Debian Bug report logs - #474949
[debsign] Doesn't handle Format: 1.8 .changes files and Checksums-*

version graph

Package: devscripts; Maintainer for devscripts is Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>; Source for devscripts is src:devscripts.

Reported by: Raphael Hertzog <hertzog@debian.org>

Date: Tue, 8 Apr 2008 06:27:01 UTC

Severity: important

Tags: patch

Found in version devscripts/2.10.21

Fixed in version devscripts/2.10.25

Done: Martin Zobel-Helas <zobel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
New Bug report received and forwarded. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Tue, 08 Apr 2008 08:23:06 +0200
Package: devscripts
Version: 2.10.21
Severity: important

dpkg >= 1.14.17 generates *.changes files with Format: 1.8. They provide
new Checksums-*: fields which are similar to the Files: field. And debsign
edits in place the Files: field of changes file and leaves the Checksums-*
fields alone.

This leads to bad things like:
Checksums-Sha1: 
 6d9d7203d65b684bf5474ec8498a59608e2b8e74 781 logidee-tools_1.2.10.dsc
[...]
Checksums-Sha256: 
 d51db2e51d5f5b6fdc8f9ff07a2028d8cfb1f4505ee20f9ed6000be2de6a9234 781 logidee-tools_1.2.10.dsc
[...]
Files: 
 9d350c71dc682afac7a3ad2cb5b1c28a 1053 text optional logidee-tools_1.2.10.dsc
[...]

Notice the size difference. And of course the checksums are wrong in the Checksums-* fields.

debsign shouldn't edit in place a *.changes file if it doesn't know its
format.

-- Package-specific info:

--- /etc/devscripts.conf ---

--- ~/.devscripts ---
DEBRELEASE_UPLOADER=dput
DEBCHANGE_RELEASE_HEURISTIC=changelog
DEBCHANGE_MULTIMAINT_MERGE=yes
DEBCHANGE_PRESERVE=yes
DEBUILD_LINTIAN_OPTS="--color always -I"

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages devscripts depends on:
ii  debianutils                   2.28.4     Miscellaneous utilities specific t
ii  dpkg-dev                      1.14.18    package building tools for Debian
ii  libc6                         2.7-10     GNU C Library: Shared libraries
ii  perl                          5.8.8-12   Larry Wall's Practical Extraction 
ii  sed                           4.1.5-6    The GNU sed stream editor

Versions of packages devscripts recommends:
ii  fakeroot                      1.9.4      Gives a fake root environment

-- no debconf information




Changed Bug title to `[debsign] Doesn't handle Format: 1.8 .changes files and Checksums-*' from `debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers'. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Tue, 08 Apr 2008 06:57:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #12 received at 474949@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: 474949@bugs.debian.org
Cc: joerg@debian.org, debian-dpkg@lists.debian.org
Subject: Re: Bug#474949: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Tue, 8 Apr 2008 12:01:39 +0200
[Message part 1 (text/plain, inline)]
tag 474949 + patch
thanks

On Tue, 08 Apr 2008, Raphael Hertzog wrote:
> dpkg >= 1.14.17 generates *.changes files with Format: 1.8. They provide
> new Checksums-*: fields which are similar to the Files: field. And debsign
> edits in place the Files: field of changes file and leaves the Checksums-*
> fields alone.

Here's a patch that fixes the issue. I would highly appreciate if you
could upload a fixed package today because it's blocking the upload of dpkg
to unstable currently. (And we're tight on schedule with dpkg because of
the base freeze and there are many features in this version of dpkg that
we really want for lenny).

The patch is tested and works fine here. It will generate an error if it
doesn't find a Format: 1.7 or 1.8. It will also generate an error if it
finds a Checksums-* field that it doesn't know about.

Thanks for your help.

Cheers,
-- 
Raphaël Hertzog

Le best-seller français mis à jour pour Debian Etch :
http://www.ouaza.com/livre/admin-debian/
[patch (text/plain, attachment)]

Tags added: patch Request was from Raphael Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Tue, 08 Apr 2008 10:06:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #19 received at 474949@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: "Raphael Hertzog" <hertzog@debian.org>, <474949@bugs.debian.org>
Cc: <joerg@debian.org>, <debian-dpkg@lists.debian.org>
Subject: Re: Bug#474949: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Tue, 8 Apr 2008 11:33:20 +0100
[Message part 1 (text/plain, inline)]
Hi,

Raphael Hertzog wrote:
> On Tue, 08 Apr 2008, Raphael Hertzog wrote:
>> dpkg >= 1.14.17 generates *.changes files with Format: 1.8. They
>> provide new Checksums-*: fields which are similar to the Files:
>> field. And debsign edits in place the Files: field of changes file
>> and leaves the Checksums-* fields alone.
>
> Here's a patch that fixes the issue. I would highly appreciate if you
> could upload a fixed package today because it's blocking the upload
> of dpkg to unstable currently. (And we're tight on schedule with dpkg
> because of the base freeze and there are many features in this
> version of dpkg that we really want for lenny).

I've already committed a patch to SVN which does similar; a copy is attached 
in case anyone can spot any obvious mistakes.

Adam 
[debsign_checksums.diff (application/octet-stream, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #24 received at 474949@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 474949@bugs.debian.org, joerg@debian.org, debian-dpkg@lists.debian.org
Subject: Re: Bug#474949: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Tue, 8 Apr 2008 14:35:33 +0200
On Tue, 08 Apr 2008, Adam D. Barratt wrote:
> I've already committed a patch to SVN which does similar; a copy is 
> attached in case anyone can spot any obvious mistakes.

Seems to work fine here. I'd suggest using case-insensitive matching (//i)
for /^Files: / and /^Checksums-(Sha1|Sha256): /. The field name are case
insensitive in theory.

The usage of a temporary file is a nice improvement compared to my patch.
The duplication of code for each checksum is a slight regression however.
;-) (not a big deal though)

A+
-- 
Raphaël Hertzog

Le best-seller français mis à jour pour Debian Etch :
http://www.ouaza.com/livre/admin-debian/




Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #29 received at 474949@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Raphael Hertzog <hertzog@debian.org>, 474949@bugs.debian.org, joerg@debian.org, debian-dpkg@lists.debian.org
Subject: Re: Bug#474949: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Tue, 08 Apr 2008 20:16:58 +0200
Raphael Hertzog wrote:
> tag 474949 + patch
> thanks
> 
> On Tue, 08 Apr 2008, Raphael Hertzog wrote:
>> dpkg >= 1.14.17 generates *.changes files with Format: 1.8. They provide
>> new Checksums-*: fields which are similar to the Files: field. And debsign
>> edits in place the Files: field of changes file and leaves the Checksums-*
>> fields alone.
> 
> Here's a patch that fixes the issue. I would highly appreciate if you
> could upload a fixed package today because it's blocking the upload of dpkg
> to unstable currently. (And we're tight on schedule with dpkg because of
> the base freeze and there are many features in this version of dpkg that
> we really want for lenny).

A freeze date is not a date to target major uploads at... You might be
aware that dpkg is currently already frozen and a release update posting
is pending...

Note that in particular the triggers support and any RC bug fixes are
still candidates for migration to testing, though other features might
not be depending on their impact...

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Adam D. Barratt <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #34 received at 474949@bugs.debian.org (full text, mbox):

From: Adam D. Barratt <adam@adam-barratt.org.uk>
To: control@bugs.debian.org
Cc: 474949@bugs.debian.org, 475034@bugs.debian.org, 475075@bugs.debian.org
Subject: setting package to devscripts, tagging 475075, tagging 475034, tagging 474949
Date: Tue, 08 Apr 2008 23:30:40 +0100
# Automatically generated email from bts, devscripts version 2.10.24
#
# devscripts (2.10.25) UNRELEASED; urgency=low
#
#  * debchange: Escape arguments to --local (Closes: #475034)
#  * debdiff: Ensure arguments to --exclude are properly quoted in case they
#    contain shell meta-characters (Closes: #475075)
#  * debsign:
#    + Add support for the new Checksums-Sha* .changes file fields
#      introduced by dpkg 1.14.17 (Closes: #474949)
#    + Abort if any unknown Checksums-* fields are found in the .changes
#      file
#    + Abort if the Format field of the .changes file is unsupported
#      (greater than 1.8, less than 1.7 or non-numeric)
#    + Use a case-insensitive search for field names
#

package devscripts
tags 475075 + pending
tags 475034 + pending
tags 474949 + pending





Tags added: pending Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Tue, 08 Apr 2008 22:33:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #41 received at 474949@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: Luk Claes <luk@debian.org>
Cc: Raphael Hertzog <hertzog@debian.org>, 474949@bugs.debian.org, joerg@debian.org, debian-dpkg@lists.debian.org
Subject: Re: Bug#474949: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Wed, 9 Apr 2008 06:58:19 +0300
Hi,

On Tue, 2008-04-08 at 20:16:58 +0200, Luk Claes wrote:
> Raphael Hertzog wrote:
> > On Tue, 08 Apr 2008, Raphael Hertzog wrote:
> >> dpkg >= 1.14.17 generates *.changes files with Format: 1.8. They provide
> >> new Checksums-*: fields which are similar to the Files: field. And debsign
> >> edits in place the Files: field of changes file and leaves the Checksums-*
> >> fields alone.
> > 
> > Here's a patch that fixes the issue. I would highly appreciate if you
> > could upload a fixed package today because it's blocking the upload of dpkg
> > to unstable currently. (And we're tight on schedule with dpkg because of
> > the base freeze and there are many features in this version of dpkg that
> > we really want for lenny).
> 
> A freeze date is not a date to target major uploads at...

I don't see any problem with adding features up to the point of the
freeze, and I think others on the team share the same opinion.

> You might be aware that dpkg is currently already frozen and a release
> update posting is pending...

I don't think anyone on the team was aware of this until now, neither of
any exact date this would be happening (and I try to keep an eye on the
irc channel and release mailing list).

> Note that in particular the triggers support and any RC bug fixes are
> still candidates for migration to testing, though other features might
> not be depending on their impact...

I can understand that the freeze imposes a feature freeze on those
packages, but not that it restricts to only RC bug fixes at this point
when there's still 5-6 months to the target release date.

regards,
guillem




Information forwarded to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <pkg-devscripts@teams.debian.net>:
Bug#474949; Package devscripts. Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <pkg-devscripts@teams.debian.net>. Full text and rfc822 format available.

Message #46 received at 474949@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 474949@bugs.debian.org, joerg@debian.org, debian-dpkg@lists.debian.org
Subject: Re: Bug#474949: debsign: deals badly with Format: 1.8 .changes files and new Checksums-* headers
Date: Wed, 09 Apr 2008 07:32:48 +0200
Guillem Jover wrote:
> Hi,

Hi

> On Tue, 2008-04-08 at 20:16:58 +0200, Luk Claes wrote:
>> Raphael Hertzog wrote:
>>> On Tue, 08 Apr 2008, Raphael Hertzog wrote:
>>>> dpkg >= 1.14.17 generates *.changes files with Format: 1.8. They provide
>>>> new Checksums-*: fields which are similar to the Files: field. And debsign
>>>> edits in place the Files: field of changes file and leaves the Checksums-*
>>>> fields alone.
>>> Here's a patch that fixes the issue. I would highly appreciate if you
>>> could upload a fixed package today because it's blocking the upload of dpkg
>>> to unstable currently. (And we're tight on schedule with dpkg because of
>>> the base freeze and there are many features in this version of dpkg that
>>> we really want for lenny).
>> A freeze date is not a date to target major uploads at...
> 
> I don't see any problem with adding features up to the point of the
> freeze, and I think others on the team share the same opinion.

It's a problem as the package would still need to migrate while being
frozen...

>> You might be aware that dpkg is currently already frozen and a release
>> update posting is pending...
> 
> I don't think anyone on the team was aware of this until now, neither of
> any exact date this would be happening (and I try to keep an eye on the
> irc channel and release mailing list).

It was announced very early that the toolchain freeze would be early
april...

>> Note that in particular the triggers support and any RC bug fixes are
>> still candidates for migration to testing, though other features might
>> not be depending on their impact...
> 
> I can understand that the freeze imposes a feature freeze on those
> packages, but not that it restricts to only RC bug fixes at this point
> when there's still 5-6 months to the target release date.

Please read again...

Cheers

Luk




Reply sent to Martin Zobel-Helas <zobel@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Raphael Hertzog <hertzog@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #51 received at 474949-close@bugs.debian.org (full text, mbox):

From: Martin Zobel-Helas <zobel@debian.org>
To: 474949-close@bugs.debian.org
Subject: Bug#474949: fixed in devscripts 2.10.25
Date: Wed, 09 Apr 2008 14:32:03 +0000
Source: devscripts
Source-Version: 2.10.25

We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive:

devscripts_2.10.25.dsc
  to pool/main/d/devscripts/devscripts_2.10.25.dsc
devscripts_2.10.25.tar.gz
  to pool/main/d/devscripts/devscripts_2.10.25.tar.gz
devscripts_2.10.25_i386.deb
  to pool/main/d/devscripts/devscripts_2.10.25_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 474949@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Zobel-Helas <zobel@debian.org> (supplier of updated devscripts package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 09 Apr 2008 16:04:36 +0200
Source: devscripts
Binary: devscripts
Architecture: source i386
Version: 2.10.25
Distribution: unstable
Urgency: low
Maintainer: Devscripts Devel Team <pkg-devscripts@teams.debian.net>
Changed-By: Martin Zobel-Helas <zobel@debian.org>
Description: 
 devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 474949 475034 475075
Changes: 
 devscripts (2.10.25) unstable; urgency=low
 .
   [ Adam D. Barratt ]
   * debchange: Escape arguments to --local (Closes: #475034)
   * debdiff: Ensure arguments to --exclude are properly quoted in case they
     contain shell meta-characters (Closes: #475075)
   * debsign:
     + Add support for the new Checksums-Sha* .changes file fields
       introduced by dpkg 1.14.17 (Closes: #474949)
     + Abort if any unknown Checksums-* fields are found in the .changes
       file
     + Abort if the Format field of the .changes file is unsupported
       (greater than 1.8, less than 1.7 or non-numeric)
     + Use a case-insensitive search for field names
 .
   [ James Vega ]
   * debian/control: Set subversion as the first VCS Recommends alternative.
Files: 
 b19098cbcb41bd859361917d6ad2cc49 1210 devel optional devscripts_2.10.25.dsc
 272515fb420c45acf1313751e1d64dfa 542789 devel optional devscripts_2.10.25.tar.gz
 967f1e080de8f3ab7b7715777058b7e6 457336 devel optional devscripts_2.10.25_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH/M8vST77jl1k+HARAtcKAKCEmt8hu2a3aiglvHNVU6XIDm7EBwCfZfyk
oU410OiDucHs4yJlIHdYyNE=
=wqn3
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 09 May 2008 07:47:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:46:37 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.