As part of my work at Collabora, I work among other things on Apertis which is a Debian derivative. Because upstreaming our work is a key part of the Apertis policy and more broadly to the Collabora policy, thus it allows me to contribute to Debian.

Debian

Here is a list of contribution I have done during the previous month:

pipewire, the new audio server of all major Linux distributions, was updated to 1.0.2 and quickly after to 1.0.3 fixing a bug with the alsa plugin. As usual, this new version was also uploaded to bookworm-backports and to bullseye-backports-sloppy allowing users of previous Debian releases to enjoy improvements of PipeWire.
wireplumber, the session/policy manager of PipeWire, was updated to 0.4.82 in the experimental repository making it easier for users to test the future 0.5 version.
weston, the reference implementation of a Wayland compositor, tests at build time are now fatal for a subset of architectures (since they are known to fail on some arches: GL#739). Moreover, they are now used as autopkgtest allowing me to quickly detect new failures.
gfxreconstruct, tools for the capture and replay of graphics API calls, was updated to 1.0.2.
vulkan-volk,a meta-loader for Vulkan, was updated to 1.3.275.0 to sync with other Vulkan packages in Debian, especially since it’s a new Build-Deps of vulkan-tools.
optee-os, a kind of mini OS running in the ARM TrustZone, was accepted in Debian \o/ and was updated to 4.1.0 to align to the version of optee-client available in Debian/sid. I started importing changes from Apertis like building optee-os for QEMU. I still have to package development files allowing to build Trusted Applications.
arm-trusted-firmware, like for optee-os, I started importing change to enable QEMU support.
dav1d, a fast and small AV1 video stream decoder, was updated to 1.4.0. This version adds support of two new architectures: RISC-V and LoongArch, adds new optimizations as usual and fixes CVE-2024-1580.
svt-av1, an AV1 encoder and decoder, no news regarding the packaging, but some discussions happened upstream about the ABI breakage issue and the lack of soname change, it looks like this will be properly handled, see GL#2099.

Apertis

Of course, most the Debian contributions above landed in Apertis (or will land in the next Apertis releases). Here’s some potentially interesting work I did in Apertis:

I rebuilt all packages in Apertis v2025dev1 with the new Apertis profile in dpkg. This profile leads to new build failures. Because of the new default build flags -Wformat-overflow=2 and -Wformat-truncation=2, new warnings are emitted during build but because upstream defines -Werror, all warnings are treated as errors what causes build to fail. As workaround, all these packages are now build with -Wno-error=format-overflow and -Wno-error=format-truncation.
A Debian security update of nodejs was actually a new upstream version (i.e. from 18.13 to 18.19), but unfortunately this version is not fully compatible since it led to the build failure of ~ 50 node packages which were not already fixed in Debian (#1063530). We had to fix all of these packages in Apertis to avoid delaying the release of Apertis v2024.
I started investigate the use of scancode-toolkit to replace scan-copyright in our pipeline. Mainly because scan-copyright is a Debian tool without a real community behind it and sometimes detect a wrong license. scancode is well maintained upstream and integrated with OSS Review Toolkit that is already used in Apertis to generate SBOM.
I wrote a small guide to enable lintian in Apertis ci-package-builder pipeline. I hope it will be useful to help newcomers with packaging.
I finalized the support of testing Apertis HMI images for Raspberry Pi 4 through LAVA. Now, results of these tests are displayed at qa.apertis.org.
opencv is now available in Apertis v2023 and v2025dev2 after having disabled features that doesn’t match the Apertis’s License Expectations.

See you next month!

References

– Dylan