[Build-common-hackers] a WAF class for CDBS

Jonas Smedegaard dr at jones.dk
Wed Dec 29 13:11:24 UTC 2010 

On Wed, Dec 29, 2010 at 10:23:35AM +0100, Rémi Thebault wrote:
>
>
>> >I don't get this. Do you expect a cdbs script to unpack the waf file 
>> >(I don't know the format, but it is probably not so hard) and to 
>> >checksum each file inside ?
>>
>> Nah, not checksum each file separately - unless it turns out that it 
>> is indeed helpful to track the contained files individually.
>>
>> For now I "just" suggest to unpack the blob when failing, and 
>> emitting a message to first check those files, then delete them and 
>> then apply the magic checksum.
>>
>
>
>If I understand well:
>1. If no safetybelt, we checksum the waf file with debian/waf.sha1sum
>2. If the checksum fail, we unpack waf and display a relevant mesg like
>     "waf checksum failed, check the content in debian/wafunpacked and
>do `sha1sum ./waf > debian/waf.sha1sum`"
>3. adding "rm -rf debian/wafunpacked" in clean target (could depend on
>the safety belt)
>
>Is this correct ?

I guess you mean _unless_ no safetybelt at 1).

Here's a proposed pseudo-code:

If not safetybelt-off; then
   do-checksum
   mesg checksum
   if checksum-match-fail (including no stored checksum at all); then
     unpack-waf
     error "waf checksum failed. inspect unpacked waf, and if ok
            store above calculated checksum as debian/waf.sha1sum
            and remove the unpacked files"
else
   warning "WARNING: waf file is executed without prior inspection!
            this might be unsafe - you have been warned...!"

I.e. a little more than your summary, but not much.  does that look 
sane?

I see no need for automated removal of the unpacked files, as no normal 
package compilation should cause such failure, only upgrades of upstream 
source so this does not affect Debian Policy requirement of cleaning up 
during build.

We could also consider to use the DEB_MAINTAINER_MODE flag to behave 
differently when we know we are running the packaging routines 
ourselves, to do things that are not policy compliant during normal 
build routines.  I just see no need for that here.  You can check the 
copyright-check routine in utils.mk for an example of differentiating.


  - Jonas

-- 
  * Jonas Smedegaard - idealist & Internet-arkitekt
  * Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20101229/91831c2f/attachment.pgp>

More information about the Build-common-hackers mailing list