nmap: package-installs-java-bytecode
Lukas Schwaighofer
lukas at schwaighofer.name
Tue Sep 26 22:22:33 UTC 2017
Hi,
On Tue, 26 Sep 2017 23:58:49 +0200
Hilko Bengen <bengen at debian.org> wrote:
> > However, if I read the java policy correctly, any .class files
> > shipped by upstream must be removed (even from the source
> > package). That gives us two choices:
>
> I'd argue that the Java policy does not apply, however, I think it is
> a good idea to remove the class files from the source tarball (another
> repack) and build them using default-jdk, for example:
>
> override_dh_auto_build:
> dh_auto_build
> ( cd nselib/data/jdwp-class; /usr/lib/jvm/default-java/bin/java *.java )
Yes, I had something like that in mind; although I think we should make
use of override_dh_auto_build-indep so we can add default-jdk also to
Build-Depends-Indep. Especially if we're also adding mingw to the
build dependencies…
Btw, I don't think there is a need to use brackets as make executes
everything with /bin/sh anyways (and there is no point in spawning
another subshell). And it's probably better to combine the commands
with && just to be sure [1].
[1] https://www.debian.org/doc/debian-policy/#error-trapping-in-makefiles
> Mhm, how about also building nselib/data/psexec/nmap_service.exe?
>
> ( cd nselib/data/psexec; i686-w64-mingw32-gcc -o nmap_service.exe nmap_service.c )
Sounds like a nice service to our users while we're at it :) .
Do you want to make those changes? Otherwise, if you're fine with that,
I'll happily experiment with those things and push a proposal to git.
Good night
Lukas
More information about the Pkg-security-team
mailing list