[DSE-Dev] refpolicy for wheezy

Sun Jun 10 01:27:57 UTC 2012

Hi,

Am Thu, 7 Jun 2012 11:37:06 +0200
schrieb Laurent Bigonville <bigon at debian.org>:
> > 
> > As most of the work of splitting the patch is already done, I could
> > prepare a 2:2.20110726-4 version of the package. I would include the
> > following changes (mostly already done by Laurent or myself):
> >   * debian/control:
> >     - Bump Standards-Version to 3.9.2
> >   * Add debian/gbp.conf file
> >   * Switch to dpkg-source 3.0 (quilt) format
> >     - Split out existing patches
> >   * Switch to team maintenance 
> >   * Update Vcs-* fields (Closes: #660328)
> 
> Seems fine to me.
> 
> > The binary package produced should be identical (modulo changelog
> > etc. of course), I will carefully check the resulting contents
> > against the contents of the current package to be sure no new bugs
> > are introduced. If you think this will be useful, I can prepare
> > this version until end of the week. 

Okay, I have prepared the package. You can get the updated version from
http://git.hemio.de/git/refpolicy-debian or alternatively I can provide
a .dsc and .debian.tar.gz.
It would be great if one of you could review it and upload it if you
agree. Note that I changed the maintainer to the alioth team and moved
Russel to Uploaders. Is this the correct, Russel?
I diffed the contents of all the resulting binary packages against the
versions currently in sid/testing and there were some differences:
1. Different changelogs (obviously)
2. Different gzipped and tarred things (I therefore diffed the untarred
   and gunzipped files, which were identical)
3. One .pyc, where I think shipping it is a bug anyway (filed as
   #676852)
4. All compiled policy module packages (.pp) had the same difference in
   the first few bytes. It turns out this is due to compiling with the
   newer checkpolicy version now in the archive - When comparing a
   rebuilt -3 package against the new -4 (instead of the -3 currently
   in the archive), there are no differences.

1 and 2 are non-issues, 3 is irrelevant as well, imho. Regarding 4, I
think we have to live with it - any binNMU of refpolicy or any other
trivial bug fix that triggers recompilation would result in these
changes. So if they trigger new obscure bugs (which is rather unlikely,
I guess it is just the embedded version of the checkpolicy with which it
was compiled) we want to trigger them now, not later.

> > 1. As I have no alioth account somebody else needs to update the
> > selinux git on alitoh [ALIOTH] so that pointing to it in
> > debian/control is useful. I could provide a URL to clone from.
> 
> You could request an alioth account if you want and I think I would be
> able to add you to the team.

Ah, true. Somehow, last time I looked at the process to get an alioth
account, it was more elaborate. Thanks for the hint, now it was really
easy - I already applied to join the SELinux team so if you approve the
application I could actually push the git tree to the url that is now
referenced by the Vcs-* fields.
> 
> > 2. Somebody needs to volunteer to review and eventually upload (or
> > not) the package.
> 
> I already looked at this a bit and had a few comments (most likely,
> changes that IMHO belong to another patch), but unfortunately I had no
> time to fix that.

If you have comments (even without an immediate patch, just some 'I
think you should look at this again' style comments), please send them I
will be happy to investigate.

Cheers,

Mika

-- 
Own your own computer. Don't use Windows 7. <http://windows7sins.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20120610/a9930bc6/attachment.pgp>