Re: getconf(1) interface considered cross-harmful
On Thu, 2017-10-19 at 10:51:30 +0100, Simon McVittie wrote: > On Thu, 19 Oct 2017 at 10:50:36 +0200, Guillem Jover wrote: > > When it comes to LFS, starting with dpkg 1.19.0 you can now use the > > new «lfs» feature from the «future» feature area > > ... or if your upstream uses Autotools, ask them to add AC_SYS_LARGEFILE > to configure.ac, which as far as I can tell does the right thing. Sure, and that was already covered in the lintian tag as one of the possible solutions. My assumption for adding that new build flag feature has been that if maintainers are currently using getconf(1) it is because either the package does not use autoconf, or they might be uncomfortable patching it or similar. And this would give an easy migration path. I filed #879935, and the lintian tag clarification got applied, the remaining part is for emitting a tag on wrong getconf(1) usage. Thanks, Guillem
Bug#880171: ITP: perse -- Permission settings GUI for udev devices
Package: wnpp Severity: wishlist Owner: Ville Ranki * Package name: perse Version : 1.0.2 Upstream Author : Ville Ranki * URL : https://github.com/vranki/perse * License : GPLv3 Programming Lang: C++ Description : Permission settings GUI for udev devices Got a USB gadget which won't work unless you chmod it's device file to be writable, suchas Arduino or USB-serial adapter? Hate writing udev rules for those gadgets? Perse is a easy GUI tool to make devices writable in Linux. Just select the devices you want to be world writable and Perse creates persistent udev rules for them. I've been using Perse for some years and found it useful in many situations. I would be nice to be able to apt install it easily from debian repos.
Bug#880184: ITP: python-twilio -- Twilio API client and TwiML generator
Package: wnpp Severity: wishlist Owner: Sophie Brun * Package name: python-twilio Version : 6.8.2 Upstream Author : Twilio, Inc. * URL : https://github.com/twilio/twilio-python * License : MIT Programming Lang: Python Description : Twilio API client and TwiML generator This package is a Python module for communicating with the Twilio API and generating valid TwiML. It's a dependency for elastalert package (ITP #876963). I plan to maintain this package in the Python Modules Team.
Bug#880199: ITP: skopeo -- Utility performing various operations on container images and image repositories
Package: wnpp Owner: Free Ekanayaka Severity: wishlist * Package name: skopeo Version : 0.1.24+git20171028.40a5f48-1 Upstream Author : Jhon Honce * URL : https://github.com/projectatomic/skopeo * License : Apache-2.0 Programming Lang: Go Description : Utility performing various operations on container images and image repositories Skopeo is a command line utility that performs various operations on container images and image repositories. Skopeo works with API V2 registries such as Docker registries, the Atomic registry, private registries, local directories and local OCI-layout directories. Skopeo does not require a daemon to be running to perform its operations.
Bug#880224: ITP: node-quick-lru -- Useful when you need to cache something and limit memory usage.
Package: wnpp Severity: wishlist Owner: Raju Devidas X-Debbugs-CC: debian-devel@lists.debian.org * Package name : node-quick-lru Version : 1.1.0 Upstream Author : Sindre Sorhus (sindresorhus.com) * URL : https://github.com/sindresorhus/quick-lru#readme * License : Expat Programming Lang: JavaScript Description : Useful when you need to cache something and limit memory usage. “Simple "Least Recently Used" (LRU) cache”. Useful when you need to cache something and limit memory usage. Inspired by the hashlru algorithm, but instead uses Map to support keys of any type, not just strings, and values can be undefined. I need to package node-quick-lru as it is a dependency for ava. ava is a test framework used in JavaScript.
Bug#880265: ITP: ruby-rubocop-rspec -- Code style checking for RSpec files
Package: wnpp Severity: wishlist Owner: Miguel Landaeta * Package name: ruby-rubocop-rspec Version : 1.19.0 Upstream Author : Ian MacLeod * URL : https://github.com/backus/rubocop-rspec * License : Expat Programming Lang: Ruby Description : Code style checking for RSpec files ruby-rubocop-rspec is Ruby library that provides RSpec-specific analysis for your projects, as an extension to RuboCop. . Rubocop is a Ruby static code analyzer based on the community Ruby style guide. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche signature.asc Description: PGP signature
Re: Let's enable AppArmor by default (why not?)
On Fri, 2017-10-27 at 11:53 +0200, intrigeri wrote: [...] > > 2. fix all the problems identified in #1 > > We're almost there! Remaining blockers: > > - deal with Linux 4.14 bringing in new mediation features and having >a bug (until -rc6 at least) precisely in the way it handles the >obvious mitigation I've applied (feature set pinning): tracked by >#877581, likely 4.14-rc7 will fix it; It seems to have been fixed - kind of - by a revert: commit 80c094a47dd4ea63375e3f60b5e076064f16e857 Author: Linus Torvalds Date: Thu Oct 26 19:35:35 2017 +0200 Revert "apparmor: add base infastructure for socket mediation" Let's hope socket mediation will be enabled again in a compatible way for 4.15. >worst case, if Linux 4.14 >reaches sid with this bug not fixed yet, I'll revert the feature >set pinning and we'll deal with whatever bits of policy need >updates (the most important ones all have patches submitted >upstream + to the BTS already so I'm confident) > > - enable AppArmor by default in our Linux kernel: I'll file a bug >about it once the above issue is resolved [...] Already did it with today's uploads. :-) Ben. -- Ben Hutchings friends: People who know you well, but like you anyway. signature.asc Description: This is a digitally signed message part
Bug#880373: ITP: autorandr -- Automatically select a display configuration for connected devices
Package: wnpp Severity: wishlist Owner: Don Armstrong * Package name: autorandr Version : 1.2 Upstream Author : Phillip Berndt * URL : https://github.com/phillipberndt/autorandr * License : GPL-3+ Programming Lang: Python Description : Automatically select a display configuration for connected devices Autorandr is a script for managing xrandr configurations based on the connected devices. It can be set up to automatically switch to a stored configuration whenever a change in the configuration is detected.
Re: Let's enable AppArmor by default (why not?)
On Fri, Oct 27, 2017 at 11:06 AM, Anthony DeRobertis wrote: > the kernel runs just fine w/o and doesn't lose any > major functionality. I think the whole point of this thread is that AppArmor is major functionality that we want in default Debian systems. Therefore, demoting it to Suggests in Bullseye seems counter-productive. Thanks, Jeremy Bicha
Bug#880386: ITP: node-matcher -- Simple wildcard matching
Package: wnpp Severity: wishlist Owner: Raju Devidas X-Debbugs-CC: debian-devel@lists.debian.org * Package name : node-matcher Version : 1.0.0 Upstream Author : Sindre Sorhus (sindresorhus.com) * URL : https://github.com/sindresorhus/matcher#readme * License : Expat Programming Lang: JavaScript Description : Simple wildcard matching Useful when you want to accept loose string input and regexes/globs are too convoluted. Need to package node-matcher as it is a dependency required for packaging node-ava
Re: Let's enable AppArmor by default (why not?)
Hello Philip, Am 29.10.2017 um 14:27 schrieb Philipp Kern: > On 08/05/2017 01:31 AM, intrigeri wrote: >> What's the cost for package maintainers? >> >> >> For most of them: none at all. As said earlier, our AppArmor policy >> does not cover that much software yet. > > So how will bug reports work? For instance I turned it on and now I see > a bunch of warnings[1] from Thunderbird and a bunch of actual failures > when opening links (which is completely broken), because Thunderbird > cannot exec google-chrome-beta. What about integration issues where a > browser should be able to register itself as a browser and hence be > available from applications that try to open links? > > Right now thunderbird's profile is owned by thunderbird. Is > thunderbird's maintainer expected to deal with all of these issues? > Should there be some kind of tool where the apparmor team could > aggregate the updates? (I.e. routinely review denies?) in the near past I've forwarded bug reports about apparmor suggestions and issues to Simon Diezel (CC'd) and also to intrigeri. This works quite well now due a good responsive behavior of both and I'm really thankful for this! Right after the beginning of the apparmor profile for Icedove/Thunderbird I was a bit skeptic if the shipping of the profile within the ID/TB packaging will work and is maintainable as I haven't use apparmor ever before and due this have quite zero experience with that. I got the impression that the profile would be better under the hood of the apparmor team as there is much more knowledge about the working model. Starting with this thread and by some talking to various people I changed my mind about this. For better flexibility and customizing, thinking about various releases (like *-security, *-backports e.g.) that need to be supported, I believe apparmor profiles for the applications should stay in the belonging source packages in most cases. Ubuntu is doing the opposite as far as I know [1], the time will show which way is batter. But yes, the maintainers of such packages need the help of the apparmor folks and also vice versa. For Thunderbird intrigeri and myself came to the conclusion that especially for the apparmor profile someone from the apparmor team should be able to contribute changes to the profile directly to the git tree. So intrigeri has become a member of the pkg-mozilla group to be able to push changes by himself. I trust intrigeri enough that he will do good contributions. For now it's the best we can do. This at all is for sure improvable and we should talk about this on upcoming Debian events or directly via email. ... > [1] e.g. > [ 3459.624852] audit: type=1400 audit(1509283082.571:59): > apparmor="DENIED" operation="file_inherit" profile="thunderbird//gpg" > name="/usr/share/thunderbird/omni.ja" pid=24720 comm="gpg2" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 > > [2] e.g. > [ 3795.153239] audit: type=1400 audit(1509283418.100:64): > apparmor="DENIED" operation="exec" profile="thunderbird" > name="/opt/google/chrome-beta/google-chrome-beta" pid=31896 > comm="thunderbird" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 I suggest to open a bug report for each of such issues against thunderbird with a description what was done and what was expected. [1] https://git.launchpad.net/apparmor-profiles/tree/ubuntu/17.10 -- Regards Carsten Schoenert signature.asc Description: OpenPGP digital signature
