Debian Bug report logs -
#855282
debsign: support .buildinfo files
Reported by: Ximin Luo <infinity0@debian.org>
Date: Thu, 16 Feb 2017 11:57:01 UTC
Severity: serious
Tags: patch
Found in version devscripts/2.17.1
Fixed in version devscripts/2.17.2
Done: James McCoy <jamessan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-builds@lists.alioth.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Thu, 16 Feb 2017 11:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ximin Luo <infinity0@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-builds@lists.alioth.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Thu, 16 Feb 2017 11:57:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: devscripts
Version: 2.17.1
Severity: wishlist
Dear Maintainer,
dpkg since version 1.18.19 has been signing buildinfo files by default.
debsign at the moment will ignore these and leave them unsigned. It would be
good to support them.
Ximin
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
Not present
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.22
ii libc6 2.24-9
ii perl 5.24.1-1
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.4~rc1
ii at 3.1.20-3
ii curl 7.52.1-2
ii dctrl-tools 2.24-2
ii debian-keyring 2017.01.20
ii dput 0.12.0
ii equivs 2.0.9+nmu1
ii fakeroot 1.21-3.1
ii file 1:5.29-3
ii gnupg 2.1.18-3
ii gnupg2 2.1.18-3
ii libdistro-info-perl 0.14
ii libdpkg-perl 1.18.22
ii libencode-locale-perl 1.05-1
ii libgit-wrapper-perl 0.047-1
ii liblist-compare-perl 0.53-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.20-1
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii licensecheck 3.0.29-1
ii lintian 2.5.50.1
ii man-db 2.7.6.1-2
ii patch 2.7.5-1
ii patchutils 0.3.4-2
ii python3-debian 0.1.30
ii python3-magic 1:5.29-3
ii sensible-utils 0.0.9
ii strace 4.15-2
ii unzip 6.0-21
ii wdiff 1.2.2-2
ii wget 1.18-4
ii xz-utils 5.2.2-1.2
Versions of packages devscripts suggests:
ii adequate 0.15.1
ii autopkgtest 4.3
pn bls-standalone <none>
ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-3
ii build-essential 12.3
pn check-all-the-things <none>
pn cvs-buildpackage <none>
pn devscripts-el <none>
ii diffoscope 67
ii disorderfs 0.5.1-1
pn dose-extra <none>
pn duck <none>
ii faketime 0.9.6-7
ii gnuplot 5.0.5+dfsg1-5
ii gpgv 2.1.18-3
pn how-can-i-help <none>
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.22-1
pn libnet-smtps-perl <none>
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
ii libyaml-syck-perl 1.29-1+b2
pn mozilla-devscripts <none>
ii mutt 1.7.2-1
ii openssh-client [ssh-client] 1:7.4p1-6
ii piuparts 0.75
pn ratt <none>
ii reprotest 0.6
pn svn-buildpackage <none>
pn w3m <none>
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Thu, 16 Feb 2017 17:27:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Ximin Luo <infinity0@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Thu, 16 Feb 2017 17:27:07 GMT) (full text, mbox, link).
Message #10 received at 855282@bugs.debian.org (full text, mbox, reply):
Control: tags + patch
Hi all,
I've done an initial implementation here:
https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
Please review!
I haven't yet updated debrsign but I think that program is a bit pointless anyway, and have documented this in debsign(1): "note that it is probably safer to have your trusted signing machine use \fBdebsign\fR to connect to the untrusted non-signing machine, rather than using \fBdebrsign\fR to make the connection in the reverse direction."
X
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
Added tag(s) patch.
Request was from Ximin Luo <infinity0@debian.org>
to control@bugs.debian.org.
(Thu, 16 Feb 2017 17:30:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Thu, 16 Feb 2017 18:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Thu, 16 Feb 2017 18:57:06 GMT) (full text, mbox, link).
Message #17 received at 855282@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu 2017-02-16 12:23:00 -0500, Ximin Luo wrote:
> I haven't yet updated debrsign but I think that program is a bit
> pointless anyway, and have documented this in debsign(1): "note that
> it is probably safer to have your trusted signing machine use
> \fBdebsign\fR to connect to the untrusted non-signing machine, rather
> than using \fBdebrsign\fR to make the connection in the reverse
> direction."
fwiw, i agree with Ximin here.
If doing it the other way around isn't possible, a better option (given
the version of gpg that is available in stretch) is to forward the
gpg-agent's extra socket from the trusted machine to the remote machine
and using debsign directly on the remote/untrusted machine, and
confirming access to the secret key material via gpg-agent's use of
pinentry the trusted machine.
We should probably try to deprecate debrsign in general.
https://codesearch.debian.net/search?q=debrsign
suggests it's only used in devscripts, referenced in the
developers-reference, and then as an obscure option in ui-auto.
I've just filed https://bugs.debian.org/855320 in developers-reference
to avoid encouraging its use.
ui-auto also appears to have a comparable ui-auto-rsign that parallels
this dangerous strategy. I've filed another bug to try to get that
changed too (but i don't have the assigned bug report number yet).
--dkg
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Fri, 17 Feb 2017 05:12:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Fri, 17 Feb 2017 05:12:03 GMT) (full text, mbox, link).
Message #22 received at 855282@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi!
On Thu, 2017-02-16 at 17:23:00 +0000, Ximin Luo wrote:
> Control: tags + patch
> I've done an initial implementation here:
>
> https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
>
> Please review!
I think something like the attached patch on top of your branch HEAD
is also needed.
Thanks,
Guillem
[0001-Improve-.buildinfo-support.patch (text/x-diff, attachment)]
Added tag(s) pending.
Request was from James McCoy <jamessan@debian.org>
to control@bugs.debian.org.
(Mon, 27 Feb 2017 04:54:04 GMT) (full text, mbox, link).
Message sent on
to Ximin Luo <infinity0@debian.org>:
Bug#855282.
(Mon, 27 Feb 2017 04:54:06 GMT) (full text, mbox, link).
Message #27 received at 855282-submitter@bugs.debian.org (full text, mbox, reply):
tag 855282 pending
thanks
Hello,
Bug #855282 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/devscripts.git;a=commitdiff;h=226ab8f
---
commit 226ab8f418f8a15d9758709da17a1c594bed690f
Merge: e1a18a8 6c582f8
Author: James McCoy <jamessan@debian.org>
Date: Sun Feb 26 15:02:57 2017 -0500
Merge remote-tracking branch 'origin/pu/debsign-buildinfo'
diff --cc debian/changelog
index 7e28ad1,19fbf08..36ec775
--- a/debian/changelog
+++ b/debian/changelog
@@@ -3,9 -3,6 +3,12 @@@ devscripts (2.17.2) UNRELEASED; urgency
[ James McCoy ]
* deb-reversion:
+ Correct parsing of long-form --new-version switch. (Closes: #853919)
+ * grep-excuses:
+ + Improve robustness of HTML parsing to avoid issues like #856104, until
+ grep-excuses is converted to consume YAML.
++ * debsign:
++ + Add support for *.buildinfo files. Thanks to Ximin Luo and Guillem
++ Jover for the patches! (Closes: #855282)
[ Antonio Terceiro ]
* rc-alert:
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Wed, 01 Mar 2017 02:03:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Wed, 01 Mar 2017 02:03:02 GMT) (full text, mbox, link).
Message #32 received at 855282@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi!
On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote:
> On Thu, 2017-02-16 at 17:23:00 +0000, Ximin Luo wrote:
> > Control: tags + patch
>
> > I've done an initial implementation here:
> >
> > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> >
> > Please review!
>
> I think something like the attached patch on top of your branch HEAD
> is also needed.
Here's another patch to support the finalized format 1.0 sitting now
in dpkg's git master, pending upload to unstable.
Thanks,
Guillem
[0001-Add-support-for-finalized-.buildinfo-format-1.0.patch (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Wed, 01 Mar 2017 02:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to James McCoy <jamessan@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Wed, 01 Mar 2017 02:21:05 GMT) (full text, mbox, link).
Message #37 received at 855282@bugs.debian.org (full text, mbox, reply):
On Wed, Mar 01, 2017 at 02:58:29AM +0100, Guillem Jover wrote:
> Hi!
>
> On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote:
> > On Thu, 2017-02-16 at 17:23:00 +0000, Ximin Luo wrote:
> > > Control: tags + patch
> >
> > > I've done an initial implementation here:
> > >
> > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> > >
> > > Please review!
> >
> > I think something like the attached patch on top of your branch HEAD
> > is also needed.
>
> Here's another patch to support the finalized format 1.0 sitting now
> in dpkg's git master, pending upload to unstable.
Merged. Thanks!
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Sat, 04 Mar 2017 19:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Adrian Bunk <bunk@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Sat, 04 Mar 2017 19:33:03 GMT) (full text, mbox, link).
Message #42 received at 855282@bugs.debian.org (full text, mbox, reply):
Control: severity -1 serious
After reading [1] (debarchiver rejecting packages due to unsigned
.buildinfo) this is IMHO an RC issue for stretch - dscverify
rejecting packages signed by debsign is nothing that should
end up in a release.
cu
Adrian
[1] https://lists.debian.org/debian-user-german/2017/03/msg00025.html
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Severity set to 'serious' from 'wishlist'
Request was from Adrian Bunk <bunk@debian.org>
to 855282-submit@bugs.debian.org.
(Sat, 04 Mar 2017 19:33:03 GMT) (full text, mbox, link).
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Mon, 06 Mar 2017 03:51:05 GMT) (full text, mbox, link).
Notification sent
to Ximin Luo <infinity0@debian.org>:
Bug acknowledged by developer.
(Mon, 06 Mar 2017 03:51:05 GMT) (full text, mbox, link).
Message #49 received at 855282-close@bugs.debian.org (full text, mbox, reply):
Source: devscripts
Source-Version: 2.17.2
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 855282@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated devscripts package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Mar 2017 22:23:37 -0500
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.17.2
Distribution: unstable
Urgency: medium
Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 853919 855282 855433 856374
Changes:
devscripts (2.17.2) unstable; urgency=medium
.
[ James McCoy ]
* deb-reversion:
+ Correct parsing of long-form --new-version switch. (Closes: #853919)
* grep-excuses:
+ Improve robustness of HTML parsing to avoid issues like #856104, until
grep-excuses is converted to consume YAML.
* debsign:
+ Add support for *.buildinfo files. Thanks to Ximin Luo and Guillem
Jover for the patches! (Closes: #855282)
* debian/tests/control: Add mozilla-devscripts to Depends, as needed by
mk-origtargz's tests.
.
[ Antonio Terceiro ]
* rc-alert:
+ Add bug URL to the output.
.
[ Guillem Jover ]
* wrap-and-sort:
+ Deal with Build-Conflicts-{Arch,Indep}, Build-Depends-Arch and
Built-Using fields. (Closes: #855433)
.
[ Mattia Rizzolo ]
* Remove Ryan Niebur from Uploaders after a request from the MIA Team.
Thank you for all your past contributions! (Closes: #856374)
Checksums-Sha1:
66da8ee76916e0d434c647231969a023045b6e43 2445 devscripts_2.17.2.dsc
da8c5eb17ec2259bd35605fd6b39e8ef7622ffd2 680268 devscripts_2.17.2.tar.xz
5be5dc14205f7c284f9b4a03e3a4887b502ece4e 8368 devscripts_2.17.2_amd64.buildinfo
Checksums-Sha256:
4af290616035f6d401759c5c6859b1efe8c52abe50b3aa1ffd8555fe7687eff5 2445 devscripts_2.17.2.dsc
bc6f1c39382e5bf62d36a93e49fc5ff9192e552d542ba0361f3b4c901f9e8442 680268 devscripts_2.17.2.tar.xz
03f2cc8de8a0a09a932bdb6f1b58f9241926b07849a7fb84ebf6632e51a5443e 8368 devscripts_2.17.2_amd64.buildinfo
Files:
a85196ea64478d82ca64424c97ba85a5 2445 devel optional devscripts_2.17.2.dsc
a89c9db474693efbd3c125721ad3ec48 680268 devel optional devscripts_2.17.2.tar.xz
dc14a7710bdaf8d67d40ff18f90b42a2 8368 devel optional devscripts_2.17.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAli82UdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9uq6Q//aHM7xbDXQ28/HDjFkzmZ/rdHadnEVowHe/R6V3QsZyelFFU+jeD/+FnE
qsf3bn6C5Pfd+PCDO/hZlvWIKx2Yh+IbvXwPGG5MzqtmbcTKXKV8qZfNeNpB+fFc
3DguBFQ2+qv9lGpp1WVtY3aTGVPsEKW3knTDy0eaABfHL5+dsJzBNWXgfaUPRErf
d7IxLcwKSzbNvIQJ5MKvugPzi7+qHkmHC3BLD+Uz3+NI5sd4R3zfK6OzNWC4DtXa
X/hSm4eOfyINf4+Jj5V11JObgsGI3m1l0SyL8Tz4gOP/h6bYjfTCeC3mLtLI79fD
RQT0SsVAzsPOvIwI2ZmlI0rKuXXszgbIy/LJBHApHVMk3JzNhOwAK4jjyr+riqnq
8SPdwjqWB+szQxtSqbUcXZrmhey2BpLTJL4yvPThd4uapvrxcxhjrw258I+8/6Mr
tFUKPrmUmpOn6csSeVZ2k5dLPLbyukb5V3jALT07ZvXz4EoWlJcNrBoYPYBsLY5e
ERVhdEVtX4jotslp1mGuG1cmxx/wUo33In5qHaHmjORSLuEhkqTaoCS8AeUHafk1
NSBAYWmpBg2m2JDjfY+IslIy5FhQkjOw4hbR8HOdq8x3Na7+u0OqOfeS1zeZ9pal
D1jcdSGAc2sZw9k8izb+gg8PQrE3UpFUdT/iChoTkfhhlZrjfX8=
=kwaD
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Tue, 07 Mar 2017 04:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to James McCoy <jamessan@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Tue, 07 Mar 2017 04:48:03 GMT) (full text, mbox, link).
Message #54 received at 855282@bugs.debian.org (full text, mbox, reply):
On Thu, Feb 16, 2017 at 05:23:00PM +0000, Ximin Luo wrote:
> I've done an initial implementation here:
>
> https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
>
> Please review!
This was merged and uploaded in 2.17.2. However, now I see that
buildinfo files may be arch-qualified even with a _source.changes (e.g.,
by using "sbuild -A --source-only-changes"). That's not currently
handled properly since "debsign foo_ver_source.changes" expects
"foo_ver_source.buildinfo" to exist.
Should debsign be deriving the path for the buildinfo from the contents
of the changes file?
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Mon, 13 Mar 2017 04:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to James McCoy <jamessan@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Mon, 13 Mar 2017 04:06:03 GMT) (full text, mbox, link).
Message #59 received at 855282@bugs.debian.org (full text, mbox, reply):
On Mon, Mar 06, 2017 at 11:45:20PM -0500, James McCoy wrote:
> On Thu, Feb 16, 2017 at 05:23:00PM +0000, Ximin Luo wrote:
> > I've done an initial implementation here:
> >
> > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> >
> > Please review!
>
> This was merged and uploaded in 2.17.2. However, now I see that
> buildinfo files may be arch-qualified even with a _source.changes (e.g.,
> by using "sbuild -A --source-only-changes"). That's not currently
> handled properly since "debsign foo_ver_source.changes" expects
> "foo_ver_source.buildinfo" to exist.
>
> Should debsign be deriving the path for the buildinfo from the contents
> of the changes file?
I've changed all of the "child file" handling to use this approach in
4a4238dbf1e789e998cf047ea0f006e982fba56b. That seems cleaner than
debsign replicating logic to determine the names of related files.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Information forwarded
to debian-bugs-dist@lists.debian.org, Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>:
Bug#855282; Package devscripts.
(Tue, 14 Mar 2017 15:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Ximin Luo <infinity0@debian.org>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>.
(Tue, 14 Mar 2017 15:21:02 GMT) (full text, mbox, link).
Message #64 received at 855282@bugs.debian.org (full text, mbox, reply):
James McCoy:
> On Mon, Mar 06, 2017 at 11:45:20PM -0500, James McCoy wrote:
>> On Thu, Feb 16, 2017 at 05:23:00PM +0000, Ximin Luo wrote:
>>> I've done an initial implementation here:
>>>
>>> https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
>>>
>>> Please review!
>>
>> This was merged and uploaded in 2.17.2. However, now I see that
>> buildinfo files may be arch-qualified even with a _source.changes (e.g.,
>> by using "sbuild -A --source-only-changes"). That's not currently
>> handled properly since "debsign foo_ver_source.changes" expects
>> "foo_ver_source.buildinfo" to exist.
>>
>> Should debsign be deriving the path for the buildinfo from the contents
>> of the changes file?
>
> I've changed all of the "child file" handling to use this approach in
> 4a4238dbf1e789e998cf047ea0f006e982fba56b. That seems cleaner than
> debsign replicating logic to determine the names of related files.
>
> [..]
Looks good, yes that is better.
Also thanks for fixing the auto-detection of the signer, that was my fault. In 0207d9493a24decfba5e533c2efa75e1e2e335db I deduplicated two pieces of code that looked the same but was actually different, and should have picked the other one to use. :/
X
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 12 Apr 2017 07:29:37 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 14:09:20 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.