Debian Bug report logs - #827315
sbuild: Does not work with gnupg 2.x installed in the chroot

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: sbuild: Does not work with gnupg 2.x installed in the chroot

Date: Tue, 14 Jun 2016 23:42:45 +0200

Source: sbuild
Version: 0.69.0-2
Severity: normal

Hello!

I recently accidentally upgraded gnupg in my experimental chroots to
version 2.x. This upgrade rendered the chroots unusable with sbuild,
attempting to build a package will fail with the following error:

gpg: /«BUILDDIR»/resolver-X436Nh/gpg/trustdb.gpg: trustdb created
gpg: Warning: not using 'Sbuild Signer' as default key: No secret key
gpg: all values passed to '--default-key' ignored
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
Failed to sign dummy archive Release file.

Downgrading gnupg to 1.4.x resolves the problem again.

We have had a discussion on IRC over this issue recently and josch
asked me to file a bug report so this issue can be addressed in the
future, in case gnupg 2.x becomes default at some point.

Cheers,
Adrian

--
 .''`.  John Paul Adrian Glaubitz
 : :' :  Debian Developer - glaubitz@debian.org
 `. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Message #10 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>, 827315@bugs.debian.org

Subject: Re: [buildd-tools-devel] Bug#827315: sbuild: Does not work with gnupg 2.x installed in the chroot

Date: Wed, 15 Jun 2016 18:07:32 +0200

[Message part 1 (text/plain, inline)]

Hi,

Quoting John Paul Adrian Glaubitz (2016-06-14 23:42:45)
> I recently accidentally upgraded gnupg in my experimental chroots to
> version 2.x. This upgrade rendered the chroots unusable with sbuild,
> attempting to build a package will fail with the following error:
> 
> gpg: /«BUILDDIR»/resolver-X436Nh/gpg/trustdb.gpg: trustdb created
> gpg: Warning: not using 'Sbuild Signer' as default key: No secret key
> gpg: all values passed to '--default-key' ignored
> gpg: no default secret key: No secret key
> gpg: signing failed: No secret key
> Failed to sign dummy archive Release file.
> 
> Downgrading gnupg to 1.4.x resolves the problem again.

thanks a lot for reporting this! I can now reproduce this outside of sbuild in
the following way.

In a Debian unstable chroot with gnupg 1.4.20-6 I set up a new keypair and
$GNUPGHOME by issuing the following commands:

	$ export GNUPGHOME=/tmp/gpg
	$ mkdir /tmp/apt_archive
	$ mkdir --mode=0700 /tmp/gpg
	$ cat > /tmp/gpgbatch <<EOF
	> Key-Type: RSA
	> Key-Length: 1024
	> Name-Real: Sbuild Signer
	> Name-Comment: Sbuild Build Dependency Archive Key
	> Name-Email: buildd-tools-devel@lists.alioth.debian.org
	> Expire-Date: 0
	> %secring /tmp/apt_archive/sbuild-key.sec
	> %pubring /tmp/apt_archive/sbuild-key.pub
	> %commit
	> EOF
	$ gpg --no-options --no-default-keyring --batch --gen-key /tmp/gpgbatch

I then copy /tmp/gpg and /tmp/apt_archive to a Debian unstable chroot with
experimental enabled and the gnupg package upgraded to version 2.1.12-1. I
create a dummy Release file in /tmp/apt_archive/Release and then run:

	$ gpg --yes --no-default-keyring --homedir /tmp/gpg \
	    --secret-keyring /tmp/apt_archive/sbuild-key.sec \
	    --keyring /tmp/apt_archive/sbuild-key.pub \
	    --default-key 'Sbuild Signer' -abs --digest-algo SHA512 \
	    -o /tmp/apt_archive/Release.gpg /tmp/apt_archive/Release

This results in:

	gpg: starting migration from earlier GnuPG versions
	gpg: porting secret keys from '/tmp/gpg/secring.gpg' to gpg-agent
	gpg: migration succeeded
	gpg: /tmp/gpg/trustdb.gpg: trustdb created
	gpg: Warning: not using 'Sbuild Signer' as default key: No secret key
	gpg: all values passed to '--default-key' ignored
	gpg: no default secret key: No secret key
	gpg: signing failed: No secret key

Thanks to Daniel Kahn Gillmor in #debian-gnupg, a solution that would solve
this problem and at the same time that keys generated with gnupg 2.1.12-1
outside the chroot are not compatible with 1.4.20-6 (or earlier) inside the
chroot would be to always use gpg --export, gpg --export-secret-keys, and gpg
--import.

I'll work on a fix which lets sbuild-update generate plain keys using the above
method and store it in /var/lib/sbuild/apt-keys under a different file name.
Then sbuild can do the right thing depending on which keys it finds in that
directory while still being compatible with the old keys.

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: 827315@bugs.debian.org

Subject: Now more generally applicable

Date: Mon, 15 Aug 2016 13:08:45 +0100

Control: severity -1 important

Hi,

This is now more urgent as gnupg2 is now the default in sid (since
2.1.14-5 on Friday). Any news on a fix?

Cheers,
Dominic.

Message #24 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Hilko Bengen <bengen@debian.org>

To: 827315@bugs.debian.org

Subject: Workaround

Date: Mon, 15 Aug 2016 21:33:08 +0200

I worked around this issue by putting the following into
/etc/apt/preferences.d/gnupg inside the chroot:

Package: gnupg
Pin: version 2.*
Pin-Priority: -100

... and downgrading to the version from stretch (1.4.20-6).

Cheers,
-Hilko

Message #29 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: 827315@bugs.debian.org

Cc: bengen@debian.org, dom@earth.li, glaubitz@physik.fu-berlin.de

Subject: Re: Workaround

Date: Mon, 15 Aug 2016 23:20:07 +0200

[Message part 1 (text/plain, inline)]

Control: tag -1 + moreinfo - pending

Hi,

I must've forgotten to close this bug with the latest upload. Gnupg2 support
should've been introduced with sbuild version 0.70.0. Unless somebody tells me
that they experience the issue reported here with that version, I will close
this bug.

On Mon, 15 Aug 2016 21:33:08 +0200 Hilko Bengen <bengen@debian.org> wrote:
> I worked around this issue by putting the following into
> /etc/apt/preferences.d/gnupg inside the chroot:
> 
> Package: gnupg
> Pin: version 2.*
> Pin-Priority: -100
> 
> ... and downgrading to the version from stretch (1.4.20-6).

are you building source packages for Debian squeeze?

If not, then just don't sign the internal dummy repository. In that case, gnupg
will not be required anymore at all. You disable signing by removing the
private dummy signing keys from your host:

sudo rm -rf /var/lib/sbuild/apt-keys

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #38 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

To: 827315@bugs.debian.org

Subject: Re: Workaround

Date: Mon, 15 Aug 2016 23:56:23 +0200

[Message part 1 (text/plain, inline)]

Johannes Schauer wrote...

> I must've forgotten to close this bug with the latest upload. Gnupg2 support
> should've been introduced with sbuild version 0.70.0. Unless somebody tells me
> that they experience the issue reported here with that version, I will close
> this bug.

FWIW: Using a private jessie backport of sbuild - my build host is on
stable - makes a build in a sid chroot pass again, after removing the
files in /var/lib/sbuild/apt-keys/

> are you building source packages for Debian squeeze?

As squeeze is gone for a while, hopefully nobody does. Actually,
people do but IMHO they may not expect an environment more than six
years from the past is still supported.

    Christoph

[signature.asc (application/pgp-signature, inline)]

Message #43 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: Johannes Schauer <josch@debian.org>

Cc: 827315@bugs.debian.org, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Workaround

Date: Mon, 15 Aug 2016 23:47:58 +0100

On Mon, Aug 15, 2016 at 11:20:07PM +0200, Johannes Schauer wrote:
> Control: tag -1 + moreinfo - pending
> 
> Hi,
> 
> I must've forgotten to close this bug with the latest upload. Gnupg2 support
> should've been introduced with sbuild version 0.70.0. Unless somebody tells me
> that they experience the issue reported here with that version, I will close
> this bug.

Ah, I took the status of the bug at its word and didn't think to check
for more recent versions of sbuild. Sorry about that. Of course, the
workaround will still be needed on jessie, unless there are plans
to release an update for s-p-u?

> are you building source packages for Debian squeeze?
> 
> If not, then just don't sign the internal dummy repository. In that case, gnupg
> will not be required anymore at all. You disable signing by removing the
> private dummy signing keys from your host:
> 
> sudo rm -rf /var/lib/sbuild/apt-keys

Thanks for the useful tips!

Dominic.

Message #48 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: Dominic Hargreaves <dom@earth.li>,

Cc: 827315@bugs.debian.org, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Workaround

Date: Tue, 16 Aug 2016 05:54:23 +0200

[Message part 1 (text/plain, inline)]

Hi,

Quoting Dominic Hargreaves (2016-08-16 00:47:58)
> Ah, I took the status of the bug at its word and didn't think to check for
> more recent versions of sbuild. Sorry about that.

so it works for you with 0.70.0?

> Of course, the workaround will still be needed on jessie, unless there are
> plans to release an update for s-p-u?

There are no plans yet. Are there any users that want to build for squeeze
*and* current unstable at the same time?

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #53 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Johannes Schauer <josch@debian.org>, 827315@bugs.debian.org

Cc: Dominic Hargreaves <dom@earth.li>, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Bug#827315: Workaround

Date: Tue, 16 Aug 2016 07:06:39 +0200

Hi Johannes,

On Tue, Aug 16, 2016 at 05:54:23AM +0200, Johannes Schauer wrote:
> Hi,
> 
> Quoting Dominic Hargreaves (2016-08-16 00:47:58)
> > Ah, I took the status of the bug at its word and didn't think to check for
> > more recent versions of sbuild. Sorry about that.
> 
> so it works for you with 0.70.0?
> 
> > Of course, the workaround will still be needed on jessie, unless there are
> > plans to release an update for s-p-u?
> 
> There are no plans yet. Are there any users that want to build for squeeze
> *and* current unstable at the same time?

Not sure if that's relevant here and if the buildd's are using the
stable version as well. My usual build host run's on stable, with
sbuild from there, and I build regularly for both jessie and unstable
packages. So an update via s-p-u will be much appreciated to not have
to use any workaround.

Regards,
Salvatore

Message #58 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 827315@bugs.debian.org

Cc: "Dominic Hargreaves" <dom@earth.li>, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Bug#827315: Workaround

Date: Tue, 16 Aug 2016 07:10:20 +0200

[Message part 1 (text/plain, inline)]

Hi,

Quoting Salvatore Bonaccorso (2016-08-16 07:06:39)
> Not sure if that's relevant here and if the buildd's are using the stable
> version as well. My usual build host run's on stable, with sbuild from there,
> and I build regularly for both jessie and unstable packages. So an update via
> s-p-u will be much appreciated to not have to use any workaround.

the GPG functionality is only still in sbuild to support squeeze.

I would rather call anything that is necessary to require an unsupported
oldoldstable release of Debian to be a "workaround".

I plan to completely remove the GPG functionality after Stretch is released.

I will not stop anybody from making a backport of 0.70.0 to stable.

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #63 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Hilko Bengen <bengen@debian.org>

To: Johannes Schauer <josch@debian.org>

Cc: 827315@bugs.debian.org, dom@earth.li, glaubitz@physik.fu-berlin.de

Subject: Re: Workaround

Date: Tue, 16 Aug 2016 09:43:09 +0200

* Johannes Schauer:

> On Mon, 15 Aug 2016 21:33:08 +0200 Hilko Bengen <bengen@debian.org> wrote:
>> I worked around this issue by putting the following into
>> /etc/apt/preferences.d/gnupg inside the chroot:
>> 
>> Package: gnupg
>> Pin: version 2.*
>> Pin-Priority: -100
>> 
>> ... and downgrading to the version from stretch (1.4.20-6).
>
> are you building source packages for Debian squeeze?

No. :-)

> If not, then just don't sign the internal dummy repository. In that case, gnupg
> will not be required anymore at all. You disable signing by removing the
> private dummy signing keys from your host:
>
> sudo rm -rf /var/lib/sbuild/apt-keys

I found that this does not work with sbuild 0.65.2-1 (as shipped with
jessie), but 0.68.0-1~bpo8+1 from jessie-backports is fine. Thank you
for the advice.

Cheers,
-Hilko

Message #68 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: Johannes Schauer <josch@debian.org>

Cc: 827315@bugs.debian.org, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Workaround

Date: Tue, 16 Aug 2016 11:09:02 +0100

On Tue, Aug 16, 2016 at 05:54:23AM +0200, Johannes Schauer wrote:
> Hi,
> 
> Quoting Dominic Hargreaves (2016-08-16 00:47:58)
> > Ah, I took the status of the bug at its word and didn't think to check for
> > more recent versions of sbuild. Sorry about that.
> 
> so it works for you with 0.70.0?

Yes, sorry for missing that part out in my reply. I needed to follow
the instructions to upgrade the GPG keys on the host side.

> > Of course, the workaround will still be needed on jessie, unless there are
> > plans to release an update for s-p-u?
> 
> There are no plans yet. Are there any users that want to build for squeeze
> *and* current unstable at the same time?

Probably not.

However, as has been subsequently pointed out, the workaround
(removing /var/lib/sbuild/apt-keys) doesn't work with a jessie sbuild:

E: Local archive GPG signing key not found
I: Please generate a key with 'sbuild-update --keygen'
I: Note that on machines with scarce entropy, you may wish to generate the key with this command on another machine and copy the public and private keypair to '/var/lib/sbuild/apt-keys/sbuild-key.pub' and '/var/lib/sbuild/apt-keys/sbuild-key.sec'
Failed to generate archive keys.

so it appears that we do need an update for jessie one way or another?

Cheers,
Dominic.

Message #73 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: Dominic Hargreaves <dom@earth.li>,

Cc: 827315@bugs.debian.org, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Workaround

Date: Tue, 16 Aug 2016 12:13:58 +0200

[Message part 1 (text/plain, inline)]

Hi,

Quoting Dominic Hargreaves (2016-08-16 12:09:02)
> However, as has been subsequently pointed out, the workaround (removing
> /var/lib/sbuild/apt-keys) doesn't work with a jessie sbuild:
> 
> E: Local archive GPG signing key not found
> I: Please generate a key with 'sbuild-update --keygen'
> I: Note that on machines with scarce entropy, you may wish to generate the key with this command on another machine and copy the public and private keypair to '/var/lib/sbuild/apt-keys/sbuild-key.pub' and '/var/lib/sbuild/apt-keys/sbuild-key.sec'
> Failed to generate archive keys.
> 
> so it appears that we do need an update for jessie one way or another?

if you want to build for unstable on Jessie, then just install the sbuild
version from backports. That one is recent enough.

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #82 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Johannes Schauer <josch@debian.org>, 827315@bugs.debian.org

Cc: Dominic Hargreaves <dom@earth.li>, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Bug#827315: Workaround

Date: Tue, 16 Aug 2016 13:22:39 +0200

Hi,

On Tue, Aug 16, 2016 at 12:13:58PM +0200, Johannes Schauer wrote:
> Hi,
> 
> Quoting Dominic Hargreaves (2016-08-16 12:09:02)
> > However, as has been subsequently pointed out, the workaround (removing
> > /var/lib/sbuild/apt-keys) doesn't work with a jessie sbuild:
> > 
> > E: Local archive GPG signing key not found
> > I: Please generate a key with 'sbuild-update --keygen'
> > I: Note that on machines with scarce entropy, you may wish to generate the key with this command on another machine and copy the public and private keypair to '/var/lib/sbuild/apt-keys/sbuild-key.pub' and '/var/lib/sbuild/apt-keys/sbuild-key.sec'
> > Failed to generate archive keys.
> > 
> > so it appears that we do need an update for jessie one way or another?
> 
> if you want to build for unstable on Jessie, then just install the sbuild
> version from backports. That one is recent enough.

But I (note: personal view!) don't think it would be a good practice
to force users to use backports. It is naturally that e.g. buildds are
running on stable, with packages from stable and they then build as
well for unstable. Currently the buildds have installed:

sbuild (Debian sbuild) 0.65.2 (24 Mar 2015) on binet.debian.org

https://buildd.debian.org/status/fetch.php?pkg=linux&arch=amd64&ver=4.6.4-1&stamp=1468929143
https://buildd.debian.org/status/fetch.php?pkg=mutt&arch=amd64&ver=1.6.2-2&stamp=1471193283

to take examples from amd64 buildds. So in Debian we need to be able
to build unstable on the buildds on a stable running system.

It is the same in my case, my build host is running stable, but I
build there both unstable and jessie (and when it was still supported
even for wheezy).

Hope this clarifies,

Regards,
Salvatore

Message #87 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 827315@bugs.debian.org

Cc: "Dominic Hargreaves" <dom@earth.li>, bengen@debian.org, glaubitz@physik.fu-berlin.de

Subject: Re: Bug#827315: Workaround

Date: Tue, 16 Aug 2016 14:25:37 +0200

[Message part 1 (text/plain, inline)]

Hi,

Quoting Salvatore Bonaccorso (2016-08-16 13:22:39)
> But I (note: personal view!) don't think it would be a good practice to force
> users to use backports. It is naturally that e.g. buildds are running on
> stable, with packages from stable and they then build as well for unstable.
> Currently the buildds have installed:
> 
> sbuild (Debian sbuild) 0.65.2 (24 Mar 2015) on binet.debian.org
> 
> https://buildd.debian.org/status/fetch.php?pkg=linux&arch=amd64&ver=4.6.4-1&stamp=1468929143
> https://buildd.debian.org/status/fetch.php?pkg=mutt&arch=amd64&ver=1.6.2-2&stamp=1471193283
> 
> to take examples from amd64 buildds.

the buildds are running a fork of sbuild. Buildd maintainers add patches to
their fork as is required. They are not using the stock sbuild that comes with
Debian stable.

> So in Debian we need to be able to build unstable on the buildds on a stable
> running system.

You might have noticed that despite this bug, buildds kept on churning with
their "old" version.

> It is the same in my case, my build host is running stable, but I build there
> both unstable and jessie (and when it was still supported even for wheezy).

If you want to include sbuild in a point release, I'm not stopping you from
discussing this option with the release team.

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #92 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: 827315@bugs.debian.org

Subject: any options for stable?

Date: Thu, 18 Aug 2016 22:31:49 +0100

Hi,

I need to build packages on my stable box (for unstable uploads); is 
there a workaround / fixed package? It's making building uploads a PITA...

Regards,

Matthew

Message #97 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: Matthew Vernon <matthew@debian.org>, 827315@bugs.debian.org

Subject: Re: [buildd-tools-devel] Bug#827315: any options for stable?

Date: Fri, 19 Aug 2016 06:32:22 +0200

[Message part 1 (text/plain, inline)]

Hi,

Quoting Matthew Vernon (2016-08-18 23:31:49)
> I need to build packages on my stable box (for unstable uploads); is there a
> workaround / fixed package? It's making building uploads a PITA...

yes, grab sbuild from backports.

Thanks!

cheers, josch

[signature.asc (application/pgp-signature, inline)]

Message #102 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: Johannes Schauer <josch@debian.org>, 827315@bugs.debian.org

Subject: Re: [buildd-tools-devel] Bug#827315: any options for stable?

Date: Fri, 19 Aug 2016 08:00:35 +0100

Hi,

On 19/08/16 05:32, Johannes Schauer wrote:

> Quoting Matthew Vernon (2016-08-18 23:31:49)
>> I need to build packages on my stable box (for unstable uploads); is there a
>> workaround / fixed package? It's making building uploads a PITA...
>
> yes, grab sbuild from backports.

That depends on libsbuild-perl, which in turn depends on libio-zlib-perl 
which doesn't seem to exist in jessie or jessie-backports ? [in stretch 
its provided by perl-modules-5.22]

https://packages.debian.org/jessie-backports/libsbuild-perl

Sorry if I'm missing something really obvious here...

Regards,

Matthew

Message #107 received at 827315@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: Johannes Schauer <josch@debian.org>, 827315@bugs.debian.org

Subject: Re: [buildd-tools-devel] Bug#827315: any options for stable?

Date: Fri, 19 Aug 2016 08:29:01 +0100

On 19/08/16 08:00, Matthew Vernon wrote:

> Sorry if I'm missing something really obvious here...

I was, it seems. Sorry for the noise.

Regards,

Matthew

Message #114 received at 827315-close@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>

To: 827315-close@bugs.debian.org

Subject: Bug#827315: fixed in sbuild 0.71.0-1

Date: Wed, 24 Aug 2016 11:50:31 +0000

Source: sbuild
Source-Version: 0.71.0-1

We believe that the bug you reported is fixed in the latest version of
sbuild, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827315@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Johannes Schauer <josch@debian.org> (supplier of updated sbuild package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 24 Aug 2016 13:42:26 +0200
Source: sbuild
Binary: libsbuild-perl sbuild buildd
Architecture: source
Version: 0.71.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>
Changed-By: Johannes Schauer <josch@debian.org>
Description:
 buildd     - Daemon for automatically building Debian binary packages from Deb
 libsbuild-perl - Tool for building Debian binary packages from Debian sources
 sbuild     - Tool for building Debian binary packages from Debian sources
Closes: 827315 833285 833286 833390 833547 833549 833552 834330 834497 834515 834704 834898
Changes:
 sbuild (0.71.0-1) unstable; urgency=medium
 .
   * add autopkgtest to Suggests
   * Undo exporting private keys in armored ASCII format as introduced by the
     last release. It turns out, that this is not necessary to support gpg
     cross-version compatibility. This should fix problems with gpg 2.x as well
     as chroots not having gpg installed as apt stopped depending on it.
     (closes: #827315, #834898)
   * Undo the SUITE-VARIANT syntax of sbuild-createchroot as introduced by the
     last release. It turns out that overloading the suite name argument with a
     variant name was a bad idea because there exist distributions with a minus
     in its name. Variant names can now be specified using the --chroot-prefix
     option which works analogous to the --chroot-suffix option. (closes:
     #834515)
   * Add percent escape support to piuparts, autopkgtest and adt-virt options.
     (closes: #833285, #833286)
   * Add sbuild-destroychroot.
   * Allow running autopkgtest when sbuild downloads the .dsc (closes: #833549)
   * Run apt-cache without --only-source (closes: #834704)
   * Avoid dropping extra repositories before using them (closes: #834497)
   * lib/Sbuild/ResolverBase.pm: Fix copypaste error s/public/private/ (closes:
     #834330)
   * lib/Sbuild/ChrootSetup.pm: don't prompt the user during --keygen (closes:
     #833547)
   * Add an option to not prefix piuparts and autopkgtest with anything at all
     (closes: #833390)
   * lib/Sbuild/Build.pm: add red/green coloring to log when piuparts or
     autopkgtest succeed/fail (closes: #833552)
Checksums-Sha1:
 036f44a4263a0ffe0cd0a3b417885e6c2e49aa85 2359 sbuild_0.71.0-1.dsc
 3fd94b836f2726199cbb8fbb54e3d5ba91f88b3e 635520 sbuild_0.71.0.orig.tar.gz
 f9272abf45192982e1f9b27bd0644129f7e06733 54760 sbuild_0.71.0-1.debian.tar.xz
Checksums-Sha256:
 6636eec05e39646abca30e33012339630efd021ae00dd696b562f1816b8f00ec 2359 sbuild_0.71.0-1.dsc
 7001e7ecb731be012757b1be96813249448b944fe820dcd14d4fd68db05dd874 635520 sbuild_0.71.0.orig.tar.gz
 a8982f193277792d0bdae0287212cf5c88ed71152a907d0e647323e1c3f9a1b1 54760 sbuild_0.71.0-1.debian.tar.xz
Files:
 a64281c4d8e1c9ee606997f305126289 2359 devel extra sbuild_0.71.0-1.dsc
 0ba688ac2aea3f64509a94e6c7119476 635520 devel extra sbuild_0.71.0.orig.tar.gz
 9ae3426cf9c5d0bc3e513a15a83f8ae6 54760 devel extra sbuild_0.71.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIuBAEBCAAYBQJXvYh/ERxqb3NjaEBkZWJpYW4ub3JnAAoJEPLLpcePvYPhrCsP
/3DvnC67gc8YbfKb5K+1SMS/uaUJgd0JjDy2qykJTC3iFc+c8DyLFNXXl8BkEa7u
gUUh4hQ8omqnOwPvjl4/7U/cDcqVpjvgE3MsgJxytvDB945wG1TjbMuWZkx1d3tj
SkWlvnaWbWusVyzUrYELVZpMCbcxESKubO/IHixoNdQG1CkgxkoZmtuuEgMMSJx+
0QTNEjgBSbECXbXdGygTIaM/cXTyXcN7GY2dfDgtuHN+Q8vO1cAYKPAmeLU2ViEb
XxeuU/Uxlqdx/sC/Tlpz8Z+TEw//lW7Wq/UvsyUT2UPXjrqSwi+4Da11f1YwoH1p
kisCQkmi9ZP2octR5XOLRI2iAVE9O81U1Vdk7yPEyWuyOBQhTlXrVNpwQmrskT4F
/D5eoGUMHtvWiIwzr9OZgDufEbBMDnN1/kRYvdJ1bo3Q6Mu0JdkW82aE/RZYo5ng
6f4CUgAx/7cDLehCPTm8mX3CVANl47Ox8uoL8lSyc2eVejf3MBu/3o8DF3aHDyJr
pIN417DT/c+Hfvi7/maGt30ty+1h7UYD8x9XzctmdEeYoEHg4iiEfl7i7HHSYc+V
vdiAefiMHVtfUtYeM2rsJjz8mS7RtnfPZkwxB3hFU3ud08dodpA7T1Wm4sBkvHCH
OnFtFMBtuX8rR9KKjUcPB1P0LlxX1p3lh/pNV4CV0php
=4NRL
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.