Différences entre versions de « Backport FreeType »

De Cliss XXI
Sauter à la navigation Sauter à la recherche
imported>SylvainBeucler
imported>SylvainBeucler
 
(5 versions intermédiaires par le même utilisateur non affichées)
Ligne 1 : Ligne 1 :
 
== Versioning ==
 
== Versioning ==
  
Backporting dar is quite simple - you just need to recompile the Lenny version in a Etch environment. It's a nice occasion to cover the very basics.
+
Backporting FreeType is quite simple - you just need to recompile the Lenny version in a Etch environment. It's a nice occasion to cover the very basics.
  
 
You need to modify <code>debian/changelog</code> though. Enter the <code>freetype-2.3.5</code> directory, and type:
 
You need to modify <code>debian/changelog</code> though. Enter the <code>freetype-2.3.5</code> directory, and type:
Ligne 25 : Ligne 25 :
 
* Changed distribution from <code>unstable</code> to <code>etch-backports</code>
 
* Changed distribution from <code>unstable</code> to <code>etch-backports</code>
 
* Added a terse explanation
 
* Added a terse explanation
* Check my mail adress.
+
* Check my mail address.
  
To generate the initial changelog entry template automagically, madduck suggests using <code>dch</code> and <code>dpkg-parsechangelog</code>, e.g.:
+
To generate the initial changelog entry template automagically, you can use <code>dch</code> and <code>dpkg-parsechangelog</code>, e.g.:
  dch -D etch-backports -b -v$(dpkg-parsechangelog | sed -ne 's,^Version: ,,p')~bpo40+1 -- \
+
  yes | dch -D etch-backports \
 +
  --newversion $(dpkg-parsechangelog | sed -ne 's,^Version: ,,p')~bpo40+1 \
 +
  --force-bad-version -- \
 
   "Rebuild for Debian Backports <http://www.backports.org/>"
 
   "Rebuild for Debian Backports <http://www.backports.org/>"
 
  
 
Also add your name in <code>debian/control</code>:
 
Also add your name in <code>debian/control</code>:
Ligne 57 : Ligne 58 :
  
 
If you see some source changes that you didn't do, then your backport is not clean (probably it's a leftover from an incomplete <code>make clean</code>). Usually, just remove the current directory and extract a new clean one using <code>dpkg-source</code>.
 
If you see some source changes that you didn't do, then your backport is not clean (probably it's a leftover from an incomplete <code>make clean</code>). Usually, just remove the current directory and extract a new clean one using <code>dpkg-source</code>.
 +
 +
 +
== Tracking security ==
 +
 +
When you backport a package, it is good to track security issues that affect it and update your package accordingly.
 +
 +
An easy way is subscribing to the [http://lists.debian.org/debian-security-announce/ debian-security-announce] mailing list, which sends a mail each time a security fix is published for Debian.
 +
 +
Understanding security is difficult though. For example, in the case of Freetype for Etch, <code>changelog.Debian</code> mentions a fix in July 2007:
 +
freetype (2.2.1-5+etch2) stable-security; urgency=high
 +
 +
  * debian/patches-freetype/CVE-2007-1351_pdf-overflow: address
 +
    CVE-2007-1351, an integer overflow bug in the handling of BDF fonts.
 +
    Closes: #426771.
 +
 +
  -- Steve Langasek <vorlon@debian.org>  Mon, 09 Jul 2007 17:21:11 -0700
 +
while the security was actually published nearly 6 months later:
 +
* http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00012.html (7 jan 2008)
 +
* http://security.debian.org/debian-security/pool/updates/main/f/freetype/ (timestamp 5 jan 2008)
 +
 +
 +
== Cleaner compilation ==
 +
 +
Once you're done with testing dependencies, it is good to compile your backport in a clean, minimal environment. pbuilder is good for this.
 +
* First change your Debian mirror in <code>/etc/pbuilder/pbuilderrc</code>
 +
* Initialize a pbuilder root:
 +
pbuilder --create --distribution=etch
 +
* Instead of using <code>debuild</code>, use:
 +
pdebuild
 +
and get the .debs in <code>/var/cache/pbuilder/result/</code>.
 +
 +
There are variants to pbuilder such as <code>cowbuilder</code> (fast copy-on-write environement instead of extracting tarballs), qemubuilder (allow cross-compiling for other architectures) and pbuilder-uml (debootstrap and compilation without root privileges). For example:
 +
cowbuilder --create --distribution=etch
 +
pdebuild --pbuilder cowbuilder
 +
 +
Other notes:
 +
* if compiling from lenny, add <code>--debian-etch-workaround</code>
 +
* you can specify an alternate chroot with <code>--basepath</code>
 +
Example:
 +
pdebuild --pbuilder cowbuilder -- --basepath /var/cache/pbuilder/base-etch.cow --debian-etch-workaround --debbuildopts '-sa'

Version actuelle datée du 22 juin 2008 à 17:35

Versioning

Backporting FreeType is quite simple - you just need to recompile the Lenny version in a Etch environment. It's a nice occasion to cover the very basics.

You need to modify debian/changelog though. Enter the freetype-2.3.5 directory, and type:

dch -i

If you want to use another editor, you can also:

EDITOR=emacs dch -i

Here's my final changelog entry:

freetype (2.3.5-1~bpo40+1) etch-backports; urgency=low

  * Rebuild for Debian Backports <http://www.backports.org/>
    (new version works with SDL_ttf, previous one was buggy)

 -- Sylvain Beucler <beuc@beuc.net>  Mon, 10 Dec 2007 12:46:10 +0100

What did I do?

  • Changed version according to bpo convention, -debian_version~bpo.1, so:
    • the testing version was: 2.3.5-1
    • dch proposes by default -debian_version+1: 2.3.5-2
    • I use ORIGINALVERSION~bpoDEBIANVERSION+BACKPORTVERSION: 2.3.5-1~bpo40+1 (Etch is version 4.0)
  • Changed distribution from unstable to etch-backports
  • Added a terse explanation
  • Check my mail address.

To generate the initial changelog entry template automagically, you can use dch and dpkg-parsechangelog, e.g.:

yes | dch -D etch-backports \
  --newversion $(dpkg-parsechangelog | sed -ne 's,^Version: ,,p')~bpo40+1 \
  --force-bad-version -- \
  "Rebuild for Debian Backports <http://www.backports.org/>"

Also add your name in debian/control:

Uploaders: ..., Sylvain Beucler <beuc@beuc.net>

so the package will appear in your QA page.

Then, in the freetype-2.3.5 directory, start the compilation.

debuild -us -uc

Using the -sa debuild option: not necessary: by default, if the version ends with '0' or '1' (as 'bpo40+1' does), dpkg-buildpackage uses the existing source release (the .orig.tar.gz file must be present in the parent directory, though).

Installation

Now you can test your dar package:

sudo dpkg -i libfreetype6_2.3.5-1~bpo40+1_i386.deb


Check your changes

Check your changes using interdiff:

mkdir tmp
cd tmp
cp ../freetype*.diff.gz .
gunzip *
interdiff freetype_2.3.5-1.diff freetype_2.3.5-1~bpo40+1.diff

If you see some source changes that you didn't do, then your backport is not clean (probably it's a leftover from an incomplete make clean). Usually, just remove the current directory and extract a new clean one using dpkg-source.


Tracking security

When you backport a package, it is good to track security issues that affect it and update your package accordingly.

An easy way is subscribing to the debian-security-announce mailing list, which sends a mail each time a security fix is published for Debian.

Understanding security is difficult though. For example, in the case of Freetype for Etch, changelog.Debian mentions a fix in July 2007:

freetype (2.2.1-5+etch2) stable-security; urgency=high

  * debian/patches-freetype/CVE-2007-1351_pdf-overflow: address
    CVE-2007-1351, an integer overflow bug in the handling of BDF fonts.
    Closes: #426771.

 -- Steve Langasek <vorlon@debian.org>  Mon, 09 Jul 2007 17:21:11 -0700

while the security was actually published nearly 6 months later:


Cleaner compilation

Once you're done with testing dependencies, it is good to compile your backport in a clean, minimal environment. pbuilder is good for this.

  • First change your Debian mirror in /etc/pbuilder/pbuilderrc
  • Initialize a pbuilder root:
pbuilder --create --distribution=etch
  • Instead of using debuild, use:
pdebuild

and get the .debs in /var/cache/pbuilder/result/.

There are variants to pbuilder such as cowbuilder (fast copy-on-write environement instead of extracting tarballs), qemubuilder (allow cross-compiling for other architectures) and pbuilder-uml (debootstrap and compilation without root privileges). For example:

cowbuilder --create --distribution=etch
pdebuild --pbuilder cowbuilder

Other notes:

  • if compiling from lenny, add --debian-etch-workaround
  • you can specify an alternate chroot with --basepath

Example:

pdebuild --pbuilder cowbuilder -- --basepath /var/cache/pbuilder/base-etch.cow --debian-etch-workaround --debbuildopts '-sa'