Mateusz, Did you have any questions about what I was asking here? Soren On Tuesday, February 20, 2024 2:40:04 PM MST Soren Stoutner wrote:Mateusz, When compiling locally on my system, the current version of lintian(2.117.0)found the following problems. These are not displayed onmentors.debian.net,leading me to believe they were recently added checks. W: qt5ct: link-to-shared-library-in-wrong-package usr/lib/x86_64-linux-gnu/ libqt5ct-common.so.1.8 [usr/lib/x86_64-linux-gnu/libqt5ct-common.so] N: N: Although this package is not a "-dev" package, it installs a N: "libsomething.so" symbolic link referencing the corresponding shared N: library. When the link doesn't include the version number, it is usedbyN: the linker when other programs are built against this shared library. N: N: Shared libraries are supposed to place such symbolic links in their N: respective "-dev" packages, so it is a bug to include it with the main N: library package. N: N: However, if this is a small package which includes the runtime and the N: development libraries, this is not a bug. In the latter case, please N: override this warning. N: N: Please refer to Development files (Section 8.4) in the Debian Policy N: Manual for details. N: N: Visibility: warning N: Show-Always: no N: Check: libraries/shared/links N: Renamed from: non-dev-pkg-with-shlib-symlink N: N: W: qt5ct: package-name-doesnt-match-sonames libqt5ct-common1.8 N: N: The package name of a library package should usually reflect the soname of N: the included library. The package name can determined from the library N: file name with the following code snippet: N: N: $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/ ^[[:space:]]*SONAME[[:space:]]*//p' | \ N: sed -r -e's/([0-9])\.so\./\1-/; s/\.so(\.|$)//; y/_/-/; s/(.*)/\L&/'N: N: Visibility: warning N: Show-Always: no N: Check: libraries/shared/soname N: N: I: qt5ct: no-symbols-control-file usr/lib/x86_64-linux-gnu/libqt5ct-common.so.1.8 N: N: Although the package includes a shared library, the package does nothaveN: a symbols control file. N: N: dpkg can use symbols files in order to generate more accurate library N: dependencies for applications, based on the symbols from the librarythatN: are actually used by the application. N: N: Please refer to the dpkg-gensymbols(1) manual page and N: https://wiki.debian.org/UsingSymbolsFiles for details. N: N: Visibility: info N: Show-Always: no N: Check: debian/shlibs As noted in the text of the checks, there are scenarios where these do not apply (like small packages that include the runtime and the development files), which appears to be the case with qt5ct. Can you please help me to understand why qt5ct is including this shared library, if there are anyotherpackages in Debian that are building against this library, and if you feel that any of the lintian checks above apply? If you feel they don’t apply I would recommend you add lintian overrides and I will be happy to upload your package. Soren
Hi Soren,
Sorry for delay. I converted the sources into separate libraries in new mentors upload. The soname will change every new version.
Now in lintian only left:
P: qt5ct source: maintainer-manual-page [debian/qt5ct.1]
N:
N: The maintainer keeps a manual page in ./debian. Please
forward the manual
N: page upstream and ask them to include in their version
control system, and
N: in their next release.
N:
N: If the manual page was already forwarded or rejected,
or the upstream is
N: gone, please override the tag and annotate it with a
suitable comment.
N:
N: Please refer to social contract item 2, Coordination
with upstream
N: developers (Section 3.1.4) in the Debian Developer's
Reference, and
N: Changes to the upstream sources (Section 4.3) in the
Debian Policy Manual
N: for details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/manual-pages
N: Renamed from: maintainer-manpage
N:
N:
X: qt5ct source:
debian-watch-does-not-check-openpgp-signature [debian/watch]
N:
N: This watch file does not specify a means to verify the
upstream tarball
N: using a cryptographic signature.
N:
N: If upstream distributions provides such signatures,
please use the
N: pgpsigurlmangle options in this watch file's opts= to
generate the URL of
N: an upstream OpenPGP signature. This signature is
automatically downloaded
N: and verified against a keyring stored in
debian/upstream/signing-key.asc
N:
N: Of course, not all upstreams provide such signatures
but you could request
N: them as a way of verifying that no third party has
modified the code after
N: its release (projects such as phpmyadmin, unrealircd,
and proftpd have
N: suffered from this kind of attack).
N:
N: Please refer to the uscan(1) manual page for details.
N:
N: Visibility: pedantic
N: Show-Always: no
N: Check: debian/watch
N: Renamed from: debian-watch-does-not-check-gpg-signature
N: debian-watch-may-check-gpg-signature
N: This tag is experimental.
-- .''`. Mateusz Łukasik : :' : l0calh0st.pl `. `' Debian Member - mati75@linuxmint.pl `- GPG: D93B 0C12 C8D0 4D7A AFBC FA27 CCD9 1D61 11A0 6851