[Pkg-clamav-devel] Ubuntu (new upstream) clamav 0.94.dfsg.2-1ubuntu1

Wed Dec 3 11:41:07 UTC 2008

On Tue, 2 Dec 2008 22:35:11 -0800 Michael Tautschnig <mt at debian.org> wrote:
>Hi all,
>
>Just some notes on the Ubuntu diversions:
>
>>  .
>>    * Merge from debian unstable, remaining changes:
>>      - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for
>>        clamav-daemon and clamav-freshclam
>>      - add debian/usr.bin.freshclam and debian/usr.sbin.clamd
>>      - debian/clamav-(daemon|freshclam).dirs: add 
etc/apparmor.d/force-complain
>>      - debian/clamav-(daemon|freshclam).install: install profiles
>>      - debian/clamav-(daemon|freshclam).preinst: create symlink for
>>        force-complain/ on pre-feisty upgrades, upgrades where 
apparmor-profiles
>>        profile is unchanged (ie non-enforcing) and upgrades where the 
profile
>>        doesn't exist.
>>      - debian/clamav-(daemon|freshclam).postrm: remove symlink in
>>        force-complain/ on purge.
>>      - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor
>>      - update README.Debian with note on Apparmor
>
>Ok, so no apparmor in Debian thus far, so these will remain for the future.

Before this team was started (or perhaps just after) I had discussed 
including this in Debian (it'd be with suggests apparmor vice recommends).  
It's a very small change that does no harm if one does not have apparmor 
installed.  

Having it in the Debian package would make it possible to have identical 
source in both distros and assist any Debian admin who might have rolled 
their own apparmor.  We've got enough testing of the profile now that I 
think the change is mature enough to merge back if there is no objection.

>>    * Enable upstream test suite in debian/rules
>>      - Not adding valgrind yet due to test failures
>>  .
>
>Shouldn't we also enable the test suite for Debian? Unless someone objects,
>Scott, could you just merge that stuff?

I could, but not right away.  I was experimenting with merging using git 
and have got my local repository in a bad state right now.  I need to clear 
some time to understand/fix what I've done.  This is also why the Ubuntu 
branch is behind.

This also needs a bit of discussion.

First, enabling the test suite is as simple as adding 'make check' in 
debian/rules, so anyone with a working git feel free.

Second, there is the question of what additional build-dep to add for more 
tests.  It could be valgrind, electric-fence, and/or one othe whose name 
escapes me (it's a fork of electric-fence).  The valgrind tests seem false 
positive prone from what I've seen.  My recommendation is don't add it to 
the uploaded package for now, but test build with it and then file bugs 
with upstream on failures.  The electric-fence tests pass, but I did not 
add it for Ubuntu because it's in Universe, not Main and the guidance I got 
from Ubuntu Security* was to not promote things solely because they'd 
enhance the test suite of a package.

So yes, I'll do it if no one else gets to it first, but we ought to discuss 
exactly what's wanted for Debian.

Scott K

* In Ubuntu, Universe does not have any guarantee of security support from 
Canonical.  It is done by the community.