap-ssh > | LGPL-2.1+ utils/oscap-tool.c > LGPL-2.0+ | LGPL-2+ utils/oscap-vm > | LGPL-2.1+ utils/oscap-xccdf.c > LGPL-2.0+ | LGPL-2+ utils/oscap_docker_python/__init__.py > | LGPL-2.1+ utils/scap-as-rpm > | BSD-3-clause xsl/oval-results-report.xsl > | LGPL-2.1 xsl/oval-to-xccdf.xsl > | LGPL-2.1+ xsl/xccdf-branding.xsl > | Expat xsl/xccdf-resources.xsl > | LGPL-2.1+ xsl/xccdf-share.xsl >
Added a few more licenses I had missed, but as you noted, most is false positives. > 4. Watch file [uscan --force-download]: Good > > 5. Build Twice [sudo pbuilder build --twice <package>.dsc]: Issue > > dpkg-source -b . > dpkg-source: info: using source format '3.0 (quilt)' > dpkg-source: info: building openscap using existing > ./openscap_1.4.0+dfsg.orig.tar.xz > dpkg-source: info: using patch list from debian/patches/series > dpkg-source: warning: file openscap-1.4.0+dfsg/.pytest_cache/v/cache/nodeids > has no final newline (either original or modified version) > dpkg-source: warning: file openscap-1.4.0+dfsg/.pytest_cache/v/cache/stepwise > has no final newline (either original or modified version) > dpkg-source: info: local changes detected, the modified files are: > openscap-1.4.0+dfsg/.pytest_cache/CACHEDIR.TAG > openscap-1.4.0+dfsg/.pytest_cache/README.md > openscap-1.4.0+dfsg/.pytest_cache/v/cache/nodeids > openscap-1.4.0+dfsg/.pytest_cache/v/cache/stepwise > dpkg-source: info: Hint: make sure the version in debian/changelog matches > the unpacked source tree > dpkg-source: info: you can integrate the local changes with dpkg-source -- > commit > dpkg-source: error: aborting due to unexpected upstream changes, see > /tmp/openscap_1.4.0+dfsg-1.diff.Oq6MvY > dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 2 > I: copying local configuration > E: Failed autobuilding of package > I: unmounting dev/ptmx filesystem > I: unmounting dev/pts filesystem > I: unmounting dev/shm filesystem > I: unmounting proc filesystem > I: unmounting sys filesystem > I: cleaning the build env > I: removing directory /var/cache/pbuilder/build/226793 and its subdirectories > Fixed. > 6. Reproducible builds [5]: Good > > 7. Install [No previous installs]: Good > > 8. Upgrade [Over previous installs if any]: Good > > Additional... > > A. It would be good to add an upstream contact to 'debian/copyright' if there > is one or more. > Found it! > Summary... > > I believe openscap is not yet ready for sponsorship at this time. Could the > contributor rectify one of more of the rasied issues. Once updated to your > satisfaction and a new upload done, please remove the 'moreinfo' tag on the > Request For Sponsorship (RFS) bug report. > > Regards > > Phil > > [1] pbuilder: > > * Command: sudo pbuilder build <PACKAGE>.dsc > * Document: https://wiki.ubuntu.com/PbuilderHowto. > * Document: https://wiki.debian.org/PbuilderTricks > > [2] sbuild: > > * Command: sbuild <PACKAGE>.dsc > * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000002 > * Document: https://wiki.debian.org/sbuild > > [3] lintian: > > * Command: lintian -v -i -I -E --pedantic --profile debian (*.dsc, > *.changes, *.buildinfo). Each can throw up different results, so be thorough. > * Document: https://wiki.debian.org/Lintian > > [4] lrc: > > * Command: lrc -t > * Document: https://wiki.debian.org/CopyrightReviewTools#licenserecon > > [5] reprotest > > * Command: sudo reprotest --vary=-build_path,domain_host.use_sudo=1 --auto- > build <PACKAGE>.dsc -- schroot unstable-amd64-sbuild > * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000004 > * Document: https://wiki.debian.org/ReproducibleBuilds/ > * Document: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method >
