Bug#756174: jackd2 building without any of the required build flags

Jonas Smedegaard dr at jones.dk
Sun Jul 27 18:08:14 UTC 2014 

Quoting Reinhard Tartler (2014-07-27 16:24:11)
> On Sun, Jul 27, 2014 at 1:54 AM, Steve Langasek
> <steve.langasek at canonical.com> wrote:
>> Package: jackd2
>> Version: 1.9.10+20140610git97e0e80b~dfsg-1
>> Severity: important
>> Tags: patch
>> User: ubuntu-devel at lists.ubuntu.com
>> Usertags: origin-ubuntu utopic ubuntu-patch
>>
>> The jackd2 package in Debian unstable does not properly pass 
>> dpkg-buildflags values to waf.  As a result, the package is built 
>> without optimizations (-O2), has no debugging symbols available at 
>> build time (-g), and doesn't use any of the hardening flags that are 
>> exported by dpkg-buildflags by default on Debian.
>>
>> The first two of these are violation of a policy "should" (10.1), the 
>> last is bad for the security of the package.
>>
>> The attached patch is a minimally-invasive fix for this, which uses 
>> DEB_MAKE_EXTRA_ARGS to pass the variables to waf.  However, waf is 
>> not make, so this isn't strictly correct.  There is a waf class in 
>> cdbs (available since cdbs 0.4.90); I don't know why you're not using 
>> it, perhaps you want to switch to using that instead.
>
> Jonas, can you take a look at this patch, please?

Patch looks fine to me.

I agree with Steve that using the CDBS waf.mk snippet might be better.


>> I would offer a patch to convert the package to dh(1), but 
>> considering the contents of the Uploaders field I suspect it would 
>> not be accepted.
>
> I'm inclined to agree. I guess the "right CDBS philosophy" would be to 
> have waf support in CDBS, so that debian/rules could be significantly 
> shortened.
>
> Given that this support is not in place, I wonder if CDBS is the best 
> helper infrastructure for this package.

I don't follow your logic here, Reinhard.  CDBS _does_ have support for 
waf (this package just doesn't make use of that) and (from a brief look) 
it seems to me that short-form dh does _not_ have support for waf, so I 
fail to understand how CDBS should be ditched for this reason.

Did you perhaps simply misread Steve's email?

If you are looking for an excuse to ditch CDBS, then obviously it is 
_not_ better to improve the use of CDBS - that would be a waste of time.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20140727/0daeabba/attachment.sig>

More information about the pkg-multimedia-maintainers mailing list