Debian Bug report logs -
#852801
devscripts: Please add support for signing/signed .buildinfo
Reported by: Guillem Jover <guillem@debian.org>
Date: Fri, 27 Jan 2017 13:09:02 UTC
Severity: important
Found in version devscripts/2.17.0
Fixed in version devscripts/2.17.1
Done: James McCoy <jamessan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-builds@lists.alioth.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#852801; Package src:devscripts.
(Fri, 27 Jan 2017 13:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Guillem Jover <guillem@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-builds@lists.alioth.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Fri, 27 Jan 2017 13:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: devscripts
Source-Version: 2.17.0
Severity: important
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi!
The .buildinfo files were supposed to be signed, but dpkg-buildpackage
didn't do that until dpkg 1.18.19. Even then, when we sign sources and
those get referenced in the .buildinfo file, their checksums will not
match as they have been changed.
I've prepared a patch for dscverify to test the new dpkg, but debsign
is still pending. Patch attached, please review.
Thanks,
Guillem
[0001-dscverify-Add-support-for-.buildinfo-files.patch (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org.
(Fri, 27 Jan 2017 13:48:13 GMT) (full text, mbox, link).
Message sent on
to Guillem Jover <guillem@debian.org>:
Bug#852801.
(Fri, 27 Jan 2017 13:48:17 GMT) (full text, mbox, link).
Message #10 received at 852801-submitter@bugs.debian.org (full text, mbox, reply):
tag 852801 pending
thanks
Hello,
Bug #852801 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/devscripts.git;a=commitdiff;h=a1b6bfd
---
commit a1b6bfd3315d9d672cc19178f190ffad90615298
Author: Mattia Rizzolo <mattia@debian.org>
Date: Fri Jan 27 14:40:36 2017 +0100
Update changelog with the previous changes
diff --git a/debian/changelog b/debian/changelog
index 33e1c8b..468aa2f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+devscripts (2.17.1) UNRELEASED; urgency=medium
+
+ [ Osamu Aoki ]
+ * uscan:
+ + PyPI packages location change. (Closes: #851590)
+
+ [ Guillem Jover ]
+ * dscverify: Add support for .buildinfo files. (Closes: #852801)
+
+ -- Mattia Rizzolo <mattia@debian.org> Fri, 27 Jan 2017 14:36:18 +0100
+
devscripts (2.17.0) unstable; urgency=medium
[ Sean Whitton ]
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Thu, 02 Feb 2017 02:51:06 GMT) (full text, mbox, link).
Notification sent
to Guillem Jover <guillem@debian.org>:
Bug acknowledged by developer.
(Thu, 02 Feb 2017 02:51:06 GMT) (full text, mbox, link).
Message #15 received at 852801-close@bugs.debian.org (full text, mbox, reply):
Source: devscripts
Source-Version: 2.17.1
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 852801@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated devscripts package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Feb 2017 21:25:00 -0500
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.17.1
Distribution: unstable
Urgency: medium
Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 851590 852801 852918
Changes:
devscripts (2.17.1) unstable; urgency=medium
.
[ Osamu Aoki ]
* uscan:
+ PyPI packages location change. (Closes: #851590)
.
[ Guillem Jover ]
* dscverify:
+ Add support for .buildinfo files. (Closes: #852801)
.
[ Mattia Rizzolo ]
* dscverify:
+ Remove reference to the long gone debian-maintainers package.
* test_package_lifecycle:
+ Import patch from Ubuntu to have the test pass on their builders too:
filter out output from pkg-create-dbgsym's dh_gencontrol wrapper, pass
--set-envvar=NO_PKG_MANGLE=1 to debuild, and pass -U to debchange.
* debian/tests/control:
+ Depend on build-essential.
.
[ James McCoy ]
* test_package_lifecycle:
+ Ignore debhelper's new "create-stamp" output to fix the test failure.
(Closes: #852918)
Checksums-Sha1:
ff99514e9af5ecb0d31b57e81563bca6ff646b5a 2462 devscripts_2.17.1.dsc
3b8e882bc302ded2ef9ef8c85e7932d0b18679cd 678624 devscripts_2.17.1.tar.xz
d0cf77de90353e3d17fed0f7e8f55c42f614d35f 8353 devscripts_2.17.1_amd64.buildinfo
Checksums-Sha256:
8a4d5b803ffbcafc568da5ed3aae3b314b90a5acb484c7edaf5085379068427c 2462 devscripts_2.17.1.dsc
da1bbfaa88cc856bcd60993d96139b6af3301dd974c2d24c9cde4875fb991b93 678624 devscripts_2.17.1.tar.xz
e7e924c993c237a13ac0b84777d73fb1a62b4342e144790549a0bf1eee8cce4a 8353 devscripts_2.17.1_amd64.buildinfo
Files:
58bc8646545db4ed351770d714d1ea09 2462 devel optional devscripts_2.17.1.dsc
2389705d5fd3e5eb8d5208df476434bd 678624 devel optional devscripts_2.17.1.tar.xz
0a45518e9c1d66382d4958d62c64a059 8353 devel optional devscripts_2.17.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAliSmwVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9vY0Q/+LkWvW6vXmKcmUREY/YCzYdvoeCDCXDqGtQPCPMf8RRtEYUwtzO0cjYvE
mISnbqzRJWpbQ+PEQnmQoTHPJeHcwdVKczA3Pipt9kIJMjLYtE7aVtdwMcwrspu7
SOpaq+LUbNxqJPbvV+0e8vtSnu0zijo1PnXWXsWWPnG5vvNG0UdsWwQy9GXjOcv7
N5RWwQWsz/sY0OT/Hy/8odILJNgc6H8ht8WxDNpI3eO6mgJiRoZcFiSSnLaA4LRA
r6IZL4Pc8iBXp23sUCKg1QyJQgvMPd/IpcqJh1neR23Npz22D0tMOoUNEe7u0T9p
/kvBceTMTjeXdJc/KqGKC9+uKeP3UhmimfojLyN710FR8kTLKoM+xFDqjH8uEkkj
jTh3d355V13vR8b5LEJMBi0thdZF4G62yfNyNS8UkjADKOrVyjNp2jOrPNUQytZi
qgaPnMtyk48sKtUJnLbrzx2kIWeulbCHY0q3n3CVVHJuB3MBZFMHnwmR2/I3KhLm
E60/C79o1cgG6AHACeMEfmauJaaov7WlA7gQSTR5WEA3lSmwCoUQt1Al01g7zuOX
hNPmfzP1Xh0jDypSIziD9TMfDaPb8Ot6Ks22H7fVtoYs0uVhfQ2LdVfHVxBd5Wmg
bZjhOxMGLlVWakKWXMV9TlQ9pmda7+js6bFpStpJcUkt2hgskpQ=
=JwiA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 04 Mar 2017 07:24:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 13:48:45 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.