RFS: golang-github-go-git-go-git [RC] & dependencies
Hi Go team, I require a sponsor to review and upload the following packages for me. New packages: - golang-github-pjbgf-sha1cd - golang-github-skeema-knownhosts Updated packages: - golang-github-go-git-go-git [RC] - Fixes: CVE-2023-49568, CVE-2023-49569, Closes: #1060701 - golang-github-go-git-go-git-fixtures - golang-github-go-git-go-billy Kind regards, Maytham signature.asc Description: This is a digitally signed message part
Re: RFS: golang-github-go-git-go-git [RC] & dependencies
Maytham Alsudany writes: > Hi Go team, > > I require a sponsor to review and upload the following packages for me. > > New packages: > - golang-github-pjbgf-sha1cd > - golang-github-skeema-knownhosts I reviewed these, and have uploaded them. Builds fine: https://salsa.debian.org/jas/golang-github-pjbgf-sha1cd/-/pipelines/658031 https://salsa.debian.org/jas/golang-github-skeema-knownhosts/-/pipelines/658035 I wonder if the sha1cd test data is copyrighted and licensed as per upstream's claims, but I have no fact to speak against the claim either so I will merely make this comment about it. I only took a look at the first package below, but the added dependencies made it too complicated for me to build right now. Maybe more later... /Simon > Updated packages: > - golang-github-go-git-go-git [RC] > - Fixes: CVE-2023-49568, CVE-2023-49569, Closes: #1060701 > - golang-github-go-git-go-git-fixtures > - golang-github-go-git-go-billy > > Kind regards, > Maytham > signature.asc Description: PGP signature
Re: RFS: golang-github-go-git-go-git [RC] & dependencies
Hi Simon, On Wed, 2024-03-27 at 16:30 +0100, Simon Josefsson wrote: > Hi -- happy to sponsor this -- are they in git on salsa for me to build > and sign and upload, or what shape are they in? They all ready to sign and upload. I see you've already uploaded sha1cd and knownhosts. Remaining: https://salsa.debian.org/go-team/packages/golang-github-go-git-go-billy https://salsa.debian.org/go-team/packages/golang-github-go-git-go-git-fixtures https://salsa.debian.org/go-team/packages/golang-github-go-git-go-git Thanks, Maytham > Maytham Alsudany writes: > > > Hi Go team, > > > > I require a sponsor to review and upload the following packages for me. > > > > New packages: > > - golang-github-pjbgf-sha1cd > > - golang-github-skeema-knownhosts > > > > Updated packages: > > - golang-github-go-git-go-git [RC] > > - Fixes: CVE-2023-49568, CVE-2023-49569, Closes: #1060701 > > - golang-github-go-git-go-git-fixtures > > - golang-github-go-git-go-billy > > > > Kind regards, > > Maytham > > signature.asc Description: This is a digitally signed message part
Re: RFS: golang-github-go-git-go-git [RC] & dependencies
Hi Simon, On Wed, 2024-03-27 at 17:14 +0100, Simon Josefsson wrote: > I wonder if the sha1cd test data is copyrighted and licensed as per > upstream's claims, but I have no fact to speak against the claim either > so I will merely make this comment about it. Your concerns are valid, so I've done some digging and found that shattered-1.pdf and shattered- 2.pdf come from https://shattered.io, and sha-mbles-1.bin and sha-mbles-2.bin come from https://github.com/SHA-mbles/SHA-mbles.github.io I've confirmed that the sha-mbles files are licensed under Expat (and will add that to d/copyright), but I cannot find a license nor copyright for shattered, nor any contact information. Should I repack sha1cd to remove the shattered files? > I only took a look at the first package below, but the added > dependencies made it too complicated for me to build right now. Maybe > more later... You'll probably want to look at and build go-billy and go-git-fixtures first. > Thanks, Maytham signature.asc Description: This is a digitally signed message part
Bug#1067864: ITP: golang-github-allan-simon-go-singleinstance -- Make sure you have only one instance of a software in Go (library)
Package: wnpp Severity: wishlist Owner: Maytham Alsudany X-Debbugs-CC: debian-de...@lists.debian.org, debian-go@lists.debian.org * Package name: golang-github-allan-simon-go-singleinstance Version : 1.0.0 Upstream Contact: Allan Simon * URL : https://github.com/allan-simon/go-singleinstance * License : Expat Programming Lang: Go Description : Make sure you have only one instance of a software in Go (library) Cross plateform library to have only one instance of a software (based on python's tendo). Dependency of nwg-bar. This package will be maintained within the Debian Go Packaging Team. I will need a DD to sponsor and upload this package. -- Kind regards, Maytham Alsudany signature.asc Description: This is a digitally signed message part
Bug#1067865: ITP: nwg-bar -- GTK3-based button bar for wlroots-based compositors
Package: wnpp Severity: wishlist Owner: Maytham Alsudany X-Debbugs-CC: debian-de...@lists.debian.org, debian-go@lists.debian.org Control: block -1 by 1067864 * Package name: nwg-bar Version : 0.1.6 Upstream Contact: https://github.com/nwg-piotr/nwg-bar/issues * URL : https://github.com/nwg-piotr/nwg-bar * License : Expat Programming Lang: Go Description : GTK3-based button bar for wlroots-based compositors nwg-bar is a GTK3-based button bar for wlroots-based compositors like sway, based on a user-defined JSON template and fully customizable using CSS. . The nwg-bar command creates a button bar on the basis of a JSON template placed in the ~/.config/nwg-bar/ folder. By default the command displays a horizontal bar in the center of the screen. Use command line arguments to change the placement. . This application is a part of the nwg-shell project. This package will be maintained within the Debian Go Packaging Team. I will need a DD to sponsor and upload this package. -- Kind regards, Maytham Alsudany signature.asc Description: This is a digitally signed message part
Bug#1067866: ITP: golang-github-dlasky-gotk3-layershell -- gotk3 addon module that provides gtk_layer_shell compatibiility (library)
Package: wnpp Severity: wishlist Owner: Maytham Alsudany X-Debbugs-CC: debian-de...@lists.debian.org, debian-go@lists.debian.org * Package name: golang-github-dlasky-gotk3-layershell Version : 0.0~git20230801.b0c42cd Upstream Contact: https://github.com/dlasky/gotk3-layershell/issues * URL : https://github.com/dlasky/gotk3-layershell * License : Expat Programming Lang: Go Description : gotk3 addon module that provides gtk_layer_shell compatibiility (library) gotk3-layershell is a simple golang library to provide bindings for the excellent Gtk Layer Shell library which can be consumed in the also excellent gotk3 Gtk library. This allows for GTK windows in Linux window managers like swaywm that utilize the Layer Shell protocol in wayland to be positioned relative to the viewport including pinning and layer depth control. Dependency of nwg-bar. This package will be maintained within the Debian Go Packaging Team. I will need a DD to sponsor and upload this package. -- Kind regards, Maytham Alsudany signature.asc Description: This is a digitally signed message part
Bug#1067867: ITP: golang-github-joshuarubin-go-sway -- Sway client for Go (library)
Package: wnpp Severity: wishlist Owner: Maytham Alsudany X-Debbugs-CC: debian-de...@lists.debian.org, debian-go@lists.debian.org Control: block 1067865 by -1 * Package name: golang-github-joshuarubin-go-sway Version : 1.2.0 Upstream Contact: https://github.com/joshuarubin/go-sway/issues * URL : https://github.com/joshuarubin/go-sway * License : Expat Programming Lang: Go Description : Sway client for Go (library) This package simplifies working with the sway IPC from Go. It was highly influenced by https://github.com/i3/go-i3. . While the i3 and sway IPCs share much in common, they are not identical. This package provides the complete sway api. Dependency of nwg-bar. This package will be maintained within the Debian Go Packaging Team. I will need a DD to sponsor and upload this package. -- Kind regards, Maytham Alsudany signature.asc Description: This is a digitally signed message part
Bug#1067868: ITP: golang-github-joshuarubin-go-sway -- Sway client for Go (library)
Package: wnpp Severity: wishlist Owner: Maytham Alsudany X-Debbugs-CC: debian-de...@lists.debian.org, debian-go@lists.debian.org Control: block 1067865 by -1 * Package name: golang-github-joshuarubin-go-sway Version : 1.2.0 Upstream Contact: https://github.com/joshuarubin/go-sway/issues * URL : https://github.com/joshuarubin/go-sway * License : Expat Programming Lang: Go Description : Sway client for Go (library) This package simplifies working with the sway IPC from Go. It was highly influenced by https://github.com/i3/go-i3. . While the i3 and sway IPCs share much in common, they are not identical. This package provides the complete sway api. Dependency of nwg-bar. This package will be maintained within the Debian Go Packaging Team. I will need a DD to sponsor and upload this package. -- Kind regards, Maytham Alsudany signature.asc Description: This is a digitally signed message part
Bug#1067869: ITP: golang-github-joshuarubin-lifecycle -- manage goroutines in golang applications (library)
Package: wnpp Severity: wishlist Owner: Maytham Alsudany X-Debbugs-CC: debian-de...@lists.debian.org, debian-go@lists.debian.org Control: block 1067867 by -1 * Package name: golang-github-joshuarubin-lifecycle Version : 1.1.4 Upstream Contact: https://github.com/joshuarubin/lifecycle/issues * URL : https://github.com/joshuarubin/lifecycle * License : Expat Programming Lang: Go Description : manage goroutines in golang applications (library) lifecycle helps manage goroutines at the application level. context.Context has been great for propagating cancellation signals, but not for getting any feedback about when goroutines actually finish. This package works with context.Context to ensure that applications don't quit before their goroutines do. . The semantics work similarly to the go (lifecycle.Go) and defer (lifecycle.Defer) keywords as well as sync.WaitGroup.Wait (lifecycle.Wait). Additionally, there are lifecycle.GoErr and lifecycle.DeferErr which only differ in that they take funcs that return errors. . lifecycle.Wait will block until one of the following happens: - all funcs registered with Go complete successfully then all funcs registered with Defer complete successfully - a func registered with Go returns an error, immediately canceling ctx and triggering Defer funcs to run. Once all Go and Defer funcs complete, Wait will return the error - a signal (by default SIGINT and SIGTERM, but configurable with WithSignals) is received, immediately canceling ctx and triggering Defer funcs to run. Once all Go and Defer funcs complete, Wait will return ErrSignal - a func registered with Go or Defer panics. the panic will be propagated to the goroutine that Wait runs in. there is no attempt, in case of a panic, to manage the state within the lifecycle package. Dependency of golang-github-joshuarubin-go-sway. This package will be maintained within the Debian Go Packaging Team. I will need a DD to sponsor and upload this package. -- Kind regards, Maytham Alsudany signature.asc Description: This is a digitally signed message part
