3485
Comment: initial page
|
6035
fix package names
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
/* * '''Website''': http://pkg-security.alioth.debian.org/ */ * '''Alioth Project''': https://alioth.debian.org/projects/pkg-security |
|
Line 8: | Line 6: |
* '''Git repositories''': http://anonscm.debian.org/cgit/?q=pkg-security | * NOTE: Join this team to get the maintainer emails for all our packages. * '''Git repositories''': https://salsa.debian.org/pkg-security-team |
Line 12: | Line 11: |
* '''Mailing list''': pkg-security-team@lists.alioth.debian.org ([[https://lists.alioth.debian.org/mailman/listinfo/pkg-security-team|subscription page]]) /* * '''Public IRC channel''': #debian-pkg-security on irc.debian.org (OFTC) */ |
* '''Mailing list''': debian-security-tools@lists.debian.org ([[https://lists.debian.org/debian-security-tools/|subscription page]]) * '''Public IRC channel''': #debian-pkg-security on irc.debian.org (OFTC) |
Line 17: | Line 16: |
* RaphaelHertzog is project admin on alioth * Gianfranco Costamagna is project admin on alioth |
* RaphaelHertzog is owner on salsa.debian.org * Gianfranco Costamagna is owner on salsa.debian.org * Mika Prokop is owner on salsa.debian.org * Samuel Henrique is responsible for maintaining the page which has info about [[https://wiki.debian.org/Teams/pkg-security/kali-packages|kali packages and what lacks for them to be added to debian]] |
Line 26: | Line 27: |
* <<Icon(star_on.png)>> Prepare a patch for a [[https://bugs.debian.org/cgi-bin/pkgreport.cgi?maint=pkg-security-team%40lists.alioth.debian.org|bug on a team maintained package]]. * <<Icon(star_on.png)>><<Icon(star_on.png)>> Import a [[http://pkg.kali.org/derivative/kali-dev/|Kali package]] and clean it up so that we can upload it to Debian. |
* <<Icon(star_on.png)>> Prepare a patch for a [[https://bugs.debian.org/cgi-bin/pkgreport.cgi?maint=team%2Bpkg-security%40tracker.debian.org;maint=forensics-devel%40lists.alioth.debian.org;maint=pkg-security-team%40lists.alioth.debian.org|bug on a team maintained package]]. * <<Icon(star_on.png)>><<Icon(star_on.png)>> Write [[https://salsa.debian.org/ci-team/autopkgtest/raw/master/doc/README.package-tests.rst|autopkgtests]] for any of [[https://salsa.debian.org/pkg-security-team|our packages]]. * <<Icon(star_on.png)>><<Icon(star_on.png)>> Import a [[http://pkg.kali.org/derivative/kali-dev/|Kali package]] and clean it up so that we can upload it to Debian, you can also have a look at Samuel's maintained [[https://wiki.debian.org/Teams/pkg-security/kali-packages|page]] to check for the work needed on a given Kali package. |
Line 32: | Line 34: |
=== Checking out all repositories === You can retrieve all repositories of the team: {{{ $ sudo apt install myrepos $ mr bootstrap https://salsa.debian.org/pkg-security-team/pkg-security-team/raw/master/mrconfig pkg-security-team }}} You can easily config "mr" to retrieve all repositories of the team: {{{ $ sudo apt install myrepos $ git clone git@salsa.debian.org:pkg-security-team/pkg-security-team.git $ cd pkg-security-team $ bin/setup-team-repos [...] }}} That repository also contain other helper scripts to create a new repository and to enforce common settings across all projects of the team. |
|
Line 34: | Line 57: |
We use [[http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.html|git-buildpackage]] with full sources stored in the repository and with pristine-tar to be able to retrieve the orig tarball out of the git repository. We strive to respect [[http://dep.debian.net/deps/dep14/|DEP-14|]] for he repository layout. You can create a new git repository by logging into git.debian.org and by running /git/pkg-security/setup-repository. Here's an example to create a repository for ssldump: {{{ $ ssh git.debian.org foo@moszumanska:~$ cd /git/pkg-security/ foo@moszumanska:/git/pkg-security$ ./setup-repository ssldump }}} The repository's HEAD will point to {{{debian/master}}} the default packaging branch suggested by DEP-14. The git hooks will send commit emails to the [[https://tracker.debian.org|package tracker]] and will tag any fixed bug as "pending". |
We use [[http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.html|git-buildpackage]] with full sources stored in the repository and with pristine-tar to be able to retrieve the orig tarball out of the git repository. We strive to respect [[https://dep-team.pages.debian.net/deps/dep14/|DEP-14|]] for the repository layout so the default branch should be "debian/master". |
Line 61: | Line 75: |
[dch] multimaint-merge = True ignore-branch = True |
|
Line 65: | Line 83: |
=== Creating new repositories === [[https://salsa.debian.org/groups/pkg-security-team/-/group_members|Salsa team's masters and owners]] can create new repositories. If you don't have the required permissions, feel free to ask for a new repository on the project mailing list. Someone will set it up for you and grant you full access to it. When you create a new repository, you should configure it in the following way: * open the page "settings > integration", now click on "Emails on push" and configure the project to send git commit notices to dispatch@tracker.debian.org * on the same page, click on "Irker (IRC gateway)" and enable it with the following settings: * Active: checked * Trigger: Push * Server host: ruprecht.snow-crash.org * Server port: (leave empty for default value) * Default IRC URI: ircs://irc.oftc.net:6697/ * Recipients: #debian-pkg-security * Colorize messages: checked * again on the same page, add a new webhook by filling the form in the following way: * URL: `https://webhook.salsa.debian.org/tagpending/<sourcepackage>` (replace `<sourcepackage>` by the name of the source package) * Push events: checked * Enable SSL verification: checked * All other entries: unchecked All this can be automated with "bin/create-repo" or "bin/update-repos" from the pkg-security-team project. |
|
Line 68: | Line 109: |
=== Maintainer field === The Maintainer field should be set to `Debian Security Tools <team+pkg-security@tracker.debian.org>`. That way the package will be automatically added to the pkg-security team on tracker.debian.org and the discussion mailing list is not polluted with bug reports and all other maintainer emails. |
Debian Security Tools Packaging Team (pkg-security)
Infrastructure
Package tracker team: https://tracker.debian.org/teams/pkg-security/
- NOTE: Join this team to get the maintainer emails for all our packages.
Git repositories: https://salsa.debian.org/pkg-security-team
Interacting with the team
Mailing list: debian-security-tools@lists.debian.org (subscription page)
Public IRC channel: #debian-pkg-security on irc.debian.org (OFTC)
Usual roles
RaphaelHertzog is owner on salsa.debian.org
- Gianfranco Costamagna is owner on salsa.debian.org
- Mika Prokop is owner on salsa.debian.org
Samuel Henrique is responsible for maintaining the page which has info about kali packages and what lacks for them to be added to debian
Task description
Maintain correctly all security related tools. Merge back tools packaged by security-oriented Debian derivatives.
Get involved
Prepare a patch for a bug on a team maintained package.
Write autopkgtests for any of our packages.
Import a Kali package and clean it up so that we can upload it to Debian, you can also have a look at Samuel's maintained page to check for the work needed on a given Kali package.
Package new security related tools (the Kali bug tracker is full of suggestions, please package something only if you use the tool or if it provides some interesting features not covered by existing packages)
Packaging rules
Checking out all repositories
You can retrieve all repositories of the team:
$ sudo apt install myrepos $ mr bootstrap https://salsa.debian.org/pkg-security-team/pkg-security-team/raw/master/mrconfig pkg-security-team
You can easily config "mr" to retrieve all repositories of the team:
$ sudo apt install myrepos $ git clone git@salsa.debian.org:pkg-security-team/pkg-security-team.git $ cd pkg-security-team $ bin/setup-team-repos [...]
That repository also contain other helper scripts to create a new repository and to enforce common settings across all projects of the team.
Git packaging tool and repository layout
We use git-buildpackage with full sources stored in the repository and with pristine-tar to be able to retrieve the orig tarball out of the git repository. We strive to respect DEP-14 for the repository layout so the default branch should be "debian/master".
For a better experience you might want to set the following options in ~/.gbp.conf:
[DEFAULT] pristine-tar = True cleaner = /bin/true [buildpackage] sign-tags = True export-dir = ../build-area/ ignore-branch = True [import-orig] filter-pristine-tar = True [pq] patch-numbers = False [dch] multimaint-merge = True ignore-branch = True
The "ignore-branch" is important so that git-buildpackage doesn't complain of the unexpected name of the packaging branch. The "export-dir" setting ensures builds are done on a separate copy of the sources, thus avoiding to pollute/break the git repository with build artifacts.
Creating new repositories
Salsa team's masters and owners can create new repositories. If you don't have the required permissions, feel free to ask for a new repository on the project mailing list. Someone will set it up for you and grant you full access to it.
When you create a new repository, you should configure it in the following way:
open the page "settings > integration", now click on "Emails on push" and configure the project to send git commit notices to dispatch@tracker.debian.org
- on the same page, click on "Irker (IRC gateway)" and enable it with the following settings:
- Active: checked
- Trigger: Push
- Server host: ruprecht.snow-crash.org
- Server port: (leave empty for default value)
Default IRC URI: ircs://irc.oftc.net:6697/
- Recipients: #debian-pkg-security
- Colorize messages: checked
- again on the same page, add a new webhook by filling the form in the following way:
URL: https://webhook.salsa.debian.org/tagpending/<sourcepackage> (replace <sourcepackage> by the name of the source package)
- Push events: checked
- Enable SSL verification: checked
- All other entries: unchecked
All this can be automated with "bin/create-repo" or "bin/update-repos" from the pkg-security-team project.
Packaging helper
We use the "dh" command provided by debhelper to ensure we have short but expressive debian/rules files.
Maintainer field
The Maintainer field should be set to Debian Security Tools <team+pkg-security@tracker.debian.org>. That way the package will be automatically added to the pkg-security team on tracker.debian.org and the discussion mailing list is not polluted with bug reports and all other maintainer emails.