Review: nethsm-pkcs11 2.0.0-1
Package Information
| Description | PKCS#11 module for Nitrokey NetHSM The Nitrokey NetHSM is a network-attached device for managing cryptographic keys. This module allows to use it as a backend for PKCS#11 operations. |
|---|---|
| Maintainer | Tobias Deiminger <tobias.deiminger@linutronix.de> |
| Changed By | Fabian Grünbichler <debian@fabian.gruenbichler.email> |
| Sponsor | debian@fabian.gruenbichler.email |
| Distribution | unstable |
| Architecture | any |
| VCS | git: https://salsa.debian.org/debian/nethsm-pkcs11.git (browse) |
| Closes | #1113986 |
| Tracker | https://tracker.debian.org/pkg/nethsm-pkcs11 |
| Uploaded | 4 hours ago |
New Package Report
.changes
| Version | 2.0.0-1 |
|---|---|
| Changed-By | Fabian Grünbichler |
| Architecture | source amd64 |
| Distribution | unstable |
| Date | Thu, 05 Mar 2026 21:01:24 +0100 |
| Source | nethsm-pkcs11 |
Changelog
nethsm-pkcs11 (2.0.0-1) unstable; urgency=medium . [ Tobias Deiminger ] * Initial release. (Closes: #1113986) . [ Fabian Grünbichler ] * relax ureq * d/rules: add (Static-)Built-Using * d/control: drop Priority: optional * d/control: drop RRR³ no * d/control: update dependencies * update Standards-Version to 4.7.3
.dsc
| Priority | optional |
|---|---|
| Component | main |
| Package-List | nethsm-pkcs11 deb libs optional arch=any |
| Section | libs |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: nethsm-pkcs11
Upstream-Contact: support@nitrokey.com
Source: https://github.com/Nitrokey/nethsm-pkcs11
Files: *
Copyright:
2015-2016 Brian Smith.
1998-2011 The OpenSSL Project. All rights reserved.
1995-1998 Eric Young (eay@cryptsoft.com)
2015, Google Inc.
2015-2016 the fiat-crypto authors
2023 Nitrokey
License: Apache-2.0
Files:
pkcs11/src/backend/db/attr.rs
pkcs11/src/backend/db/mod.rs
pkcs11/src/backend/db/object.rs
pkcs11/src/backend/mechanism.rs
pkcs11/src/utils.rs
Copyright:
2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2023 Nitrokey
License: Apache-2.0
Files:
fork-tests/pkcs11.h
Copyright:
2006-2007 g10 Code GmbH
2006 Andreas Jellinghaus
2017 Red Hat, Inc.
License: public-domain
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
Files: debian/*
Copyright: 2026 Tobias Deiminger <tobias.deiminger@linutronix.de>
License: Apache-2.0
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian systems, the complete text of the Apache License,
Version 2.0 can be found in '/usr/share/common-licenses/Apache-2.0'.
Review Information
rejected — allocated to awm 2 hours ago, started 2 hours ago, completed 2 hours ago.
Final Comment
For some reason lintian thinks this is an NMU? Is there an issue with
the changelog not matching the version?
Also, see note about public-domain vs CC0, if that's not too onerous to
fix.
Thanks!
Public Notes
2 hours ago
● public
Lintian
Command: lintian -Iiv -L '>=warning' --show-overrides --color=never ../$(basename $PWD)_*.changes
Exit code: 0
N:
W: nethsm-pkcs11 source: no-nmu-in-changelog [debian/changelog:1]
N:
N: When you NMU a package, that fact should be mentioned on the first line in
N: the changelog entry. Use the words "NMU" or "Non-maintainer upload" (case
N: insensitive).
N:
N: Maybe you didn't intend this upload to be a NMU, in that case, please
N: double-check that the most recent entry in the changelog is byte-for-byte
N: identical to the maintainer or one of the uploaders. If this is a local
N: package (not intended for Debian), you can suppress this warning by
N: putting "local" in the version number or "local package" on the first line
N: of the changelog entry.
N:
N: Please refer to Using the DELAYED/ queue (Section 5.11.3) in the Debian
N: Developer's Reference for details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: nmu
N: Renamed from: changelog-should-mention-nmu
N:
N:
W: nethsm-pkcs11 source: source-nmu-has-incorrect-version-number 2.0.0-1 [debian/changelog:1]
N:
N: A source NMU should have a Debian revision of "-x.x" (or "+nmuX" for a
N: native package). This is to prevent stealing version numbers from the
N: maintainer.
N:
N: Maybe you didn't intend this upload to be a NMU, in that case, please
N: double-check that the most recent entry in the changelog is byte-for-byte
N: identical to the maintainer or one of the uploaders. If this is a local
N: package (not intended for Debian), you can suppress this warning by
N: putting "local" in the version number or "local package" on the first line
N: of the changelog entry.
N:
N: Please refer to NMUs and debian/changelog (Section 5.11.2) in the Debian
N: Developer's Reference for details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: nmu
N:
N:
N: Rust library yaml-rust too contains the signature string, but is a pure
N: Rust implementation. Reported in #932634. "Fixed" and marked done, but
N: later reverted in lintian.
O: nethsm-pkcs11: embedded-library libyaml [usr/lib/x86_64-linux-gnu/pkcs11/libnethsm_pkcs11.so]
N:
N: The given ELF object appears to have been statically linked to a library.
N: Doing this is strongly discouraged due to the extra work needed by the
N: security team to fix all the extra embedded copies or trigger the package
N: rebuilds, as appropriate.
N:
N: If the package uses a modified version of the given library it is highly
N: recommended to coordinate with the library's maintainer to include the
N: changes on the system version of the library.
N:
N: Please refer to Embedded code copies (Section 4.13) in the Debian Policy
N: Manual for details.
N:
N: Visibility: error
N: Show-Always: no
N: Check: libraries/embedded
N:
N:
N: Upstream provides no detached tarball signatures; debian/watch uses
N: mode=git,pgpmode=git to verify signed tags instead.
O: nethsm-pkcs11 source: orig-tarball-missing-upstream-signature nethsm-pkcs11_2.0.0.orig.tar.gz
N:
N: The packaging includes an upstream signing key but the corresponding .asc
N: signature for one or more source tarballs are not included in your
N: .changes file.
N:
N: Please ensure a <package>_<version>.orig.tar.<ext>.asc file exists in the
N: same directory as your <package>_<version>.orig.tar.<ext> tarball prior to
N: dpkg-source --build being called.
N:
N: If you are repackaging your source tarballs for Debian Free Software
N: Guidelines compliance reasons, ensure that your package version includes
N: dfsg or similar.
N:
N: Sometimes, an upstream signature must be added for an orig.tar.gz that is
N: already present in the archive. Please include the upstream sources again
N: with dpkg-genchanges -sa while the signature is also present. Your upload
N: will be accepted as long as the new orig.tar.gz file is identical to the
N: old one.
N:
N: Please refer to Bug#954743 and Bug#872864 for details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: upstream-signature
N: