[pkg] New package: wcc

phil at reseau-libre.net phil at reseau-libre.net
Wed Jun 21 10:46:30 UTC 2017 

On 2017-06-21 11:57, Raphael Hertzog wrote:
> Hi,
> 
Hello Raphaël,

> On Tue, 20 Jun 2017, phil at reseau-libre.net wrote:
> 
> Thus you don't need the explicit dependency on "liblua5.3-0", it's 
> generated
> via ${shlibs:Depends}).
Ok. My mistake :)

> 
> 
> It's not clear to me where it is used... that script has a 
> #!/usr/bin/lua
> shebang and lua5.3 (currently) doesn't provide the /usr/bin/lua
> alternative (whereas lua5.2 and earlier do).

As lua5.2 deploys /usr/bin/lua(c)5.2 and lua5.3 deploys 
/usr/bin/lua(c)5.3, it's not yet clear for me the way lua5.2 & lua5.3 
manage the lua alternative. I'll take a look at this and verify this 
with Jonathan (the upstream packager).

> 
> But I'm not convinced that this script deserves this shebang. And 
> print_G
> is not used anywhere else in wcc. What's its purpose?

Mmm... haven't found any usage elsewhere in the package and it is not in 
the index file of the script. Same, i will ask Jonathan for this.

> 
> wsh seems to rely exclusively on liblua and the other commands do not
> even contain the "lua" string in their source code.

That's right, it's only a wsh specificity. Other tools don't depend on 
liblua.

> 
> Other details: mktemp is a transitional package depending on coreutils
> which is essential, so there is no dependency needed.

Again my mistake, i should have seen it in packages.debian.org... sorry.

> 
> Some of your lintian overrides were wrong too.
> executable-not-elf-or-script should be fixed by either adding/dropping 
> the
> shebang line or by adding/dropping the execute permission, not by
> overriding it.

Ok. I'll update the sources instead of overriding lintian. If the 
package pass the NEW queue, it will be fore the next release.

> 
> missing-dep-for-interpreter on print_G was right since lua5.3 doesn't 
> provide
> /usr/bin/lua

I'haven't seen update-alternative references in the lua5.3 debian dir. 
Yet in  https://packages.debian.org/buster/lua5.3 the package is defined 
in the same way as lua5.2 :-/ There is something i still don't 
understand about it...

> 
> I have pushed my small changes and uploaded a first version, let's see
> if it goes through NEW with its huge copyright file. :)
> 
Great, thanks ! I hope it will pass :)

> Cheers,

-- 
Philippe THIERRY
Doctor - Engineer
RT and hardened Embedded Systems
+33(0)6.64.16.97.30

More information about the Pkg-security-team mailing list