Debian Bug report logs - #819194
dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Thu, 24 Mar 2016 13:40:00 -0400

[Message part 1 (text/plain, inline)]

Package: dpkg-dev
Version: 1.18.4
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath

Compilers tend to inject the current path of the filesystem into the
debug symbols, so that the debugger can find the sourcecode.  But this
isn't actually useful for packages shipped as binaries, because the
path on the build machine isn't relevant on the deployed machine.

It also causes problems for reproducible builds, because the same
source built in two different locations in the filesystem will result
in two different sets of debug symbols.

With gcc (and soon clang, see #819185), you can re-map the path stored
in the debug symbols with -fdebug-prefix-map, so it can be used to
normalize the paths stored in the debug symbols.

The attached patch adds a "normalizedebugpath" feature to the
"reproducible" feature set, which appends -fdebug-prefix-map=CWD=.
(where CWD is the actual current working directory) to CFLAGS and
CXXFLAGS.  It is off by default.

Regards,

        --dkg

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dpkg-dev depends on:
ii  base-files    9.6
ii  binutils      2.26-5
ii  bzip2         1.0.6-8
ii  libdpkg-perl  1.18.4
ii  make          4.1-9
ii  patch         2.7.5-1
ii  xz-utils      5.1.1alpha+20120614-2.1

Versions of packages dpkg-dev recommends:
ii  build-essential          11.7
ii  clang-3.5 [c-compiler]   1:3.5.2-3
ii  clang-3.6 [c-compiler]   1:3.6.2-3
ii  clang-3.7 [c-compiler]   1:3.7.1-2
ii  fakeroot                 1.20.2-1
ii  gcc [c-compiler]         4:5.3.1-1
ii  gcc-5 [c-compiler]       5.3.1-12
ii  gnupg                    1.4.20-4
ii  gnupg2                   2.1.11-6
ii  gpgv                     1.4.20-4
ii  gpgv2                    2.1.11-6
pn  libalgorithm-merge-perl  <none>
ii  tcc [c-compiler]         0.9.27~git20151227.933c223-1

Versions of packages dpkg-dev suggests:
ii  debian-keyring  2016.03.22

-- debconf-show failed

[0001-add-normalizedebugpath-to-reproducible-featureset.patch (text/x-diff, attachment)]

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 819194@bugs.debian.org

Cc: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Mon, 28 Mar 2016 23:26:17 +0200

Hi!

On Thu, 2016-03-24 at 13:40:00 -0400, Daniel Kahn Gillmor wrote:
> Package: dpkg-dev
> Version: 1.18.4
> Severity: wishlist
> Tags: patch
> User: reproducible-builds@lists.alioth.debian.org
> Usertags: buildpath

> Compilers tend to inject the current path of the filesystem into the
> debug symbols, so that the debugger can find the sourcecode.  But this
> isn't actually useful for packages shipped as binaries, because the
> path on the build machine isn't relevant on the deployed machine.
> 
> It also causes problems for reproducible builds, because the same
> source built in two different locations in the filesystem will result
> in two different sets of debug symbols.
> 
> With gcc (and soon clang, see #819185), you can re-map the path stored
> in the debug symbols with -fdebug-prefix-map, so it can be used to
> normalize the paths stored in the debug symbols.

Ah great! And one less way to leak local information.

> The attached patch adds a "normalizedebugpath" feature to the
> "reproducible" feature set, which appends -fdebug-prefix-map=CWD=.
> (where CWD is the actual current working directory) to CFLAGS and
> CXXFLAGS.  It is off by default.

Looks good to me, but shouldn't we try to set more language flags
here?

Thanks,
Guillem

Message #20 received at submit@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Guillem Jover <guillem@debian.org>, 819194@bugs.debian.org

Cc: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Mon, 28 Mar 2016 18:33:49 -0400

Hi Guillem--

On Mon 2016-03-28 17:26:17 -0400, Guillem Jover wrote:
> Ah great! And one less way to leak local information.

yep :)

>> The attached patch adds a "normalizedebugpath" feature to the
>> "reproducible" feature set, which appends -fdebug-prefix-map=CWD=.
>> (where CWD is the actual current working directory) to CFLAGS and
>> CXXFLAGS.  It is off by default.
>
> Looks good to me, but shouldn't we try to set more language flags
> here?

which other flags are you thinking of?  I think of this as belonging to
anything that writes C/C++ debug symbols, and i haven't considered or
tested it on non-C/C++ code.  If -fdebug-prefix-map is appropriate
elsewhere, i certainly have no objection to including it elsewhere, but
i don't know where that is.

      --dkg

Message #30 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 819194@bugs.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Tue, 29 Mar 2016 01:51:57 +0200

Hi!

On Mon, 2016-03-28 at 18:33:49 -0400, Daniel Kahn Gillmor wrote:
> On Mon 2016-03-28 17:26:17 -0400, Guillem Jover wrote:
> >> The attached patch adds a "normalizedebugpath" feature to the
> >> "reproducible" feature set, which appends -fdebug-prefix-map=CWD=.
> >> (where CWD is the actual current working directory) to CFLAGS and
> >> CXXFLAGS.  It is off by default.
> >
> > Looks good to me, but shouldn't we try to set more language flags
> > here?
> 
> which other flags are you thinking of?  I think of this as belonging to
> anything that writes C/C++ debug symbols, and i haven't considered or
> tested it on non-C/C++ code.  If -fdebug-prefix-map is appropriate
> elsewhere, i certainly have no objection to including it elsewhere, but
> i don't know where that is.

I was thinking about the other language flags that dpkg-dev currently
supports, namely: OBJCFLAGS, OBJCXXFLAGS, GCJFLAGS, FFLAGS and
FCFLAGS. As I think all those should produce DWARF debugging symbols,
they would benefit from the option.

Thanks,
Guillem

Message #35 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Guillem Jover <guillem@debian.org>, 819194@bugs.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Mon, 28 Mar 2016 20:18:11 -0400

On Mon 2016-03-28 19:51:57 -0400, Guillem Jover wrote:
> I was thinking about the other language flags that dpkg-dev currently
> supports, namely: OBJCFLAGS, OBJCXXFLAGS, GCJFLAGS, FFLAGS and
> FCFLAGS. As I think all those should produce DWARF debugging symbols,
> they would benefit from the option.

Ah, OK.  That sounds reasonable to me but i haven't tested any of them.
Do you want me to propose a patch, or are you OK taking it from here?

   --dkg

Message #40 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 819194@bugs.debian.org

Cc: Guillem Jover <guillem@debian.org>, reproducible-builds@lists.alioth.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Tue, 29 Mar 2016 20:58:32 -0400

[Message part 1 (text/plain, inline)]

Hi,

not wanting to spoil the fun, but…

On Mon, Mar 28, 2016 at 06:33:49PM -0400, Daniel Kahn Gillmor wrote:
> > Ah great! And one less way to leak local information.
> yep :)

I *believe* it's not enough (for reproducible builds in arbitrary
pathes) if gcc+clang can now cope. IIRC there are other compilers that
have the same behaviour, eg ocaml and erlang, but probably others too.

Someone shoulds to check this and confirm or deny though.


-- 
cheers,
	Holger

P.S.: besides that, truely nice work!

[signature.asc (application/pgp-signature, inline)]

Message #45 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Holger Levsen <holger@layer-acht.org>, 819194@bugs.debian.org

Cc: Guillem Jover <guillem@debian.org>, reproducible-builds@lists.alioth.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Tue, 29 Mar 2016 21:36:00 -0400

On Tue 2016-03-29 20:58:32 -0400, Holger Levsen wrote:
> not wanting to spoil the fun, but…
>
> On Mon, Mar 28, 2016 at 06:33:49PM -0400, Daniel Kahn Gillmor wrote:
>> > Ah great! And one less way to leak local information.
>> yep :)
>
> I *believe* it's not enough (for reproducible builds in arbitrary
> pathes) if gcc+clang can now cope. IIRC there are other compilers that
> have the same behaviour, eg ocaml and erlang, but probably others too.
>
> Someone shoulds to check this and confirm or deny though.

This isn't fun-spoiling, it's a useful reality check.  But if we were
required to get all the way to 100% before we made any progress, then
reproducible builds wouldn't have gotten off the ground at all.

The changes proposed in this bug report are a good step that should
handle a very large proportion of the debian archive.  The fact that
there will remain corners of the archive that need additional work is
fine: we can turn our attention to the remaining 20% once we get 80% of
the buildpaths resolved.

    -dkg

Message #50 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Cc: 819194@bugs.debian.org, Guillem Jover <guillem@debian.org>, reproducible-builds@lists.alioth.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Tue, 29 Mar 2016 21:52:53 -0400

[Message part 1 (text/plain, inline)]

Hi,

On Tue, Mar 29, 2016 at 09:36:00PM -0400, Daniel Kahn Gillmor wrote:
> This isn't fun-spoiling, it's a useful reality check.  But if we were
> required to get all the way to 100% before we made any progress, then
> reproducible builds wouldn't have gotten off the ground at all.

it's surely progress on the gcc/clang side of things but dropping the
build path from the .buildinfo files would be a huge step *backwards*
for reproducibility…

> The changes proposed in this bug report are a good step that should
> handle a very large proportion of the debian archive.  The fact that
> there will remain corners of the archive that need additional work is
> fine: we can turn our attention to the remaining 20% once we get 80% of
> the buildpaths resolved.

true. 

my point was: I think we still need the build path in the .buildinfo files.

(And btw, this (build path in buildinfo files) is not what *this* bug report 
is about. but it's related.)

Also, c/c++ packages today only make up a small portion of the archive.
Probably this famous someone should do a rebuild of the archive, using
our toolchain (and this patch), using arbitrary build pathes.


-- 
cheers,
	Holger

[signature.asc (application/pgp-signature, inline)]

Message #55 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Holger Levsen <holger@layer-acht.org>

Cc: 819194@bugs.debian.org, Guillem Jover <guillem@debian.org>, reproducible-builds@lists.alioth.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Wed, 30 Mar 2016 02:19:02 -0400

On Tue 2016-03-29 21:52:53 -0400, Holger Levsen wrote:
> it's surely progress on the gcc/clang side of things but dropping the
> build path from the .buildinfo files would be a huge step *backwards*
> for reproducibility…

No one is arguing for dropping the build path from .buildinfo files.

As we discussed at the reproducible summit, .buildinfo files serve two
purposes:

 0) they document the environment used during a specific build, to a
    level of detail that should make it at least possible to reproduce
    the build.

 1) they also document things that should *not* be necessary to
    reproduce the build, but might be under some circumstances, or for
    some packages.

I think the build path falls into category (1) here.

In an ideal scenario, we could have two buildinfo files with variations
on the build environment (buildpath, minor versions of build-deps, etc)
and *still* have reproducible binary outputs.  This would let us know
that the variations in question are not things that cause variation in
the output.

> Also, c/c++ packages today only make up a small portion of the archive.
> Probably this famous someone should do a rebuild of the archive, using
> our toolchain (and this patch), using arbitrary build pathes.

yes, that would be great!

     --dkg

Message #60 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: Holger Levsen <holger@layer-acht.org>, 819194@bugs.debian.org

Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, reproducible-builds@lists.alioth.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Wed, 30 Mar 2016 10:36:30 +0200

Hi!

On Tue, 2016-03-29 at 21:52:53 -0400, Holger Levsen wrote:
> On Tue, Mar 29, 2016 at 09:36:00PM -0400, Daniel Kahn Gillmor wrote:
> > This isn't fun-spoiling, it's a useful reality check.  But if we were
> > required to get all the way to 100% before we made any progress, then
> > reproducible builds wouldn't have gotten off the ground at all.
> 
> it's surely progress on the gcc/clang side of things but dropping the
> build path from the .buildinfo files would be a huge step *backwards*
> for reproducibility…

I concur with Daniel, I don't see anyone suggesting to drop the build
path from the .buildinfo file just yet. But as long as that field does
not leak information I'm ok with having it there. I think eventually
it should be dropped because nothing should be recording the build
path in the build, and the build should really be independent of that.

> > The changes proposed in this bug report are a good step that should
> > handle a very large proportion of the debian archive.  The fact that
> > there will remain corners of the archive that need additional work is
> > fine: we can turn our attention to the remaining 20% once we get 80% of
> > the buildpaths resolved.
> 
> true.
> 
> my point was: I think we still need the build path in the .buildinfo files.

For now probably yes.

> Also, c/c++ packages today only make up a small portion of the archive.
> Probably this famous someone should do a rebuild of the archive, using
> our toolchain (and this patch), using arbitrary build pathes.

That's why I mentioned that the other language flages be included so
that we get better coverage besides C/C++.

Thanks,
Guillem

Message #65 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 819194@bugs.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Wed, 30 Mar 2016 10:39:32 +0200

Hi!

On Mon, 2016-03-28 at 20:18:11 -0400, Daniel Kahn Gillmor wrote:
> On Mon 2016-03-28 19:51:57 -0400, Guillem Jover wrote:
> > I was thinking about the other language flags that dpkg-dev currently
> > supports, namely: OBJCFLAGS, OBJCXXFLAGS, GCJFLAGS, FFLAGS and
> > FCFLAGS. As I think all those should produce DWARF debugging symbols,
> > they would benefit from the option.
> 
> Ah, OK.  That sounds reasonable to me but i haven't tested any of them.
> Do you want me to propose a patch, or are you OK taking it from here?

I can easily add the missing flags, no problem there. I think because
all these flags are used with gcc frontends they all accept the option
but something I'd find useful is if someone could try it out. I myself
confirmed with the gfortran compiler. If no one else does I guess I'll
do it myself eventually.

Thanks,
Guillem

Message #70 received at 819194@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Cc: 819194@bugs.debian.org, Guillem Jover <guillem@debian.org>, reproducible-builds@lists.alioth.debian.org

Subject: Re: Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Date: Wed, 30 Mar 2016 10:16:51 -0400

[Message part 1 (text/plain, inline)]

Hi,

On Wed, Mar 30, 2016 at 02:19:02AM -0400, Daniel Kahn Gillmor wrote:
> No one is arguing for dropping the build path from .buildinfo files.

ok, cool. Thanks (to you both) for clarifying!

 
-- 
cheers,
	Holger

[signature.asc (application/pgp-signature, inline)]

Message #73 received at 819194-submitter@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: 819194-submitter@bugs.debian.org

Subject: Bug#819194 in package dpkg marked as pending

Date: Mon, 02 May 2016 03:32:49 +0000

Control: tag 819194 pending

Hi!

Bug #819194 in package dpkg reported by you has been fixed in
the dpkg/dpkg.git Git repository. You can see the changelog below, and
you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/dpkg/dpkg.git/diff/?id=eb58be2

---
commit eb58be2f272cf619971d66e40d368111ac0d3dbc
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Thu Mar 24 13:19:28 2016 -0400

    Dpkg::Vendor::Debian: Add fixdebugpath to reproducible feature
    
    This feature normalizes the path stored in debug symbols, so that
    these symbols can be built reproducibly regardless of the location
    of the build in the larger filesystem.
    
    It defaults to off, but should be enabled by systems trying to
    generate reproducible packages.
    
    [guillem@debian.org:
     - Add additional build flags.
     - Rename feature name.
     - Import Cwd module with require instead of use. ]
    
    Closes: #819194
    Signed-off-by: Guillem Jover <guillem@debian.org>

diff --git a/debian/changelog b/debian/changelog
index 5a26207..22c5744 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -119,6 +119,8 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
       version 1.0 non-native source packages.
     - Include upstream orig tarball signatures in source packages.
       See #759478.
+    - Add fixdebugpath to reproducible feature in Dpkg::Vendor::Debian.
+      Thanks to Daniel Kahn Gillmor <dkg@fifthhorseman.net>. Closes: #819194
   * Build system:
     - Fix building development documentation.
     - Remove unused UA_LIBS variable.

Message #80 received at 819194-close@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: 819194-close@bugs.debian.org

Subject: Bug#819194: fixed in dpkg 1.18.5

Date: Mon, 02 May 2016 04:19:41 +0000

Source: dpkg
Source-Version: 1.18.5

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 819194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 May 2016 04:14:57 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.18.5
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 719845 780906 784806 784808 795163 804624 807340 809174 809219 809517 809963 810720 811037 811267 812679 813179 819194 819939 819940 821025 822797 822798
Changes:
 dpkg (1.18.5) unstable; urgency=medium
 .
   [ Guillem Jover ]
   * Print correct integer parse error for short-only command-line options.
     This affects «dpkg-deb -z». Closes: #809174
   * Do not abort when traversing symlinks to directories in dpkg-scanpackages
     and dpkg-scansources. Closes: #809219
   * Implement delete operator with size argument in dselect, required by the
     C++14 spec when the size-less delete operator is defined.
   * Use EACCES instead of EWOULDBLOCK for fcntl(2) F_SETLK in dselect.
   * Print the archive filename when dpkg cannot access it.
   * Check that all passed archive filenames to dpkg exist before queuing them.
     Closes: #809963
   * Use ohshit() instead of internerr() for unhandled dpkg-split exit codes.
     (i.e. do not abort). Closes: #812679
   * Detect non-regular file archive arguments earlier in dpkg.
   * Switch URLs in docs, code comments and packaging, from http:// or git://
     to https:// if the latter is available (round three). This includes the
     dpkg git repository, copyright format URL and examples in man pages among
     others.
   * Clarify where to find the GPL-2 license in debian/copyright.
   * Do not enable stack-protector on nios2 in Debian and derivatives (it is
     not supported by gcc yet).
   * Check first for build type to short-circuit boolean expressions in
     dpkg-genchanges.
   * Add source format backend-specific --help options support to dpkg-source.
   * Add MIPS R6 architectures to arch tables. Closes: #807340
     Thanks to YunQiang Su <wzssyqa@gmail.com>.
   * Fix memory leak when unpacking conffiles.
   * Use fixed string matching for pathnames in dpkg-maintscript-helper.
     Thanks to Carsten Hey <carsten@debian.org>.
   * Quote shell variables in dpkg-maintscript-helper.
     Thanks to Carsten Hey <carsten@debian.org>.
   * Anchor pathnames in sed and grep regexes in dpkg-maintscript-helper.
     Thanks to Carsten Hey <carsten@debian.org>.
   * Allow broken versions starting with a dash in dpkg-maintscript-helper.
     Thanks to Carsten Hey <carsten@debian.org>.
   * Add a new treewalk module in libdpkg, with the nice properties of avoiding
     duplicate stat(2) calls, not calling find(1), and sorting the output w/o
     stalling on the entire input being slurped and sorted.
     - Use it to build the .deb data member in dpkg-deb.
     - Use it to build the .deb control member in dpkg-deb.
     Closes: #719845
     - Use it with dpkg --recursive option.
   * Unify start-stop-daemon --help output with the rest of the tools.
   * Search for debsig-verify in PATH instead of using an absolute path.
   * Do not error out when failing to open the SE label db on permissive mode.
     Closes: #811037
   * Rewrite the trigger deferred file parser from flex to manual. The format
     is very simple, and a simple hand-written parser is smaller and avoids a
     build dependency.
   * Be more strict when parsing the COLUMNS environment variable in dpkg-query.
   * Make the Architecture field mandatory on package builds.
   * Use new Dpkg::Arch functions to validate and parse architectures when
     building source packages. Closes: #784808
   * Do safe matching of directories containing conffiles in
     dpkg-maintscript-helper, instead of using a variable pathname as a regex
     with grep, which is susceptible to metacharacters acting as part of the
     regex. Proposed by Carsten Hey <carsten@debian.org>.
   * Decouple local keyword declaration from command assignment in
     dpkg-maintscript-helper, which masks the command return value when
     using «set -e».
   * Make dpkg pass <new-version> to maintscript actions that cannot get it
     otherwise. These actions are now:
     - <new-postrm> failed-upgrade <old-version> <new-version>
     - <new-postrm> abort-install <old-version> <new-version>
     - <new-postrm> abort-upgrade <old-version> <new-version>
     - <new-preinst> install <old-version> <new-version>
     - <new-preinst> upgrade <old-version> <new-version>
     - <new-prerm> failed-upgrade <old-version> <new-version>
     Prompted by Andrey Utkin <andrey.krieger.utkin@gmail.com>.
   * Promote a print to a warning for missing control files in dpkg-deb.
   * Use info() instead of print in dpkg-buildpackage and dpkg-genchanges.
   * Add very basic color support to all dpkg namespaced programs, enabled by
     setting the environment variable DPKG_COLORS to “auto”, “always” or
     “never”, the latter being the default.
   * Add support for a new --build option to define build type by a
     comma-separated list of components (“source”, “any”, “all”, “binary” or
     “full”) in dpkg-genchanges and dpkg-buildpackage.
   * Add new -I option to dpkg-shlibdeps to ignore package build directories.
     Closes: #821025
   * Add new -O option to dpkg-genchanges.
   * Make dpkg export variable DPKG_ROOT in maintainer scripts. Closes: #804624
     Thanks to Helmut Grohne <helmut@subdivi.de>.
   * Add new --force-script-chrootless option to dpkg.
     Thanks to Helmut Grohne <helmut@subdivi.de>.
   * Portability:
     - Move DPKG_ADMINDIR environment variable name out from update-alternatives
       code, to make life easier for non-dpkg-based systems.
     - Move alternatives temporary extension out from update-alternatives code,
       to make life easier for non-dpkg-based systems.
     - Switch start-stop-daemon on */kFreeBSD to use the low-level sysctl(3)
       interface instead of libkvm-dev.
   * Perl modules:
     - Add new CTRL_REPO_RELEASE control block type to Dpkg::Control.
     - Add new CTRL_COPYRIGHT_HEADER, CTRL_COPYRIGHT_FILES and
       CTRL_COPYRIGHT_LICENSE control block types to Dpkg::Control.
     - Make patching a file multiple times fatal for the first quilt patch in
       Dpkg::Source. Reported by Apollon Oikonomopoulos <apoikos@debian.org>.
       Closes: #810720
     - Only warn once when a diff patches a file multiple times in
       Dpkg::Source::Patch, and fix the warning message to make it clear that
       the diff might be patching the file more than once, not just twice.
     - Check existence of search criteria in Dpkg::Index when checking with a
       regex or a string match. Closes: #780906
       Base on a patch by Daniel Dehennin <daniel.dehennin@baby-gnu.org>.
     - Add new functions to validate and parse architecture names in Dpkg::Arch.
     - Make the dependency parser more strict in Dpkg::Deps. Closes: #784806
     - Add strong digest marking support to Dpkg::Checksums.
     - Error out on source packages without any strong digests in
       Dpkg::Source::Package, used by dpkg-source --extract, which can still
       be disabled with --no-check.
     - Switch Dpkg::Conf implementation to be hash based, add two new accessors
       and a new option to the filter method to use the old behavior.
     - Do not parse entry multiple times in Dpkg::Changelog::Entry::Debian.
       Add new parse_header() and parse_trailer() methods, and deprecate
       check_header() and check_trailer() ones.
     - Use “GnuPG” instead of “gpg” in error messages to refer to the software
       in Dpkg::Source::Package.
     - Handle undef versions in Dpkg::Changelog from empty versions in
       changelog entry header lines.
     - Allow detached upstream orig tarball signatures when extracting
       version 1.0 non-native source packages.
     - Include upstream orig tarball signatures in source packages.
       See #759478.
     - Add fixdebugpath to reproducible feature in Dpkg::Vendor::Debian.
       Thanks to Daniel Kahn Gillmor <dkg@fifthhorseman.net>. Closes: #819194
   * Build system:
     - Fix building development documentation.
     - Remove unused UA_LIBS variable.
     - Split libps and libkvm detection into their own macros and variables.
     - Make it possible to build without system libmd.
     - Add a configuration summary to configure output.
     - Make git log invocation immune to local configuration.
     - Do not require passing the perl interpreter to run-script.
     - Quote dirname argument in run-script, to handle spaces in pathname.
       Reported by Carsten Hey <carsten@debian.org>.
     - Use a single po4a opt argument instead of the same per language.
   * Packaging:
     - Enable all hardening flags, starting with gcc-5 there is no performance
       loss anymore when enabling PIE on i386.
   * Test suite:
     - Add a unit test to compile perl code with warnings.
     - Add a unit test for the trigger deferred parser.
   * Documentation:
     - Say value instead of option in deb-control(5).
     - Mark debian changelog format in bold in dpkg-parsechangelog(1).
     - Add references to man pages describing file formats.
     - Document missing Install-Size, Built-For-Profiles and Build-Profiles
       fields in man pages.
     - Add new dsc(5), deb-changelog(5) and deb-changes(5) man pages.
     - Remove Debian specific policy references.
     - Remove superfluous SEE ALSO references from dpkg-source(1).
     - Fix --remove and --purge summary formatting in dpkg(1).
     - Move --audit description just after --verify in dpkg(1).
     - Mark Maintainer field as bold in deb-src-control(5).
     - Fix reference to --record-avail instead of nonexistent --avail.
     - Add missing quotes in man pages.
     - Document Source field version in deb-control(5).
     - Add new deb822(5) man page.
     - Document and improve C/C++ programs exit codes in man pages.
     - Clarify dpkg --path-exclude/--path-include pathname filter behavior.
       Closes: #811267
     - Clarify that packages are only automatically forgotten by dpkg if they
       contain no user data, such as package selections. Closes: #813179
     - Fix documentation for package flags in dpkg(1).
     - Clarify that deb-symbols(5) documents the binary format subset, and
       the template symbol files are described in dpkg-gensymbols(1).
       Closes: #795163
     - Update field requirements of control file formats to match dpkg reality.
     - Document the format of the origins filename in deb-origin(5).
     - Add list of flags set by bug feature area to dpkg-buildflags(1).
     - Switch output encoding of man pages to UTF-8.
     - Move SEE ALSO section to the end of Dpkg::Changelog::Debian.
     - Clarify that i386 does not suffer performance loss due to PIE anymore
       since gcc >= 5 in dpkg-buildflags(1).
     - Document in deb822(5) that deb-origin(5) also supports comments.
     - Clarify which characters constitute the deb822(5) control files syntax
       by using Unicode code points and their printable characters.
       Based on a patch by Ben Finney <ben@benfinney.id.au>.
     - Remove wrong mention that deb-control(5) support comments.
     - Make explicit that deb-control(5) documents the binary control file.
     - Add missing value for Standards-Version field in dsc(5).
       Reported by Helge Kreutzmann <debian@helgefjell.de>.
 .
   [ Updated programs translations ]
   * Dutch (Frans Spiesschaert). Closes: #822797
   * German (Sven Joachim).
   * Japanese (Takuma Yamada). Closes: #819939
   * Portuguese (Miguel Figueiredo).
   * Simplified Chinese (Zhou Mo). Closes: #809517
   * Vietnamese (Trần Ngọc Quân).
 .
   [ Updated dselect translations ]
   * Japanese (Takuma Yamada). Closes: #819940
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
 .
   [ New manpages translations ]
   * Dutch (Frans Spiesschaert). Closes: #822798
 .
   [ Updated manpages translations ]
   * German (Helge Kreutzmann).
Checksums-Sha1:
 260978c36020a0cf3ea5a3e6ef2d56e6943d10eb 2026 dpkg_1.18.5.dsc
 706adb4b7bdbd195d71d0fc1f9864434b6e869f0 4616552 dpkg_1.18.5.tar.xz
Checksums-Sha256:
 3545dff3478c04ddc4c90901df48df81c9b72872f81d5fb36c45dce1a7d442d9 2026 dpkg_1.18.5.dsc
 074e6a66a1e7a4b14ec3aa1d198be565acff3e067595fd42bb4dec4d14468b07 4616552 dpkg_1.18.5.tar.xz
Files:
 5b2f82bd2cef925f99850703dea57630 2026 admin required dpkg_1.18.5.dsc
 43370c852daf8bcdcdfcc34b5dde22f1 4616552 admin required dpkg_1.18.5.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJXJslWAAoJELlyvz6krlejMeAQAJoUKwWdMX2YWQpU93CE08vn
BZ3Xl9TcT3vK1az1nrQFMFs0Boxe43c0W7lMdyIYqrc+CbgDNkPBZCnRxO8R+xOa
ue7h6d3EIcGtq+qe8iP2RidnQwfNldzZfb0WmV/lmpECn4FL0xAbnF4+euCQjrsR
WvP7HFNWpcLGwrNM7t4ATbkFSKqCgRQS5yy9bA4b6nFavjXq4Y4FyhsQwu9e3u37
8a4ulasK0CSkJofQ/U7crgpjzHLXjciFcrWfC4Mx9c2dgbvOcvCF5dbjam+1/rsl
gDhNXEG35tlbXtCeDBu/qefontrK6ZS7l2sEmWoNVoZYtdewjJQzZuhtabTcJRo8
nTnJ8mD3oZVNaeKP+csQz1cMAC289hmleX8A0A8vts4fH+HfFZ6/mZf3gbsEc062
VfXXIl9bsPVneljcR2g0PUaPYzHArVfzKywt4ZeEcJgUso/GqySQiA7Fh9xl7BOL
AkKTpNhtM0Tl/nFOIbX1zShCPKcNSEx9YpkzxWFHvLCT9GNWx0eAZHJrw9w7O3lj
tHAAxdxC0vjOpk2Pv0J4t42JCNr0xjrzNdZn7g8tkahYRgGMbHrGDiIH7UmJTDuJ
OYsEB75cSc1QwdqtdtRYYmOxAGVjrfYF1q/DWO7wOmWDGu1Nti/PUkYacG9gEP6z
+jFM/DTpf7Bv7hwRTQyq
=L/BK
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.