Package: devscripts Version: 2.16.7 Severity: important Dear Maintainer,
using "chdist compare-bin-packages" I was quite surprised to learn not always the newest version of the respective DIST is taken into account. How to repeat: * Create two DISTs, for the sake of this example called "wheezy-plain" and "wheezy-security" # chdist create wheezy-plain # chdist create wheezy-security * Populate the respective sources.list as follows wheezy-plain: | deb http://ftp.de.debian.org/debian wheezy main contrib non-free | deb-src http://ftp.de.debian.org/debian wheezy main contrib non-free wheezy-security: | deb http://ftp.de.debian.org/debian wheezy main contrib non-free | deb-src http://ftp.de.debian.org/debian wheezy main contrib non-free | deb http://security.debian.org wheezy/updates main contrib non-free | deb-src http://security.debian.org wheezy/updates main contrib non-free * Update the DISTs # chdist apt-get wheezy-plain update # chdist apt-get wheezy-security update * Compare them # chdist compare-bin-packages wheezy-plain wheezy-security |& grep tcpreplay Background: The tcpreplay package was updated after the last wheezy point release. Expected output: | tcpreplay 3.4.3-2+wheezy1 3.4.3-2+wheezy2 ^ Actual output: | W: Package tcpreplay is already listed for wheezy-security. Not overriding. | tcpreplay 3.4.3-2+wheezy1 3.4.3-2+wheezy1 ^ Analysis: The additional warning message gives the right hint: If a binary package is seen several times, only the first occurence is taken into account. Even if any later has a higher version. Suggested fix: The patch attached implements the expected behaviour: If the second occurence has a higher version number, that one is used. If the version number is identical, also the warning is suppressed. Additionally, the patch contains a safeguard in case there there is no version number. Feel free to drop that. The compare_src_bin function probably needs a fix, too. I could however not trigger this. Background: I maintain local backports and forks of several packages in Debian. This needs a tool to notify about new versions in Debian that require according work. I moved from an ugly hand-written solution to something based on chdist and found regressions. Justification: Besides this is unexpected behaviour and does not match the output of apt-cache policy on both sides (after some parsing) ... Assuming more people do track Debian in a similar way, they will face the same problem: They might not learn about updates that are necessary on their site, perhaps leading to something between functionality loss, or a security issue not getting fixed. Please also fix this in a stable point release: The patch applies to jessie as well (with an offset). Christoph -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- Not present -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.4.20 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages devscripts depends on: ii dpkg-dev 1.18.10 ii libc6 2.23-5 ii perl 5.22.2-5 pn python3:any <none> Versions of packages devscripts recommends: ii apt 1.3~rc4 pn at <none> ii curl 7.50.1-1 ii dctrl-tools 2.24-2 pn debian-keyring <none> pn dput | dupload <none> pn equivs <none> ii fakeroot 1.21-2 ii file 1:5.28-4 ii gnupg 1.4.20-6 ii gnupg2 2.1.11-7 ii libdistro-info-perl 0.14 ii libencode-locale-perl 1.05-1 ii liblwp-protocol-https-perl 6.06-2 pn libsoap-lite-perl <none> ii liburi-perl 1.71-1 ii libwww-perl 6.15-1 pn licensecheck <none> ii lintian 2.5.47 ii man-db 2.7.5-1 ii patch 2.7.5-1 ii patchutils 0.3.4-1 ii python3-debian 0.1.29 ii python3-magic 1:5.28-4 ii sensible-utils 0.0.9 ii strace 4.12-3 ii unzip 6.0-20 ii wdiff 1.2.2-1+b1 ii wget 1.18-2+b1 ii xz-utils 5.1.1alpha+20120614-2.1 Versions of packages devscripts suggests: pn bsd-mailx | mailx <none> ii build-essential 12.2 pn cvs-buildpackage <none> pn devscripts-el <none> ii diffoscope 60 pn dose-extra <none> pn gnuplot <none> ii gpgv 1.4.20-6 pn libauthen-sasl-perl <none> ii libfile-desktopentry-perl 0.22-1 ii libnet-smtp-ssl-perl 1.03-1 pn libterm-size-perl <none> ii libtimedate-perl 2.3000-2 pn libyaml-syck-perl <none> ii mozilla-devscripts 0.47 ii mutt 1.7.0-1 ii openssh-client [ssh-client] 1:7.3p1-1 pn reprotest <none> pn svn-buildpackage <none> ii w3m 0.5.3-29 -- no debconf information
--- /usr/bin/chdist +++ /tmp/chdist @@ -471,10 +471,17 @@ my $parsed_file = parseFile($file); foreach my $package ( keys(%{$parsed_file}) ) { if ( $packages{$dist}{$package} ) { - warn "W: Package $package is already listed for $dist. Not overriding.\n"; - } else { - $packages{$dist}{$package} = $parsed_file->{$package}; - } + my $version = $packages{$dist}{$package}{'Version'}; + my $alt_ver = $parsed_file->{$package}{'Version'}; + my $delta = $version && $alt_ver && version_compare($version, $alt_ver); + if (defined ($delta) && $delta < 0) { + $packages{$dist}{$package} = $parsed_file->{$package}; + } elsif (!defined ($delta) || $delta < 0) { + warn "W: Package $package is already listed for $dist. Not overriding.\n"; + } + } else { + $packages{$dist}{$package} = $parsed_file->{$package}; + } } } }
signature.asc
Description: Digital signature