Package: gpgv-udeb Version: 1.4.18-1 Severity: grave Tags: patch Justification: renders package unusable
Hi folks, I'm really sorry for: - having failed to reply to your request in time[1]; - having failed to deliver any testing, which led to lost user time[2] and is going to cost another gnupg upload. 1. https://lists.debian.org/debian-boot/2014/01/msg00129.html 2. https://lists.debian.org/debian-boot/2014/07/msg00007.html I've finally spent some time on this, and checked the following things: a) A trivial removal of the --enable-minimal flag would need to go together with disabling bzip2 support; resulting udebs would be uninstallable due to a libbz2 dependency. d-i would then be bigger but functional again. b) Thankfully we don't need to consider the backup plan mentioned in a) since all we need is enabling sha256 support. Currently, Release files include MD5+SHA1+SHA256. You'll find a tested patch attached. (This means a whole installation using a netboot-gtk image.) I also noticed "make check" isn't run for the udeb build; I don't think it would hurt to do so (the testsuite is smart enough to notice support for some bits wasn't enabled, see output below my signature), that's why I'm including an extra patch adding that. Sorry again… Mraw, KiBi. Testsuite output for the udeb check: | make[2]: Entering directory '/home/kibi/hack/gnupg.git/build-udeb/checks' | gpg (GnuPG) 1.4.18 | Copyright (C) 2014 Free Software Foundation, Inc. | License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> | This is free software: you are free to change and redistribute it. | There is NO WARRANTY, to the extent permitted by law. | | Home: . | Supported algorithms: | Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA | Cipher: 3DES | Hash: MD5, SHA1, RIPEMD160, SHA256, SHA224 | Compression: Uncompressed, ZIP, ZLIB | PASS: version.test | Hash algorithm SHA-384 is not installed (not an error) | Hash algorithm SHA-512 is not installed (not an error) | PASS: mds.test | PASS: decrypt.test | PASS: decrypt-dsa.test | MD5 SHA1 RIPEMD160 SHA256 SHA224 | PASS: sigs.test | PASS: sigs-dsa.test | 3DES | PASS: encrypt.test | 3DES | PASS: encrypt-dsa.test | PASS: seat.test | PASS: clearsig.test | PASS: encryptp.test | PASS: detach.test | PASS: armsigs.test | PASS: armencrypt.test | PASS: armencryptp.test | PASS: signencrypt.test | PASS: signencrypt-dsa.test | PASS: armsignencrypt.test | PASS: armdetach.test | PASS: armdetachm.test | PASS: detachm.test | PASS: genkey1024.test | 3DES | PASS: conventional.test | 3DES | PASS: conventional-mdc.test | PASS: multisig.test | PASS: verify.test | PASS: armor.test | =================== | All 27 tests passed | =================== | make[2]: Leaving directory '/home/kibi/hack/gnupg.git/build-udeb/checks'
>From 716ad8686c8dc274d62399042cd89a1549ce817e Mon Sep 17 00:00:00 2001 From: Cyril Brulebois <k...@debian.org> Date: Sun, 6 Jul 2014 21:25:45 +0200 Subject: [PATCH 1/2] Fix gpgv-udeb by adding --enable-sha256, which is needed to validate Release files. --- debian/changelog | 7 +++++++ debian/rules | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 4987723..db5868a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +gnupg (1.4.18-2) UNRELEASED; urgency=medium + + * Fix gpgv-udeb by adding --enable-sha256, which is needed to validate + Release files. + + -- Cyril Brulebois <k...@debian.org> Sun, 06 Jul 2014 21:10:24 +0200 + gnupg (1.4.18-1) unstable; urgency=medium * New upstream release. diff --git a/debian/rules b/debian/rules index 683b8b2..6878842 100755 --- a/debian/rules +++ b/debian/rules @@ -22,7 +22,7 @@ CONFARGS = --prefix=/usr --libexecdir=/usr/lib/ \ --enable-noexecstack CONFARGS_FULL = --enable-mailto --with-mailprog=/usr/sbin/sendmail -CONFARGS_MINIMAL = --enable-minimal --enable-rsa --disable-nls --disable-regex --disable-gnupg-iconv --disable-gettext --without-iconv --without-readline --without-zlib +CONFARGS_MINIMAL = --enable-minimal --enable-rsa --disable-nls --disable-regex --disable-gnupg-iconv --disable-gettext --without-iconv --without-readline --without-zlib --enable-sha256 ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) HOSTARG += --host=$(DEB_HOST_GNU_TYPE) -- 2.0.1
>From 46e6fd9616a8bf39f3fd0e8f3d5e822122a5bcce Mon Sep 17 00:00:00 2001 From: Cyril Brulebois <k...@debian.org> Date: Sun, 6 Jul 2014 21:46:32 +0200 Subject: [PATCH 2/2] Run the check target in the udeb build directory. --- debian/changelog | 1 + debian/rules | 3 +++ 2 files changed, 4 insertions(+) diff --git a/debian/changelog b/debian/changelog index db5868a..1e134e9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ gnupg (1.4.18-2) UNRELEASED; urgency=medium * Fix gpgv-udeb by adding --enable-sha256, which is needed to validate Release files. + * Run the check target in the udeb build directory. -- Cyril Brulebois <k...@debian.org> Sun, 06 Jul 2014 21:10:24 +0200 diff --git a/debian/rules b/debian/rules index 6878842..1d30d25 100755 --- a/debian/rules +++ b/debian/rules @@ -81,6 +81,9 @@ endif build-udeb-stamp: build-udeb/config.status dh_testdir $(MAKE) -C build-udeb/ +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + make -C build-udeb/checks check || exit 1 +endif touch $@ build-win32-stamp: build-win32/config.status -- 2.0.1