nmap: package-installs-java-bytecode
Hilko Bengen
bengen at debian.org
Tue Sep 26 21:58:49 UTC 2017
* Lukas Schwaighofer:
> nmap-common includes two .java files, along with their .class files.
> These class files are now flagged by the newly added lintian tag
> package-installs-java-bytecode [1].
>
> I believe nmap's use case is quite special: The class files are used
> by the NSE script "jdwp-inject" and intended to be executed remotely
> (if the injection succeeds). Therefore I think the fact that we are
> shipping the class files (and not jar archives) by itself is fine.
I agree.
> However, if I read the java policy correctly, any .class files shipped
> by upstream must be removed (even from the source package). That gives
> us two choices:
I'd argue that the Java policy does not apply, however, I think it is a
good idea to remove the class files from the source tarball (another
repack) and build them using default-jdk, for example:
override_dh_auto_build:
dh_auto_build
( cd nselib/data/jdwp-class; /usr/lib/jvm/default-java/bin/java *.java )
Mhm, how about also building nselib/data/psexec/nmap_service.exe?
( cd nselib/data/psexec; i686-w64-mingw32-gcc -o nmap_service.exe nmap_service.c )
Cheers,
-Hilko
More information about the Pkg-security-team
mailing list