subject:"Bug#855282\: debsign\: support .buildinfo files"

Re: Bug#855282: debsign: support .buildinfo files

2017-03-12 Thread James McCoy

On Mon, Mar 06, 2017 at 11:45:20PM -0500, James McCoy wrote:
> On Thu, Feb 16, 2017 at 05:23:00PM +, Ximin Luo wrote:
> > I've done an initial implementation here:
> > 
> > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> > 
> > Please review!
> 
> This was merged and uploaded in 2.17.2.  However, now I see that
> buildinfo files may be arch-qualified even with a _source.changes (e.g.,
> by using "sbuild -A --source-only-changes").  That's not currently
> handled properly since "debsign foo_ver_source.changes" expects
> "foo_ver_source.buildinfo" to exist.
> 
> Should debsign be deriving the path for the buildinfo from the contents
> of the changes file?

I've changed all of the "child file" handling to use this approach in
4a4238dbf1e789e998cf047ea0f006e982fba56b.  That seems cleaner than
debsign replicating logic to determine the names of related files.

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

2017-03-06 Thread James McCoy

On Thu, Feb 16, 2017 at 05:23:00PM +, Ximin Luo wrote:
> I've done an initial implementation here:
> 
> https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> 
> Please review!

This was merged and uploaded in 2.17.2.  However, now I see that
buildinfo files may be arch-qualified even with a _source.changes (e.g.,
by using "sbuild -A --source-only-changes").  That's not currently
handled properly since "debsign foo_ver_source.changes" expects
"foo_ver_source.buildinfo" to exist.

Should debsign be deriving the path for the buildinfo from the contents
of the changes file?

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

2017-02-28 Thread James McCoy

On Wed, Mar 01, 2017 at 02:58:29AM +0100, Guillem Jover wrote:
> Hi!
> 
> On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote:
> > On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote:
> > > Control: tags + patch
> > 
> > > I've done an initial implementation here:
> > > 
> > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> > > 
> > > Please review!
> > 
> > I think something like the attached patch on top of your branch HEAD
> > is also needed.
> 
> Here's another patch to support the finalized format 1.0 sitting now
> in dpkg's git master, pending upload to unstable.

Merged.  Thanks!

Cheers,
-- 
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

2017-02-28 Thread Guillem Jover

Hi!

On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote:
> On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote:
> > Control: tags + patch
> 
> > I've done an initial implementation here:
> > 
> > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> > 
> > Please review!
> 
> I think something like the attached patch on top of your branch HEAD
> is also needed.

Here's another patch to support the finalized format 1.0 sitting now
in dpkg's git master, pending upload to unstable.

Thanks,
Guillem
From d21172ba5d15f920929892e72ccc7bd83024628f Mon Sep 17 00:00:00 2001
From: Guillem Jover 
Date: Tue, 28 Feb 2017 00:13:52 +0100
Subject: [PATCH] Add support for finalized .buildinfo format 1.0

---
 scripts/debsign.sh   | 2 +-
 scripts/dscverify.pl | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/debsign.sh b/scripts/debsign.sh
index 4b2b22cb..2eb23df5 100755
--- a/scripts/debsign.sh
+++ b/scripts/debsign.sh
@@ -462,7 +462,7 @@ fixup_control() {
 }
 
 fixup_buildinfo() {
-fixup_control '$major != 0 or $minor > 2' dsc buildinfo "$@"
+fixup_control '($major != 0 or $minor > 2) and ($major != 1 or $minor > 0)' dsc buildinfo "$@"
 }
 
 fixup_changes() {
diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl
index 381ebff5..45f2c605 100755
--- a/scripts/dscverify.pl
+++ b/scripts/dscverify.pl
@@ -208,7 +208,8 @@ sub process_file {
 	$major += 0;
 	$minor += 0;
 	if ($file =~ /\.changes$/ and ($major != 1 or $minor > 8) or
-	$file =~ /\.buildinfo$/ and ($major != 0 or $minor > 2)) {
+	$file =~ /\.buildinfo$/ and (($major != 0 or $minor > 2) and
+	 ($major != 1 or $minor > 0))) {
 	xwarn "$file is an unsupported format: $format\n";
 	return;
 	}
-- 
2.12.0.rc1.440.g5b76565f74

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

2017-02-16 Thread Guillem Jover

Hi!

On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote:
> Control: tags + patch

> I've done an initial implementation here:
> 
> https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo
> 
> Please review!

I think something like the attached patch on top of your branch HEAD
is also needed.

Thanks,
Guillem
From 8ccb601c3e3f1cb16db923b8464e8a73b4cf03df Mon Sep 17 00:00:00 2001
From: Guillem Jover 
Date: Fri, 17 Feb 2017 06:04:27 +0100
Subject: [PATCH] Improve .buildinfo support

---
 scripts/debsign.sh   | 19 +--
 scripts/dscverify.pl |  7 ---
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/scripts/debsign.sh b/scripts/debsign.sh
index ede3aa79..4b2b22cb 100755
--- a/scripts/debsign.sh
+++ b/scripts/debsign.sh
@@ -418,7 +418,7 @@ fixup_control() {
 '" \$file=\"$child\"; \$md5=\"$md5\"; "'
 '" \$sha1=\"$sha1\"; \$sha256=\"$sha256\"; "'
 $size=(-s $file); ($base=$file) =~ s|.*/||;
-$infiles=0; $insha1=0; $insha256=0; $format="";
+$infiles=0; $inmd5=0; $insha1=0; $insha256=0; $format="";
 }
 if(/^Format:\s+(.*)/) {
 	$format=$1;
@@ -429,19 +429,26 @@ fixup_control() {
 	die "Unsupported .$parenttype format: $format\n"
 	if('"$filter_out"');
 }
-/^Files:/i && ($infiles=1,$insha1=0,$insha256=0);
-if(/^Checksums-Sha1:/i) {$insha1=1;$infiles=0;$insha256=0;}
+/^Files:/i && ($infiles=1,$inmd5=0,$insha1=0,$insha256=0);
+if(/^Checksums-Sha1:/i) {$insha1=1;$infiles=0;$inmd5=0;$insha256=0;}
 elsif(/^Checksums-Sha256:/i) {
-	$insha256=1;$infiles=0;$insha1=0;
+	$insha256=1;$infiles=0;$inmd5=0;$insha1=0;
+} elsif(/^Checksums-Md5:/i) {
+	$inmd5=1;$infiles=0;$insha1=0;$insha256=0;
 } elsif(/^Checksums-.*?:/i) {
 	die "Unknown checksum format: $_\n";
 }
-/^\s*$/ && ($infiles=0,$insha1=0,$insha256=0);
+/^\s*$/ && ($infiles=0,$inmd5=0,$insha1=0,$insha256=0);
 if ($infiles &&
 	/^ (\S+) (\d+) (\S+) (\S+) \Q$base\E\s*$/) {
 	$_ = " $md5 $size $3 $4 $base\n";
 	$infiles=0;
 }
+if ($inmd5 &&
+	/^ (\S+) (\d+) \Q$base\E\s*$/) {
+$_ = " $md5 $size $base\n";
+$inmd5=0;
+}
 if ($insha1 &&
 	/^ (\S+) (\d+) \Q$base\E\s*$/) {
 	$_ = " $sha1 $size $base\n";
@@ -455,7 +462,7 @@ fixup_control() {
 }
 
 fixup_buildinfo() {
-fixup_control '$major < 1 and $minor < 2' dsc buildinfo "$@"
+fixup_control '$major != 0 or $minor > 2' dsc buildinfo "$@"
 }
 
 fixup_changes() {
diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl
index 8bc0857c..381ebff5 100755
--- a/scripts/dscverify.pl
+++ b/scripts/dscverify.pl
@@ -198,7 +198,7 @@ sub process_file {
 	}
 }
 
-if ($file =~ /\.changes$/ and $out =~ /^Format:\s*(.*)$/mi) {
+if ($file =~ /\.(changes|buildinfo)$/ and $out =~ /^Format:\s*(.*)$/mi) {
 	my $format = $1;
 	unless ($format =~ /^(\d+)\.(\d+)$/) {
 	xwarn "$file has an unrecognised format: $format\n";
@@ -207,7 +207,8 @@ sub process_file {
 	my ($major, $minor) = split /\./, $format;
 	$major += 0;
 	$minor += 0;
-	unless ($major == 1 and $minor <= 8) {
+	if ($file =~ /\.changes$/ and ($major != 1 or $minor > 8) or
+	$file =~ /\.buildinfo$/ and ($major != 0 or $minor > 2)) {
 	xwarn "$file is an unsupported format: $format\n";
 	return;
 	}
@@ -220,7 +221,7 @@ sub process_file {
 }
 
 my @checksums = map { split /\n/ } $out =~ /^Checksums-(\S+):\s*\n/mgi;
-@checksums = grep {!/^Sha(1|256)$/i} @checksums;
+@checksums = grep {!/^(Md5|Sha(1|256))$/i} @checksums;
 if (@checksums) {
 	xwarn "$file contains unsupported checksums:\n"
 	. join (", ", @checksums) . "\n";
-- 
2.11.0.483.g087da7b7c

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

2017-02-16 Thread Ximin Luo

Control: tags + patch

Hi all,

I've done an initial implementation here:

https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo

Please review!

I haven't yet updated debrsign but I think that program is a bit pointless 
anyway, and have documented this in debsign(1): "note that it is probably safer 
to have your trusted signing machine use \fBdebsign\fR to connect to the 
untrusted non-signing machine, rather than using \fBdebrsign\fR to make the 
connection in the reverse direction."

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

2017-02-16 Thread Holger Levsen

user reproducible-builds@lists.alioth.debian.org
usertag 855282 toolchain
thanks


-- 
cheers,
Holger


signature.asc
Description: Digital signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Bug#855282: debsign: support .buildinfo files

2017-02-16 Thread Ximin Luo

Package: devscripts
Version: 2.17.1
Severity: wishlist

Dear Maintainer,

dpkg since version 1.18.19 has been signing buildinfo files by default.
debsign at the moment will ignore these and leave them unsigned. It would be
good to support them.

Ximin

-- Package-specific info:

--- /etc/devscripts.conf ---

--- ~/.devscripts ---
Not present

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages devscripts depends on:
ii  dpkg-dev 1.18.22
ii  libc62.24-9
ii  perl 5.24.1-1
pn  python3:any  

Versions of packages devscripts recommends:
ii  apt 1.4~rc1
ii  at  3.1.20-3
ii  curl7.52.1-2
ii  dctrl-tools 2.24-2
ii  debian-keyring  2017.01.20
ii  dput0.12.0
ii  equivs  2.0.9+nmu1
ii  fakeroot1.21-3.1
ii  file1:5.29-3
ii  gnupg   2.1.18-3
ii  gnupg2  2.1.18-3
ii  libdistro-info-perl 0.14
ii  libdpkg-perl1.18.22
ii  libencode-locale-perl   1.05-1
ii  libgit-wrapper-perl 0.047-1
ii  liblist-compare-perl0.53-1
ii  liblwp-protocol-https-perl  6.06-2
ii  libsoap-lite-perl   1.20-1
ii  liburi-perl 1.71-1
ii  libwww-perl 6.15-1
ii  licensecheck3.0.29-1
ii  lintian 2.5.50.1
ii  man-db  2.7.6.1-2
ii  patch   2.7.5-1
ii  patchutils  0.3.4-2
ii  python3-debian  0.1.30
ii  python3-magic   1:5.29-3
ii  sensible-utils  0.0.9
ii  strace  4.15-2
ii  unzip   6.0-21
ii  wdiff   1.2.2-2
ii  wget1.18-4
ii  xz-utils5.2.2-1.2

Versions of packages devscripts suggests:
ii  adequate 0.15.1
ii  autopkgtest  4.3
pn  bls-standalone   
ii  bsd-mailx [mailx]8.1.2-0.20160123cvs-3
ii  build-essential  12.3
pn  check-all-the-things 
pn  cvs-buildpackage 
pn  devscripts-el
ii  diffoscope   67
ii  disorderfs   0.5.1-1
pn  dose-extra   
pn  duck 
ii  faketime 0.9.6-7
ii  gnuplot  5.0.5+dfsg1-5
ii  gpgv 2.1.18-3
pn  how-can-i-help   
ii  libauthen-sasl-perl  2.1600-1
ii  libfile-desktopentry-perl0.22-1
pn  libnet-smtps-perl
pn  libterm-size-perl
ii  libtimedate-perl 2.3000-2
ii  libyaml-syck-perl1.29-1+b2
pn  mozilla-devscripts   
ii  mutt 1.7.2-1
ii  openssh-client [ssh-client]  1:7.4p1-6
ii  piuparts 0.75
pn  ratt 
ii  reprotest0.6
pn  svn-buildpackage 
pn  w3m  

-- no debconf information

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: Bug#855282: debsign: support .buildinfo files

Re: Bug#855282: debsign: support .buildinfo files

Re: Bug#855282: debsign: support .buildinfo files

Re: Bug#855282: debsign: support .buildinfo files

Re: Bug#855282: debsign: support .buildinfo files

Re: Bug#855282: debsign: support .buildinfo files

Re: Bug#855282: debsign: support .buildinfo files

Bug#855282: debsign: support .buildinfo files

8 matches

Site Navigation

Mail list logo

Footer information