Bug#814216: ITP: puppet-module-ceilometer -- Puppet module for OpenStack Ceilometer

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-ceilometer
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-ceilometer
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Ceilometer

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Ceilometer.

Bug#814215: ITP: puppet-module-openstacklib -- exposes common functionality between Openstack modules as a library

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-openstacklib
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-openstacklib
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : exposes common functionality between Openstack modules as a 
library

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module is used to expose common functionality between Openstack modules as
 a library that can be utilized to avoid code duplication.

Re: 50.000 binary packages

[Enrico Zini]

On Tue, Feb 09, 2016 at 07:04:11AM +1100, Riley Baird wrote:

> > > Possibly someone should set up an online quiz thing, where you're
> > > shown a package name, its short description, and three randomly chosen
> > > short descriptions, and have to guess which short description is
> > > correct.
[...]
> > (script attached)
> I've modified the script so that it is interactive.

Good one! I made it run multiple times so that there can be more play
for each lengthy initial computation:

https://github.com/spanezz/pkgquiz


Enrico

-- 
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini 


signature.asc
Description: PGP signature

Bug#814217: ITP: puppet-module-cinder -- Puppet module for OpenStack Cinder

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-cinder
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-cinder
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Cinder

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Cinder.

Bug#814224: ITP: puppet-module-heat -- Puppet module for OpenStack Heat

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-heat
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-heat
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Heat

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Heat.

Bug#814223: ITP: puppet-module-glance -- Puppet module for OpenStack Glance

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-glance
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-glance
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Glance

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Glance.

Bug#814226: ITP: apertium-nno -- Apertium single language data for Norwegian Nynorsk

[Kartik Mistry]

Package: wnpp
Severity: wishlist
Owner: Kartik Mistry 

* Package name: apertium-nno
  Version : 0.5.0~r65328
  Upstream Author : Francis Tyers , Kevin Brubeck Unhammer 

Trond Trosterud 
* URL : http://apertium.org/
* License : GPL-2+
  Programming Lang: 
  Description : Apertium single language data for Norwegian Nynorsk

Data package providing Apertium language resources for Norwegian Nynorsk (nno).

Dependency of apertium-dan-nor package.

-- 
Kartik Mistry | IRC: kart_
{0x1f1f, kartikm}.wordpress.com


signature.asc
Description: PGP signature

Bug#814229: ITP: apertium-nob -- Apertium single language data for Norwegian Bokmål

[Kartik Mistry]

Package: wnpp
Severity: wishlist
Owner: Kartik Mistry 

* Package name: apertium-nob
  Version : 0.5.1~r65328
  Upstream Author : Francis Tyers , Kevin Brubeck Unhammer 
,
Trond Trosterud , Lene Antonsen 

* URL : http://apertium.org/
* License : GPL-2+
  Programming Lang: 
  Description : Apertium single language data for Norwegian Bokmål

Data package providing Apertium language resources for Norwegian Bokmål

Dependency of apertium-dan-nor. Maintained with debian-science team.

-- 
Kartik Mistry | IRC: kart_
{0x1f1f, kartikm}.wordpress.com


signature.asc
Description: PGP signature

Bug#814233: ITP: puppet-module-horizon -- Puppet module for OpenStack Horizon

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-horizon
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-horizon
* License : Apache-2.0
  Programming Lang: Python
  Description : Puppet module for OpenStack Horizon

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Horizon.

Bug#814234: ITP: puppet-module-ironic -- Puppet module for OpenStack Ironic

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-ironic
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-ironic
* License : Apache-2.0
  Programming Lang: Rubby, Puppet
  Description : Puppet module for OpenStack Ironic

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Ironic.

Bug#814236: ITP: puppet-module-keystone -- Puppet module for OpenStack Keystone

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-keystone
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-keystone
* License : Apache-2.0
  Programming Lang: Rubby, Puppet
  Description : Puppet module for OpenStack Keystone

 Puppet lets you centrally manage every important aspect of your system
 using a cross-platform specification language that manages all the
 separate elements normally aggregated in different files, like users,
 cron jobs, and hosts, along with obviously discrete elements like
 packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Keystone.

Bug#814241: ITP: puppet-module-manila -- Puppet module for OpenStack Manila

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-manila
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-manila
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Manila

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Manila.

Bug#814242: ITP: puppet-module-murano -- Puppet module for OpenStack Murano

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-murano
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-murano
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Murano

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Murano.

Bug#814243: ITP: puppet-module-neutron -- Puppet module for OpenStack Neutron

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-neutron
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-neutron
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Neutron

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Neutron.

Bug#814245: ITP: puppet-module-nova -- Puppet module for OpenStack Nova

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-nova
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-nova
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Nova

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Nova.

Bug#814246: ITP: puppet-module-sahara -- Puppet module for OpenStack Sahara

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-sahara
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-sahara
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Sahara

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Sahara.

Bug#814249: ITP: puppet-module-manila -- Puppet module for OpenStack Manila

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-manila
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/manila
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Manila

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Manila.

Bug#814251: ITP: puppet-module-swift -- Puppet module for OpenStack Swift

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-swift
  Version : 7.0.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/puppet-swift
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for OpenStack Swift

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenStack
 Swift.

colaborar

[jaguarnauta]

Saludos desde venezuela, estoy recien graduado en informatica, y deseo 
ayudar en el desarrollo de debian, no soy muy experto en ningun lenguaje 
de programacion ni se empaquetar, pero quisiera que ustedes me enseñen y 
por medio de eso yo mismio comenzar a ayudar y colaborar con mi tiempo y 
conocimiento, sin mas espero recibir su mayor receptividad, un abrazo!

Re: colaborar

[Andrew Shadura]

2016-02-09 16:04 GMT+01:00  :
> Saludos desde venezuela, estoy recien graduado en informatica, y deseo
> ayudar en el desarrollo de debian, no soy muy experto en ningun lenguaje de
> programacion ni se empaquetar, pero quisiera que ustedes me enseñen y por
> medio de eso yo mismio comenzar a ayudar y colaborar con mi tiempo y
> conocimiento, sin mas espero recibir su mayor receptividad, un abrazo!

While Google Translate helped me understand you, I guess using English
would help a lot :)

If you want to find something to work on in Debian, there's WNPP page:
https://www.debian.org/devel/wnpp/. That however includes only
packages that need some work, but there's a lot of things to do in
Debian apart from packaging. I think you might be interesting in
joining debian-mentors@ mailing list, and #debian-mentors IRC chat on
OFTC (irc.debian.org).

-- 
Cheers,
  Andrew

chromium disabling use of shared libs, BoringSSL

[Daniel Pocock]

Chromium upstream are keen to discourage use of shared libraries on the
system and encourage packagers to bundle their own versions.

This has been discussed in the context of libsrtp[1] but I can imagine
them using the same approach for other things in Chromium.

Has anybody else come across these situations with Chromium or Google
developers or other projects using BoringSSL?

Will the security team be happy to continue supporting the package?

Regards,

Daniel


1. https://code.google.com/p/chromium/issues/detail?id=501318

Re: chromium disabling use of shared libs, BoringSSL

[Bas Wijnen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks for pursuing this, Daniel, and for being civil while doing so.

On Tue, Feb 09, 2016 at 05:47:46PM +0100, Daniel Pocock wrote:
> Chromium upstream are keen to discourage use of shared libraries on the
> system and encourage packagers to bundle their own versions.

This looks bad.  But let me understand it: the sandbox they're talking about is
a restricted part of the program that refuses to use any shared libraries?
Would it work to statically link against the system library (as opposed to the
bundled one)?  As I understand it, they claim that what they bundle is
identical to upstream, so that should work?

Static linking isn't nice, but it's much better than using bundled libraries.
A statically linked package just needs to be binNMUd to get an update.

Thanks,
Bas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJWuh97AAoJEJzRfVgHwHE6NjoP/RAKLWVsH3xbt+Dr7JoPVzk6
GN9lMNdrSI4jFtIL9xDyn743k4dd85Urt8q2PPOk6vJdRyBFiw6gJ3UWA+9+jHq0
dvpjLEynrFY1rQnlMG//nYypacg0jYi95h+U2uT2PHu6yjVgwgBVxbz0hb6tQlmC
i0z+hZ+W0WwIz7g9+PlbzQqQm6AmWL4t7yKC8u/l0+n84BwyI7G9DjOnmOsg9C7Z
VZVp81y9h/bWKv3c5+QlDWb37Mxa30AETXQAHeWJTfZ+plZNBRkY0nVPOroMEnAM
u2EOxKntzTHuFRtqEU1dk4nUWfhd+LJP2+10ditneq0VYac0Vhs8vHhnpLt5BBMg
44tkDPcBtb/OvIzN74knxT0I+N1bkFemvD/Te4b1EnM984nN1GATyLfMbF/tu2S8
Xny2nd7kAI3vD1RUyDgyWWzMwyS7NP8vmx9bZ6LTCxaVSH1j/NuJgJHW/3opdnch
4PXXBho2uz8tY2q3zqUy4LF1/ASX2WmYzyionN6Wx37g/NNhB1cZA3QLabL+Cgg0
x04v78p6ncekpBUWoCLBZI+EMacZIfbPTAJJPLNSXbb4AmYIvZ9wNufKv51nNGrY
sTf1Wy4Ad+nHJhUcHPpcehSBkc17EPYR4himPLX1+44Sfr5rCYezxHMDWwXba4la
ugxYBcMuM+ruiX326hOu
=DEmJ
-END PGP SIGNATURE-

Re: chromium disabling use of shared libs, BoringSSL

[Jonas Smedegaard]

Quoting Daniel Pocock (2016-02-09 17:47:46)
> Chromium upstream are keen to discourage use of shared libraries on 
> the system and encourage packagers to bundle their own versions.
> 
> This has been discussed in the context of libsrtp[1] but I can imagine 
> them using the same approach for other things in Chromium.

https://wiki.debian.org/EmbeddedCodeCopies mentions the following:

libevent ffmpeg glew webkit icu expat unicode-data minizip libxml2 
protobuf libv8 nspr yasm libxslt sqlite3 snappy srtp tlslite

Seems not all of above are still true, however: Package in Sid links 
against system shared ffmpeg and srtp, at least.


> Has anybody else come across these situations with Chromium or Google
> developers or other projects using BoringSSL?
>
> Will the security team be happy to continue supporting the package?

I would hope they are not happy about current situation either...


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: another mount issue on jessie

[Sebastian Kuzminsky]

(This is in reply to Simon McVittie's email here: 
https://lists.debian.org/debian-devel/2016/02/msg00154.html)


Simon McVittie  wrote:

You could try putting

[Service]
PrivateTmp=no

in /etc/systemd/system/{colord,rtkit-daemon}.service.d/local.conf, and
see whether that has any effect after a `systemctl daemon-reload` or a
reboot?


That fixed it, thanks!

After 'systemctl daemon-reload' I had to run 'systemctl restart colord 
rtkit-daemon', then things started working.


On another Jessie machine I had to apply the same workaround to some 
additional services.  I identified the services that needed the 
workaround by grepping for 'PrivateTmp' in /lib/systemd.


Thanks much for the help.


--
Sebastian Kuzminsky

Bug#814261: ITP: plast -- Parallel Local Sequence Alignment Search Tool

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: plast
  Version : 2.3.1
  Upstream Author : Van Hoa Nguyen and Dominique Lavenier
* URL : https://plast.inria.fr/
* License : AGPL
  Programming Lang: C++
  Description : Parallel Local Sequence Alignment Search Tool
 PLAST is a fast, accurate and NGS scalable bank-to-bank sequence
 similarity search tool providing significant accelerations of seeds-
 based heuristic comparison methods, such as the Blast suite of
 algorithms.
 .
 Relying on unique software architecture, PLAST takes full advantage of
 recent multi-core personal computers without requiring any additional
 hardware devices.


Remark: This package will be maintained by the Debian Med team at
  https://anonscm.debian.org/debian-med/plast.git

Re: another mount issue on jessie

[Bas Wijnen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 09, 2016 at 10:38:26AM -0700, Sebastian Kuzminsky wrote:
> On another Jessie machine I had to apply the same workaround to some
> additional services.  I identified the services that needed the workaround
> by grepping for 'PrivateTmp' in /lib/systemd.

So any program that uses this option is broken?  Doesn't that mean we should
always disable it?  Is there a reason that it is ever enabled for anything?

Thanks,
Bas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJWujfyAAoJEJzRfVgHwHE6gH4P/ish9UZmNhBz6OcZ3RGkbSbO
BEP2m/5kDwY2Vqbdn/ZNY6MNSuD6nx3AuVqslpeuysyvq/0N+EeyLEuJ5bcuP16G
2oSryre1XnqakMbdt+dauop/3jD29e+TtEBzP1Gpd7gXgOEWPrXA3kh6maFusUU8
aGFLjE6ndtR447VgB6xTf21xdAFWsS/Jfrosc1PjJ98fmXATsCpfXqXp+uiVPuG+
dL52dFyq61SwV1jqB5no+l9qWPlCPodwMUZL92StiMYlQ6zmgyiLLRQSbmaoiJLE
CLn65gwitYmDKo19JvSOHeZcWWkWUeAT6n5WkbG0QQ60WqxCS0Zl+Otbj/dBEP+Y
NJqk+GvYdr708MC09eDZ7+dOPA3NpQLzdu3Af6CmOTt6WsZ7kJEX2+yIGVi3jNCr
PNX7P9uVE8FEhWUL/i1WlDVugYY7LbkOGRmn/YyuMZy8EHjHjzMvgg8oKqKFVjXi
4ABu8V9F5O4MsI41HRxKKhPJu8+DSCXeaKtkE/fqCzLu/3Oo6sjuViSjIcEmjWS2
f4M7i0JOM6EyaCk3AFujXfc9a66OiOondojcgPAZY1Wl6MENFyrLflR9NjN9dO1n
P2KwgrtbwW2vgZgfbwjyMMuU6Ek7voP5JTjiBDMBphniBUudOAkLx49eUd4M1me2
bSaaGs+9comFByXuoRBL
=ajY3
-END PGP SIGNATURE-

Re: another mount issue on jessie

[Sebastian Kuzminsky]

On 02/09/2016 12:03 PM, Bas Wijnen wrote:

On Tue, Feb 09, 2016 at 10:38:26AM -0700, Sebastian Kuzminsky wrote:

On another Jessie machine I had to apply the same workaround to
some additional services.  I identified the services that needed
the workaround by grepping for 'PrivateTmp' in /lib/systemd.


So any program that uses this option is broken?  Doesn't that mean we
should always disable it?  Is there a reason that it is ever enabled
for anything?


According to the systemd.exec(5) manpage:


PrivateTmp= Takes a boolean argument. If true, sets up a new file
system namespace for the executed processes and mounts private /tmp
and /var/tmp directories inside it that is not shared by processes
outside of the namespace. This is useful to secure access to
temporary files of the process, but makes sharing between processes
via /tmp or /var/tmp impossible. If this is enabled, all temporary
files created by a service in these directories will be removed after
the service is stopped. Defaults to false. It is possible to run two
or more units within the same private /tmp and /var/tmp namespace by
using the JoinsNamespaceOf= directive, see systemd.unit(5) for
details. Note that using this setting will disconnect propagation of
mounts from the service to the host (propagation in the opposite
direction continues to work). This means that this setting may not be
used for services which shall be able to install mount points in the
main mount namespace.


So it sounds useful and valuable, and I can see why people want it 
turned on.


FWIW, these services all work without Simon's workaround if I use the
Stretch kernel (on the Jessie userspace).  Only with the Jessie and 
Wheezy kernels is the workaround needed.


Possibly a kernel patch could be backported to Jessie (and
Wheezy), then the PrivateTmp could be used on Jessie without hassle.


--
Sebastian Kuzminsky

Bug#814273: ITP: libzmq-ffi-perl -- version agnostic Perl bindings for ZeroMQ using FFI

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

* Package name: libzmq-ffi-perl
  Version : 1.11
  Upstream Author : Dylan Cali 
* URL : https://metacpan.org/release/ZMQ-FFI
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : version agnostic Perl bindings for ZeroMQ using FFI

 ZMQ::FFI exposes a high level, transparent, OO interface to ZeroMQ
 independent of the underlying libzmq version.  Where semantics differ,
 it will dispatch to the appropriate backend for you.  As it uses FFI,
 there is no dependency on XS or compilation.

Package is needed for recent releases of libmessage-passing-zeromq-perl.

It will be maintained in the Perl team.

 - Jonas

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJWulBCAAoJECx8MUbBoAEhD4AP/3LDgywHRsRWcJB7pAOn7hSA
ItcGn13cglCyxsNjgz7wKz9riB/jrDuCGS4r/2YSfSEXTd4oX2e34b3GmzUL2Azx
H2WhfNFvEQ+as3dBo/l58eyBvavfTy78NyDTpYmdyA6qq//oVVB+8DWCO2HLQVVh
HhVpK+Xu8e5ZCc3NwPBEpzw5jW5wJ+3fayn04jRfwz9OW+6H8RiH2QYqZyBIjtBt
7+pyJ+j0EKCPEi0RngsHMr62DHWQRL9PFSO/2yM36cWH0TljuZ3mzZLLbDTpkHix
KdCeLkTZoHhTD3zpcAngS5PQN2kRH4q9HR0OvleWS4SpmGeuWdPwoEwjLH0CaDsY
lxpY8Rj/kood8/3otf6fEr4us8sEfmL/iWp9wFnEU+Fy/55DryO2WSzRcqJpfiyv
Jyzh75J5gXTBol/Q+76u+qmft6X4nYY5Q38eXjMlWTOGfhd/gRPOSK/3WUrFDfg8
cHnqkRkaoTpPHlyERV0nOls63OVMmMqqbUGIFtzP8MVB5EIHEWibKzaYjMErFkDr
97PtaO18C2Ml7PwH1j/YcbWpzwwrNIelze3nfRG+g8oDl9L0+nKUKZ7ortx3cRp7
684wGq6vU/EqiP5wqSXm5asDiIxvDzOWPDJc6peHSobTElRYXQQgbloOle5YcP51
+uHfMn6fBYHuBE5vLrXw
=Ytq1
-END PGP SIGNATURE-

Bug#814274: ITP: libffi-checklib-perl -- check that a library is available for FFI

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

* Package name: libffi-checklib-perl
  Version : 0.14
  Upstream Author : Graham Ollis 
* URL : http://perl.wdlabs.com/FFI-CheckLib
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : check that a library is available for FFI

 FFI::CheckLib checks whether a particular dynamic library is available
 for FFI to use.  It is modeled heavily on Devel::CheckLib, but will
 find dynamic libraries even when development packages are not
 installed.  It also provides a find_lib function that will return the
 full path to the found dynamic library, which can be feed directly into
 FFI::Platypus or FFI::Raw.

Package is needed for recent releases of libmessage-passing-zeromq-perl.

It will be maintained in the Perl team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJWulDaAAoJECx8MUbBoAEhA/8P/1VerbXzp0RUTMVE5rDoXGRi
UUrJ+DHAJmVcxhWUFPh6pH6GIhnd52DDqyTREVyCJjjb64dx+tbjLfPCuKSNiUc9
1wFdOnHWFkE8fAfvswgwifWr0l0D0riUB5qil7gY/wm9peSZFAvLcx3/fcRtItaW
6Y9Mj7Z5dx8m5rnBJutKkMyPcxJWYxz0SXI5j+B3PT+29uzPuachm8XH1aPiF4FX
MKdwrt0bxdihKX43ksVrm1QlnongkySlHyaGWYRIq4Gk6RrEI40/B+0yU6jSbd0y
qxjLxfg153p6x9lmU96bPb4GHO1u1pHh/76p0D5gY6+jn/tt2Nvdp74HHns7vx9L
K/l8/KsLqwiJjynH3ktnRnTMg5U4wAA3aENZy+H7qwPg1nCekwMWv+X0p8sTG0Xo
5hp6lRZIOFoXSC9CoO1TqENtmBNppP6wdLaGM0kn2nSxiHaszGqveRmXPRiRJvky
yLfs8JQwVWMty1qPlrnoC1lddD8Qah7wVifhT3H1D9mkZsY46/pD0mD6Q7PQI+gM
sx+qmnNMZiS8u12LJsh5YyePFjwr+xvwtQnSOJTo41AlGuixb94KkSoL57ssgI+g
9cyY0BjIqFVfCABwjRs/NedoVcQd2H8hL016dhyUe0mbZNgfocIB/GMk3slDmJHI
yaOA+vWhuUiWa14phfXT
=XNHg
-END PGP SIGNATURE-

Re: another mount issue on jessie

[Simon McVittie]

On 09/02/16 19:54, Sebastian Kuzminsky wrote:
> So it sounds useful and valuable, and I can see why people want it
> turned on.

Other systemd features that provide security hardening but might break
some mount-operation patterns include ReadWriteDirectories,
ReadOnlyDirectories, InaccessibleDirectories, ProtectSystem, ProtectHome
and possibly PrivateDevices.

Non-systemd technologies with similar properties include unshare(1) and
most containerization technologies (lxc, Docker, rkt, xdg-app and so
on), because they're all using the same clone(2) and unshare(2) syscalls
behind the scenes. systemd's hardening features are similar to
unshare(1), starting with an uncontained service and selectively cutting
off parts of its access to the host system, while typical containers
start with a mostly-independent container and selectively share parts of
the host system; but they're working along the same spectrum.

Of the systemd things, PrivateTmp is probably the most common because
it's relatively easy to audit whether it's going to break a particular
service, but I'm sure all the others are used somewhere in Debian too.
The game engines that I maintain use most of them for their dedicated
servers, because game servers are network-facing, don't need to access
much outside their sandbox, and are typically written in the sort of C
dialect that tends to be correlated with exploitable bugs.

S

Re: chromium disabling use of shared libs, BoringSSL

[Philipp Kern]

On 2016-02-09 18:27, Jonas Smedegaard wrote:

Quoting Daniel Pocock (2016-02-09 17:47:46)
https://wiki.debian.org/EmbeddedCodeCopies mentions the following:
libevent ffmpeg glew webkit icu expat unicode-data minizip libxml2
protobuf libv8 nspr yasm libxslt sqlite3 snappy srtp tlslite

Seems not all of above are still true, however: Package in Sid links
against system shared ffmpeg and srtp, at least.


Has anybody else come across these situations with Chromium or Google
developers or other projects using BoringSSL?
Will the security team be happy to continue supporting the package?

I would hope they are not happy about current situation either...


Chromium upstream is tracking everything they ship pretty closely, 
especially OpenSSL, which they have forked in an embedded copy kind of 
way. They cleaned it up and do not want to be tied by API/ABI backwards 
compatibility in their attempts (well, mostly Adam Langley's) to make it 
more sane. You can't have multiple versions of BoringSSL in the same 
binary, nor can you link against OpenSSL. On the other hand Chromium 
then ends up in the weird position where you always need to update it in 
full rather than taking selected patches. And in reality that's how the 
security updates work, even in Debian.


Browsers are their own ecosystem. They deeply care about their TLS not 
being tampered with. Also Chromium really tries to be secure, using all 
the sandboxing that they can get to work.


If you'd split out BoringSSL, you'd ship it mainly for Chromium and 
would need to update it in lockstep with every release. I don't think 
there's a significant benefit to that. It does increase the complexity 
of updates as well.


Kind regards
Philipp Kern

Bug#814293: ITP: puppet-module-saz-ssh -- Puppet module for Ssh configuration (client and server)

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-saz-ssh
  Version : 2.8.1
  Upstream Author : Steffen Zieger 
* URL : https://github.com/saz/puppet-ssh
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for Ssh configuration (client and server)

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of Ssh (client and
 server).

Bug#814294: ITP: puppet-module-nanliu-staging -- Puppet module for the management of staging directory

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-nanliu-staging
  Version : 1.0.4
  Upstream Author : Nan Liu 
* URL : https://github.com/nanliu/puppet-staging
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for the management of staging directory

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages staging directory, along with download/extraction of
 compressed files.

Bug#814295: ITP: puppet-module-camptocamp-openssl -- Puppet module for managing openssl configuration

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-camptocamp-openssl
  Version : 1.5.0
  Upstream Author : Raphaël Pinson 
* URL : https://github.com/camptocamp/puppet-openssl
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for managing openssl configuration

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages both the installation and configuration of OpenSSL.

Bug#814296: ITP: puppet-module-jbussdieker-monit -- Puppet module for installing configuring and running processes using monit

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-jbussdieker-monit
  Version : 1.5.0
  Upstream Author : Joshua B. Bussdieker 
* URL : https://github.com/jbussdieker/puppet-monit
* License : Unkown yet (currently clarifying with upstream)
  Programming Lang: Ruby, Puppet
  Description : Puppet module for installing configuring and running 
processes using monit

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages installing, configuring and running processes using monit.

Bug#814297: ITP: puppet-module-adrienthebo-filemapper -- Puppet module for mapping files to resources and back

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-adrienthebo-filemapper
  Version : 1.1.3
  Upstream Author : Adrien Thebo 
* URL : https://github.com/adrienthebo/puppet-filemapper
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for mapping files to resources and back

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages mapping of files to resources and back.

Bug#814298: ITP: puppet-module-puppetlabs-tftp -- Puppet module for managing tftp-hpa

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-puppetlabs-tftp
  Version : 0.2.3
  Upstream Author : Nan Liu 
* URL : https://puppetlabs/puppetlabs-tftp
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for managing tftp-hpa

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module will install tftp-hpa as a xinetd service by default. It can be
 overridden to run as a standalone daemon by setting the inetd parameter to
 false.
 .
 Parameters:
  * username: tftp daemon user, default tftp
  * directory: service directory, deafult see params class.
  * address: bind address, default 0.0.0.0.
  * port: bind port, default 69.
  * options: service option, default --secure.
  * inetd: run service via xinetd, default true.

Bug#814300: ITP: puppet-module-richardc-datacat -- Puppet module for data structure rendered using a template

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-richardc-datacat
  Version : 0.6.2
  Upstream Author : Richard Clamp 
* URL : https://github.com/richardc/puppet-datacat
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for data structure rendered using a template

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 The datacat and datacat_fragment types allow you to build up a data structure
 which is rendered using a template. This is similar to some of the common
 concatenation patterns though the intent should be clearer as it pushes the
 boilerplate down into the type.

Bug#814302: ITP: puppet-module-puppet-community-mcollective -- puppet-module-puppet-community-mcollective

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-puppet-community-mcollective
  Version : 0.6.2
  Upstream Author : Jeff McCune 
* URL : https://github.com/voxpupuli/puppet-mcollective
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : puppet-module-puppet-community-mcollective

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 The mcollective module handles installing and configuring mcollective across a
 range of operating systems and distributions. Where possible we follow the
 standards laid down by the MCollective Standard Deployment guide.

Bug#814303: ITP: puppet-module-puppetlabs-vcsrepo -- use Puppet to easily deploy content from your version control system (VCS)

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-puppetlabs-vcsrepo
  Version : 1.3.2
  Upstream Author : Hunter Haugen 
* URL : https://github.com/puppetlabs/puppetlabs-vcsrepo
* License : GPL-2+
  Programming Lang: Ruby, Puppet
  Description : use Puppet to easily deploy content from your version 
control system (VCS)

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 The vcsrepo module lets you use Puppet to easily deploy content from your
 version control system (VCS).

Bug#814304: ITP: puppet-module-puppetlabs-mongodb -- Puppet module for managing mongodb installation and configuration

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-puppetlabs-mongodb
  Version : 0.7.0
  Upstream Author : Chris Hoge 
* URL : https://github.com/puppetlabs/puppetlabs-mongodb
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for managing mongodb installation and 
configuration

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 The MongoDB module manages mongod server installation and configuration of the
 mongod daemon. For the time being it supports only a single MongoDB server
 instance, without sharding functionality.

Bug#814305: ITP: puppet-module-puppetlabs-rsync -- Puppet module for rsync clients, repositories, and servers

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-puppetlabs-rsync
  Version : 0.2.0
  Upstream Author : Garrett Honeycutt 
* URL : https://github.com/puppetlabs/puppetlabs-rsync
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for rsync clients, repositories, and servers

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 puppetlabs-rsync manages rsync clients, repositories, and servers as well as
 providing defines to easily grab data via rsync.

Bug#814306: ITP: spin -- a software verification tool

[Tom Lee]

Package: wnpp
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org

I'm working on Debian packages for Gerard J. Holzmann's Spin software
verification tool, which has recently become available under the BSD
3-Clause license. Holzmann's original paper "The Model Checker: SPIN" has
been cited over a thousand times in academia according to ACM. Spin has
also seen success in a number of commercial and government projects,
including NASA's investigation of alleged unintended acceleration in the
Toyota Camry MY05's control software.

Packaging WIP is available here: https://github.com/thomaslee/spin-debian

Initial indications are the packaging will be relatively simple with some
minimal patches.

Further reading:

http://spinroot.com
https://en.wikipedia.org/wiki/SPIN_model_checker
https://en.wikipedia.org/wiki/Promela
http://spinroot.com/spin/success.html



-- 
*Tom Lee */ http://tomlee.co / @tglee 

How to change config script for multiarch?

[NOKUBI Takatsugu]

I am a maintainer of chasen package. It contains chasen-config, it
work as pkg-config like but it's a single script.

Latest lintain reports:
E: libchasen-dev: old-style-config-script-multiarch-path usr/bin/chasen-config 
full text contains architecture specific dir x86_64-linux-gnu

But I want to keep libchasen-dev as Multi-Arch: same. Would you tell
me finding the correct way to change the script?

Re: How to change config script for multiarch?

[Vincent Danjean]

Le 10/02/2016 08:12, NOKUBI Takatsugu a écrit :
> I am a maintainer of chasen package. It contains chasen-config, it
> work as pkg-config like but it's a single script.
> 
> Latest lintain reports:
> E: libchasen-dev: old-style-config-script-multiarch-path 
> usr/bin/chasen-config full text contains architecture specific dir 
> x86_64-linux-gnu
> 
> But I want to keep libchasen-dev as Multi-Arch: same. Would you tell
> me finding the correct way to change the script?

  I do not think there is a generic answer. But, if your script is
simple, perhaps just replacing hardcoded directory names by the output
of "dpkg -qDEB_HOST_MULTIARCH" will be enough.
  This would probably be an debian-specific arch because the script
will then do some assumption about the layout of the software (instead
of relying on the $libdir, ... autoconf variables/substitutions) and
it will use the Debian specific dpkg-architecture tool (your package
will need to depends on dpkg-dev)
  To be Multi-Arch: same, the package must have the same contents in
all architectures.

  Note that this won't solve cross-compilation issues. For this, unless
specific needs, a convertion to pkg-config style is probably the
easiest/rightest (but it is better to do it with upstream). In this
case, the chasen-config might be rewritten with internal calls to
pkg-config to avoid to duplicate the information and still keeping
the old interface.

  Regards,
Vincent

-- 
Vincent Danjean   GPG key ID 0xD17897FA vdanj...@debian.org
GPG key fingerprint: 621E 3509 654D D77C 43F5  CA4A F6AE F2AF D178 97FA
Unofficial pkgs: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo:  deb http://people.debian.org/~vdanjean/debian unstable main

Bug#814309: ITP: puppet-module-puppetlab-rabbitmq -- Puppet module for rabbitmq, manage everything from vhosts to exchanges

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: puppet-module-puppetlab-rabbitmq
  Version : 5.3.1
  Upstream Author : Ashley Penney 
* URL : https://github.com/puppetlabs/puppetlabs-rabbitmq
* License : Apache-2.0
  Programming Lang: Ruby, Puppet
  Description : Puppet module for rabbitmq, manage everything from vhosts 
to exchanges

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 The rabbitmq module sets up rabbitmq and has a number of providers to manage
 everything from vhosts to exchanges after setup.