Sign me up Login

Details about package openxr-sdk-source

Name: openxr-sdk-source (PTS)
Uploader: Rylie Pavlik <rylie@ryliepavlik.com> (Debian QA page)
Description: libopenxr-utils - OpenXR software development kit -- utilities
libopenxr-loader1 - OpenXR loader library
libopenxr-dev - OpenXR software development kit -- development headers
openxr-layer-corevalidation - OpenXR software development kit -- validation layer
openxr-layer-apidump - OpenXR software development kit -- API dump layer

Package uploads

Upload #3

Information

Version: 1.0.34~ds-1
Uploaded: 2024-12-03 19:56
Source package: openxr-sdk-source_1.0.34~ds-1.dsc
Distribution: unstable
Section: libs
Priority: optional
Homepage: https://github.com/KhronosGroup/OpenXR-SDK-Source
Vcs-Browser: https://salsa.debian.org/xr-team/openxr-sdk-source
Vcs-Git: https://salsa.debian.org/xr-team/openxr-sdk-source.git

Changelog

 openxr-sdk-source (1.0.34~ds-1) unstable; urgency=medium
 .
   [ Rylie Pavlik ]
   * New upstream version 1.0.34~ds. Highlights include:
     - Many new extensions in the headers.
     - Support architecture-specific active runtime manifest filenames.
     - Fix a segfault on improper loader usage.
     - Improve hello_xr behavior on devices that offer non-opaque blend modes.
     - Name Vulkan objects in hello_xr for ease of debugging.
     - Improvements to validation layer and API dump layer.
     - New openxr_runtime_list_json tool for updating OpenXR-Inventory
     - New `openxr_reflection_structs.h` and
       `openxr_reflection_parent_structs.h` reflection headers.
     - New ratified header for APIs used between runtimes, layers, and
       the loader.
     - Fix shared library leak in the loader.
     - Fix for API layer loading logic.
     - Limit symbols exported by the API layers.
   * Update to new upstream signing key used for 1.0.33+.
   * Rediff patches.
     Drop 0004-Fix-GCC-11-builds-closes-984278.patch: Integrated upstream
     Drop 0009-loader_test-Add-to-CMake-as-a-test.patch: Integrated upstream
   * d/control:
     - Update standards version to 4.6.2, no changes.
     - Update debhelper compat to 13, no changes.
     - Update URLs.
   * d/copyright:
     - Update
     - Refer to existing installed copy of CC0-1.0
   * d/watch: Remove repack suffix number, change suffix
   * libopenxr-utils: Update to include openxr_runtime_list_json
   * Fix lintian warning and remove unneeded overrides
   * Update maintainer's name.
 .
   [ Andrew Lee (李健秋) ]
   * Drop myself from uploaders.

QA information

Comments

No comments

Upload #2

Information

Version: 1.0.34~ds-1
Uploaded: 2024-12-03 00:26
Source package: openxr-sdk-source_1.0.34~ds-1.dsc
Distribution: unstable
Section: libs
Priority: optional
Homepage: https://github.com/KhronosGroup/OpenXR-SDK-Source
Vcs-Browser: https://salsa.debian.org/xr-team/openxr-sdk-source
Vcs-Git: https://salsa.debian.org/xr-team/openxr-sdk-source.git

Changelog

 openxr-sdk-source (1.0.34~ds-1) unstable; urgency=medium
 .
   [ Rylie Pavlik ]
   * New upstream version 1.0.34~ds. Highlights include:
     - Many new extensions in the headers.
     - Support architecture-specific active runtime manifest filenames.
     - Fix a segfault on improper loader usage.
     - Improve hello_xr behavior on devices that offer non-opaque blend modes.
     - Name Vulkan objects in hello_xr for ease of debugging.
     - Improvements to validation layer and API dump layer.
     - New openxr_runtime_list_json tool for updating OpenXR-Inventory
     - New `openxr_reflection_structs.h` and
       `openxr_reflection_parent_structs.h` reflection headers.
     - New ratified header for APIs used between runtimes, layers, and
       the loader.
     - Fix shared library leak in the loader.
     - Fix for API layer loading logic.
     - Limit symbols exported by the API layers.
   * Update to new upstream signing key used for 1.0.33+.
   * Rediff patches.
     Drop 0004-Fix-GCC-11-builds-closes-984278.patch: Integrated upstream
     Drop 0009-loader_test-Add-to-CMake-as-a-test.patch: Integrated upstream
   * d/control:
     - Update standards version to 4.6.2, no changes.
     - Update debhelper compat to 13, no changes.
     - Update URLs.
   * d/copyright:
     - Update
     - Refer to existing installed copy of CC0-1.0
   * d/watch: Remove repack suffix number, change suffix
   * libopenxr-utils: Update to include openxr_runtime_list_json
   * Fix lintian warning and remove unneeded overrides
   * Update maintainer's name.
 .
   [ Andrew Lee (李健秋) ]
   * Drop myself from uploaders.

QA information

Comments

  1. Rylie,

Preamble...

Thank you for taking the time to prepare this package and your contribution to the Debian project.

The review below is for assistance. This review is offered to help package submitters to Debian mentors inorder to improve their packages prior to possible sponsorship into Debian. There is no obligation on behalf of the submitter to make any alterations based upon information provided in the review.

Review...

1. Build:

  * pbuilder [1]: Good
  * sbuild [2]: Giood

2. Lintian [3]: Issue

Running lintian...
N:
E: openxr-sdk-source source: duplicate-globbing-patterns src/loader/* (lines 115 140) [debian/copyright]
N: 
N:   A globbing pattern was used again in debian/copyright. It always an error
N:   and may indicate confusion about the applicable license for the author or
N:   any reader of the file.
N:   
N:   Please remove all but one of the identical globbing patterns.
N: 
N:   Please refer to Bug#90574 and
N:   https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N:   details.
N: 
N:   Visibility: error
N:   Show-Always: no
N:   Check: debian/copyright/dep5
N: 
N:
W: openxr-sdk-source source: superfluous-file-pattern specification/registry/xr.xml [debian/copyright:89]
N: 
N:   The wildcard that was specified matches no file in the source tree. This
N:   either indicates that you should fix the wildcard so that it matches the
N:   intended file or that you can remove the wildcard. Notice that in contrast
N:   to shell globs, the "*" (star or asterisk) matches slashes and leading
N:   dots.
N: 
N:   Please refer to
N:   https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N:   details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: debian/copyright/dep5
N: 
N:
W: openxr-sdk-source source: superfluous-file-pattern specification/scripts/spec_tools/* [debian/copyright:150]
N:
W: openxr-sdk-source source: superfluous-file-pattern src/api_layers/*.svg [debian/copyright:134]
N:
I: openxr-sdk-source source: out-of-date-standards-version 4.6.2 (released 2022-12-17) (current is 4.7.0)
N: 
N:   The source package refers to a Standards-Version older than the one that
N:   was current at the time the package was created (according to the
N:   timestamp of the latest debian/changelog entry). Please consider updating
N:   the package to current Policy and setting this control field
N:   appropriately.
N:   
N:   If the package is already compliant with the current standards, you don't
N:   have to re-upload the package just to adjust the Standards-Version control
N:   field. However, please remember to update this field next time you upload
N:   the package.
N:   
N:   See /usr/share/doc/debian-policy/upgrading-checklist.txt.gz in the
N:   debian-policy package for a summary of changes in newer versions of
N:   Policy.
N: 
N:   Please refer to
N:   https://www.debian.org/doc/debian-policy/upgrading-checklist.html for
N:   details.
N: 
N:   Visibility: info
N:   Show-Always: no
N:   Check: fields/standards-version
N: 
N:
I: openxr-sdk-source source: patch-not-forwarded-upstream [debian/patches/0009-On-Linux-make-the-API-layer-manifest-have-an-absolut.patch]
N: 
N:   According to the DEP-3 headers, this patch has not been forwarded
N:   upstream.
N:   
N:   Please forward the patch and try to have it included in upstream's version
N:   control system. If the patch is not suitable for that, please mention
N:   not-needed in the Forwarded field of the patch header.
N: 
N:   Please refer to social contract item 2, Coordination with upstream
N:   developers (Section 3.1.4) in the Debian Developer's Reference, Changes to
N:   the upstream sources (Section 4.3) in the Debian Policy Manual, and
N:   Bug#755153 for details.
N: 
N:   Visibility: info
N:   Show-Always: no
N:   Check: debian/patches/dep3
N:   Renamed from: send-patch
N: 
N:
I: openxr-sdk-source source: superficial-tests [debian/tests/control]
N: 
N:   The source package declares tests in the debian/tests/control file but
N:   provides only tests with a superficial restriction.
N:   
N:   Please provide more meaningful tests.
N: 
N:   Please refer to
N:   https://lists.debian.org/debian-devel-announce/2019/08/msg00003.html,
N:   Bug#932870, and
N:   https://salsa.debian.org/ci-team/autopkgtest/tree/master/doc/README.package-tests.rst
N:   for details.
N: 
N:   Visibility: info
N:   Show-Always: no
N:   Check: testsuite
N: 
N:
P: openxr-sdk-source source: source-contains-prebuilt-java-object [maintainer-scripts/publish-aar/gradle/wrapper/gradle-wrapper.jar]
N: 
N:   The source tarball contains a prebuilt Java class file. These are often
N:   included by mistake when developers generate a tarball without cleaning
N:   the source directory first. If there is no sign this was intended,
N:   consider reporting it as an upstream bug as it may be a DFSG violation.
N: 
N:   Visibility: pedantic
N:   Show-Always: no
N:   Check: languages/java
N: 
N:
P: openxr-sdk-source source: source-contains-prebuilt-java-object [src/tests/hello_xr/gradle/wrapper/gradle-wrapper.jar]
N:
N: False-positive: using a standard, simple dh build of a CMake project, the
N: flags are getting passed through.
O: libopenxr-loader1: hardening-no-fortify-functions [usr/lib/x86_64-linux-gnu/libopenxr_loader.so.1.0.34]
N: 
N:   This package provides an ELF binary that lacks the use of fortified libc
N:   functions. Either there are no potentially unfortified functions called by
N:   any routines, all unfortified calls have already been fully validated at
N:   compile-time, or the package was not built with the default Debian
N:   compiler flags defined by dpkg-buildflags. If built using dpkg-buildflags
N:   directly, be sure to import CPPFLAGS.
N:   
N:   NB: Due to false-positives, Lintian ignores some unprotected functions
N:   (e.g. memcpy).
N: 
N:   Please refer to https://wiki.debian.org/Hardening and Bug#673112 for
N:   details.
N: 
N:   Visibility: info
N:   Show-Always: no
N:   Check: binaries/hardening
N: 

E: Lintian run failed (runtime error)

3. Licenses [4]: Good, with hints

Apache-2.0       | Apache-2.0 and/or CC-BY-4.0 and/or CC0-1.0 debian/fill.copyright.blanks.yml
Apache-2.0       | CC0-1.0           .github/scripts/CMakePresets.json.license
Apache-2.0       | CC0-1.0           .github/workflows/gradle-wrapper-validation.yml
Apache-2.0 OR Expat| Apache-2.0        include/openxr/openxr_platform_defines.h
CC-BY-4.0        | Apache-2.0        LICENSE
CC-BY-4.0        | Apache-2.0        LICENSES/Apache-2.0.txt
CC-BY-4.0        | BSD-3-clause      LICENSES/BSD-3-Clause.txt
CC-BY-4.0        | BSL-1.0           LICENSES/BSL-1.0.txt
CC-BY-4.0        | CC0-1.0           LICENSES/CC0-1.0.txt
CC-BY-4.0        | ISC               LICENSES/ISC.txt
CC-BY-4.0        | Expat             LICENSES/LicenseRef-jsoncpp-public-domain.txt
CC-BY-4.0        | Khronos           LICENSES/LicenseRef-Khronos-Free-Use-License-for-Software-and-Documentation.txt
CC-BY-4.0        | OFL-1.1           LICENSES/OFL-1.1-RFN.txt
CC-BY-4.0        | Unlicense         LICENSES/Unlicense.txt
CC-BY-4.0        | Zlib              LICENSES/Zlib.txt
CC-BY-4.0        | CC0-1.0           .proclamation.json.license

These maybe can entered into 'd/copyright' better or are false positives that you would be good enough to report to the 'licenserecon' package.

4. Watch file [uscan --force-download]: Good

5. Build Twice [sudo pbuilder build --twice <package>.dsc]: Good

6. Reproducible builds [5]: Good

7. Install [No previous installs]: Good

8. Upgrade [Over previous installs if any]: Good

Summary...

A few things lintian and license related to look over.

Regards

Phil

[1] pbuilder:

  * Command: sudo pbuilder build <PACKAGE>.dsc
  * Document: https://wiki.ubuntu.com/PbuilderHowto.
  * Document: https://wiki.debian.org/PbuilderTricks

[2] sbuild:

  * Command: sbuild <PACKAGE>.dsc
  * Document: https://wiki.debian.org/sbuild

[3] lintian:

  * Command: lintian -v -i -I -E --pedantic --profile debian (*.dsc, *.changes, *.buildinfo). Each can throw up different results, so be thorough.
  * Document: https://wiki.debian.org/Lintian

[4] lrc:

  * Command: lrc
  * Document: https://wiki.debian.org/CopyrightReviewTools#licenserecon

[5] reprotest

  * Command: sudo reprotest --vary=-build_path,domain_host.use_sudo=1 --auto-build <PACKAGE>.dsc -- schroot unstable-amd64-sbuild
  * Document: https://wiki.kathenas.org/pmwiki.php/Kathenas/Article00000004
  * Document: https://wiki.debian.org/ReproducibleBuilds/
  * Document: https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method
    Needs work Phil Wyett at Dec. 3, 2024, 1:13 p.m. 
  2. Thanks for the review, you beat me to uploading one with a better copyright file :)

Yeah, there is a fair number of false positives in the license recon (and debmake -k). It totally misses the dual-licensed files (which have correct SPDX tags). I'm not 100% sure why "reuse" doesn't quite get all the spdx metadata extracted correctly, but it's correct in all but one file, and so I generated the copyright file (from a stub with wildcards) using a tool I wrote to turn the SPDX metadata into a dep5 file, then I manually merge those changes and reject the bogus one/ones. (Some debian tools insist some entries are redundant that I do not understand.)

Also, it's doing the dubious thing of assuming the license for license text itself, matches the license. Given that many licenses themselves talk about whether you can modify the license, that seems incorrect, but... I suppose it's closer to being correct than allowing them to fall under the root wildcard of CC-BY-4.0.

I have no idea why it's saying superfluous wildcard for specification/registry/xr.xml and the others.

Gradle wrapper is the gradle wrapper. I prefer not to do another re-pack (I have the license appropriately there) but I can if that's needed.

FWIW, I more or less am the upstream, too... I am the Spec Editor for OpenXR, and maintaining that repo falls somewhat under my responsibility. So the "not forwarded upstream" patch is because I haven't decided whether I actually want that one upstream or if it's better to stay packaging specific.
    Needs work Rylie Pavlik at Dec. 3, 2024, 8:03 p.m.

Upload #1

Information

Version: 1.0.34~ds-1
Uploaded: 2024-12-02 17:26
Source package: openxr-sdk-source_1.0.34~ds-1.dsc
Distribution: unstable
Section: libs
Priority: optional
Homepage: https://github.com/KhronosGroup/OpenXR-SDK-Source
Vcs-Browser: https://salsa.debian.org/xr-team/openxr-sdk-source
Vcs-Git: https://salsa.debian.org/xr-team/openxr-sdk-source.git

Changelog

 openxr-sdk-source (1.0.34~ds-1) unstable; urgency=medium
 .
   [ Rylie Pavlik ]
   * New upstream version 1.0.34~dfsg. Highlights include:
     - Many new extensions in the headers.
     - Support architecture-specific active runtime manifest filenames.
     - Fix a segfault on improper loader usage.
     - Improve hello_xr behavior on devices that offer non-opaque blend modes.
     - Name Vulkan objects in hello_xr for ease of debugging.
     - Improvements to validation layer and API dump layer.
     - New openxr_runtime_list_json tool for updating OpenXR-Inventory
     - New `openxr_reflection_structs.h` and
       `openxr_reflection_parent_structs.h` reflection headers.
     - New ratified header for APIs used between runtimes, layers, and
       the loader.
     - Fix shared library leak in the loader.
     - Fix for API layer loading logic.
     - Limit symbols exported by the API layers.
   * Update to new upstream signing key used for 1.0.33.
   * Rediff patches.
     Drop 0004-Fix-GCC-11-builds-closes-984278.patch: Integrated upstream
     Drop 0009-loader_test-Add-to-CMake-as-a-test.patch: Integrated upstream
   * d/control:
     - Update standards version to 4.6.2, no changes.
     - Update debhelper compat to 13, no changes.
     - Update URLs.
   * d/copyright:
     - Update
     - Refer to existing installed copy of CC0-1.0
   * d/watch: Remove repack suffix number, change suffix
   * libopenxr-utils: Update to include openxr_runtime_list_json
   * Fix lintian warning and remove unneeded overrides
   * Update maintainer's name.
 .
   [ Andrew Lee (李健秋) ]
   * Drop myself from uploaders.

QA information

Comments

No comments