These are failing on (surprisingly) the Debian amd64
autobuilder. There were also previous reports of failures on Ubuntu
s390x. Fixing this may require changing the way the default is
calculated.
Ship a new debian package for the notmuch2 CFFI-based Python interface
to notmuch.
Unlike the notmuch python module, the new notmuch2 module is no longer
arch-independent, because it builds and ships a shared object in
addition to the python code.
This patch encourages new downstream development to rely on notmuch2
instead of on notmuch, to get the benefits of the new module.
I welcome any suggested improvements to this packaging, but it appears
to me to be sufficient to get "import notmuch2" to work and do some
basic tests.
Debian's build hardening toolchain options produce binary artifacts
that are more resistant to compromise. The most visible change for
notmuch today is likely to be the addition of the "bindnow" linker
flag, which contributes to making the "Global Offset Table" fully
read-only.
See https://wiki.debian.org/Hardening for more details.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Because ruby generates a Makefile, we have to use recursive make.
Because mkmf.rb hardcodes the name Makefile, put our Makefile{.local}
in the parent directory.
The idea is to allow hardening verification tools (in particular blhc)
to scan the logs. Actually fixing the problem will require modifying
the notmuch configure script to propagate CPPFLAGS.
- enable hardening
- fix dh syntax. Now that we have compat level 9, the old, wrong
syntax is no longer accepted.
- update debian/libnotmuch{3,-dev}.install for multiarch.
- update versioned dependency on debhelper.
This uses dh_python2 (included with sufficiently recent versions of
the python/python-all packages). python-all brings in all of the
supported versions of python. The double calls to dh_auto_install and
friends are to avoid looping over python versions ourselves.
Probably there is a nicer way to do this; perhaps it should be a
configure option.
(cherry picked from commit 387dc520dd68cc805e390f3a1399f85b5d5bd83a)
This avoids patching the version file once per Debian upload.
Original version file is saved and restored.
(cherry picked from commit 2938a98bf4c4abe0426caee4555d889d655bc0df)
David Bremner informs me that shoving everything from the notmuch "git
log" into the debian/changelog is a bit excessive. Instead, we'll
start manually updating this file, (which feels a bit redundant with
NEWS, but perhaps makes us a better Debian-comunity member).
On Bdale Garbee's recommendation I'm switching from gitpkg, (which
constructed a source tree but still required me to go run debuild), to
git-buildpackage. I hadn't originally used git-buildpackage because it
didn't seem to work without a configuration file, (where gitpkg was
fine).
Bdale was kind enough to point me to his fw/altos source at
git.gag.com where I found an example gpb.conf file as well as a target
in debian/rules to automatically update debian/changelog with the new
version number.
And just make the Debian packaging request site-lisp/notmuch like it
wants. Otherwise, the installed files won't appear on the load-path
so won't be found by emacs.
