Making a better Debian package

[morfikov]

I've been trying to make a better Debian package, and I'm pretty close to what I think it should be look like, but I have some questions that should be answered first.

Here's the result so far: https://gitlab.com/morfikov/freetube/tree/development/debian https://app.box.com/s/w3pieha63vjedshiczufyoe63l54dare

Here are the questions:

1. There are four libs in the package: libEGL.so, libGLESv2.so, swiftshader/libEGL.so and swiftshader/libGLESv2.so. Are they needed? When I look at the output of ldd freetube, I don't see them. I removed them so far to see what happens, and the app works well.

1.1. If they are needed, shouldn't be sufficient to add dependencies on the following packages?

$ apt-file search libEGL.so
libegl1: /usr/lib/x86_64-linux-gnu/libEGL.so.1
libegl1: /usr/lib/x86_64-linux-gnu/libEGL.so.1.1.0

$ apt-file search libGLESv2.so
libgles2: /usr/lib/x86_64-linux-gnu/libGLESv2.so.2
libgles2: /usr/lib/x86_64-linux-gnu/libGLESv2.so.2.1.0

It looks like they have the files in question:

$ ls -al /usr/lib/x86_64-linux-gnu/libEGL*
lrwxrwxrwx 1 root root     15 2019-08-18 13:45:06 /usr/lib/x86_64-linux-gnu/libEGL.so -> libEGL.so.1.1.0
lrwxrwxrwx 1 root root     15 2019-08-18 13:45:06 /usr/lib/x86_64-linux-gnu/libEGL.so.1 -> libEGL.so.1.1.0
-rw-r--r-- 1 root root  80448 2019-08-18 13:45:06 /usr/lib/x86_64-linux-gnu/libEGL.so.1.1.0
lrwxrwxrwx 1 root root     20 2019-08-08 06:30:48 /usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0 -> libEGL_mesa.so.0.0.0
-rw-r--r-- 1 root root 259352 2019-08-08 06:30:48 /usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0.0.0

$  ls -al libgles2: /usr/lib/x86_64-linux-gnu/libGLESv2*
lrwxrwxrwx 1 root root    18 2019-08-18 13:45:06 /usr/lib/x86_64-linux-gnu/libGLESv2.so -> libGLESv2.so.2.1.0
lrwxrwxrwx 1 root root    18 2019-08-18 13:45:06 /usr/lib/x86_64-linux-gnu/libGLESv2.so.2 -> libGLESv2.so.2.1.0
-rw-r--r-- 1 root root 80192 2019-08-18 13:45:06 /usr/lib/x86_64-linux-gnu/libGLESv2.so.2.1.0

2. There's also the libffmpeg.so file which is used by freetube, but lintian have some issues with it:

I: freetube: hardening-no-fortify-functions usr/lib/freetube/libffmpeg.so
N:
N:    This package provides an ELF binary that lacks the use of fortified libc
N:    functions. Either there are no potentially unfortified functions called
N:    by any routines, all unfortified calls have already been fully validated
N:    at compile-time, or the package was not built with the default Debian
N:    compiler flags defined by dpkg-buildflags. If built using
N:    dpkg-buildflags directly, be sure to import CPPFLAGS.
N:
N:    NB: Due to false-positives, Lintian ignores some unprotected functions
N:    (e.g. memcpy).
N:
N:    Refer to https://wiki.debian.org/Hardening and
N:    https://bugs.debian.org/673112 for details.

So what about this? Can this be fixed somehow?

3. There are a couple of spelling issues:

I: freetube: spelling-error-in-binary usr/lib/freetube/freetube indeces indices
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube retrive retrieve
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube segement segment
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube reserverd reserved
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube identifer identifier
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube Didnt Didn't
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube adddress address
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube responce response
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube occured occurred
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube Invalide Invalid
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube reponse response
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube withthe with the
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube Faild Failed
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube implemention implementation
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube unrecogized unrecognized
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube refered referred
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube seperator separator
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube bufffer buffer
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube Recevied Received
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube paramters parameters
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube UNKOWN UNKNOWN
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube explict explicit
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube Unknow Unknown
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube enty entry
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube gard guard
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube ofthe of the
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube befor before
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube anway anyway
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube enviroments environments
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube contructor constructor
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube asyncronously asynchronously
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube intialized initialized
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube thats that's
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube overriden overridden
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube tage stage
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube ment meant
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube oter other
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube installe installer
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube tHIk think
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube buil build
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube "allows to" "allows one to"
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube "allow to" "allow one to"
I: freetube: spelling-error-in-binary usr/lib/freetube/freetube "an other" "another"
I: freetube: spelling-error-in-binary usr/lib/freetube/libffmpeg.so Psychadelic Psychedelic
I: freetube: spelling-error-in-binary usr/lib/freetube/libffmpeg.so "allow to" "allow one to"

4. And also there are a couple of embedded libraries:

N:    The given ELF object appears to have been statically linked to a
N:    library. Doing this is strongly discouraged due to the extra work needed
N:    by the security team to fix all the extra embedded copies or trigger the
N:    package rebuilds, as appropriate.
N:
N:    If the package uses a modified version of the given library it is highly
N:    recommended to coordinate with the library's maintainer to include the
N:    changes on the system version of the library.
N:
N:    Refer to Debian Policy Manual section 4.13 (Convenience copies of code)
N:    for details.
N:
E: freetube: embedded-library usr/lib/freetube/freetube: srtp
E: freetube: embedded-library usr/lib/freetube/freetube: freetype
E: freetube: embedded-library usr/lib/freetube/freetube: lcms2
E: freetube: embedded-library usr/lib/freetube/freetube: libjpeg
E: freetube: embedded-library usr/lib/freetube/freetube: libjsoncpp
E: freetube: embedded-library usr/lib/freetube/freetube: libpng
E: freetube: embedded-library usr/lib/freetube/freetube: openjpeg

Should they be embedded?

5. There are also some issues with the .js files:

N:    The source tarball contains a prebuilt (minified) JavaScript object.
N:    They are usually left by mistake when generating the tarball by not
N:    cleaning the source directory first. You may want to report this as an
N:    upstream bug, in case there is no sign that this was intended.
N:
P: freetube source: source-contains-prebuilt-javascript-object src/js/dash.all.min.js
P: freetube source: source-contains-prebuilt-javascript-object src/js/mediaelement-and-player.js line length is 502 characters (>256)
P: freetube source: source-contains-prebuilt-javascript-object src/js/plugins/quality/quality.min.js
P: freetube source: source-contains-prebuilt-javascript-object src/js/plugins/timerailthumbnails/vtt.min.js

N:    The source of the following file is missing. Lintian checked a few
N:    possible paths to find the source, and did not find it.
N:
N:    Please repack your package to include the source or add it to
N:    "debian/missing-sources" directory.
N:
N:    If this is a false-positive, please report a bug against Lintian.
N:
N:    Please note, that insane-line-length-in-source-file tagged files are
N:    likely tagged source-is-missing. It is a feature not a bug.
N:
E: freetube source: source-is-missing src/js/dash.all.min.js
E: freetube source: source-is-missing src/js/mediaelement-and-player.js line length is 502 characters (>256)
E: freetube source: source-is-missing src/js/plugins/timerailthumbnails/vtt.min.js

So that's pretty much it.

[PrestonN]

Any of the mentioned dependencies or errors that you have mentioned I wouldn't really know if they are needed or not. The current deb files are generated automatically through electron-builder without any configuration on my end. If there are no issues with the application itself then we should be okay. I would also ignore the .js errors as it has to do with some minified files included within FreeTube which are there on purpose.

[morfikov]

One day someone would want to push this app to the Debian main repository, and in order to do so, the errors have to be fixed,

[PrestonN]

I can change to un-minified files if that is what's required for being added to the Debian repositories, that isn't much of an issue.

The other issues that you've mentioned I unfortunately wouldn't know how to fix them as they are files that I do not work with in any point of the development process, even during builds.

[morfikov]

Basically everything what starts with E have to be fixed. Others should be fixed.

You can add the full version -- it's ok to have the minified versions, but it looks like lintian wants also the original ones. Spelling can be ignored. And the rest I will try to ask on some Debian mailing list.

[morfikov]

It looks like this project won't get make it to the Debian repository. I was trying to create an Ubuntu PPA instead, but I faced the same issues when I was building the project -- it requires internet access to download the npm modules, and basically automated builders like pbuilder (debian/ubuntu) won't build this kind of source.

You have published two archives in the github release section: Source code (tar.gz) and FreeTube-0.7.0-linux.tar.xz . The second one is an archive of what was built, and it depends on the system architecture. The only thing that can be done here is to setup PPA and repack the FreeTube-0.7.0-linux.tar.xz archive, so users don't have to touch anything after install. This obviously makes it inconvenient to build this project for several architectures, and you can't build it from the current git (only from releases).

I created PPA with FreeTube for amd64, and it works well, but as you can see there's really big problem with packaging this project. Is there something you can do about it? In the current form, I can only build the project locally using pbuilder because it gives the option to turn the network on. Or the alternative is to install all the the needed npm and other build dependencies directly in the system, which ppl should try to avoid (that's why I'm using pbuilder when I build something and I don't have to install any build dependencies).

[PrestonN]

I don't know if you still follow this repo, though I'd be interested in helping out more with this in the rewrite. Let me know if you have the chance to look at the new deb files and what's needed to get them added to a PPA as I'd really like to see FreeTube added to a PPA at some point.

If I don't hear from you in a while, I'll likely close this issue.

[okias]

Can someone push push it to some salsa repository? (even personal -guest) ?

I'd happy to help with improving debian/

Also since lintian prints many warnings, it's best to pass them to the project in different issues (if it's so many of them at once) :+1:

[ghost]

I'm thinking it would make sense to add AudioVideo to the list of categories in freetube.desktop, so it could show up under the Sound & Video header of most menus.

[github-actions[bot]]

This issue is stale because it has been open 28 days with no activity. Remove stale label or comment or this will be closed in 7 days.