On Thu, 2020-04-16 at 21:15 +0200, Romain Perier wrote: > Package: wnpp > Severity: wishlist > Owner: Romain Perier <romain.per...@gmail.com> > > * Package name : fsverity > Version : 1.0 > Upstream Author : Eric Biggers <ebigg...@google.com> > * URL : > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git > * License : GPL > Programming Lang: C > Description : Userspace utilities for fs-verity > > This is fsverity, a userspace utility for fs-verity. fs-verity is a Linux > kernel > feature that does transparent on-demand integrity/authenticity verification of > the contents of read-only files, using a hidden Merkle tree (hash tree) > associated > with the file. The mechanism is similar to dm-verity, but implemented at the > file > level rather than at the block device level. The fsverity utility allows you > to > set up fs-verity protected files. > > This package will be helpful for handling the fsverity feature on a file from > userspace. > > I want to maintain this package. As DM, I need someone for the initial upload. > Packaging is currently hosted here > https://salsa.debian.org/rperier-guest/fsverity, > and will be developed at https://salsa.debian.org/debian/fsverity
Hi, I can sponsor your initial upload, if you haven't found anyone else yet. A few things I noticed that would be good to fix beforehand: 1) Given you set compat 12, you can delete debian/compat and change the build-dep from debhelper (>= 12) to debhelper-compat (= 12) 2) The upstream repository is called fsverity-utils, but the source package and the salsa repository are called fsverity. It would be better if they matched. The binary package name can stay as fsverity. 3) Standards-Version is outdated 4) Rules-Requires-Root: no is not set, even though I don't see anything that would make it not work 5) The license in debian/copyright should be "GPL-2+ with OpenSSL exception" since the author explicitly added it. Copy the exception from upstream's README into a paragraph at the bottom of the license body in d/copyright. Then, remove the lintian-override for possible- gpl-code-linked-with-openssl 6) Given it's a linux-specific feature, the Architecture should probably be linux-any instead of any 7) The upstream makefile hard-codes -lcrypto instead of using pkg- config to get linker and compiler flags. This should be fixed. 8) The upstream makefile does not append to CFLAGS and CPPFLAGS, but overrides them, so the hardening flags are lost and the build fails since debhelper's -g is lost and dh_dwz fails as there are no symbols to strip. This should be fixed as well.
signature.asc
Description: This is a digitally signed message part
