Bug#940028: launching d-i on multiple consoles doesn't play well with preseeding

2019-09-15 Thread Cyril Brulebois
Hi Sergio,

Sergio Gelato  (2019-09-11):
> This seems to be new behaviour since stretch, introduced in version 1.128 of
> package rootskel.

From the rest of your mail I'm assuming you meant buster here.

> I suspect that the two debian-installer instances are racing each
> other. To confirm this, I unpacked initrd.gz, made a simple change to
> sbin/reopen-console (adding inittab entries only for cons in
> $preferred instead of for cons in $consoles), repacked, and run an
> installation again with much better results (no more questions from
> localechooser).
> 
> I do appreciate that for interactive d-i use it's nice to have it show
> up on all consoles; but not at the expense of breaking fully automated
> installation.

Agreed. You're not the only one reporting such issues, and I'd really
like feature authors to fix the regression they introduced. That's not
the first time steal-ctty appears in bug report.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#939266: debootstrap fails to create a sid chroot with Error executing gpgv to check Release signature

2019-09-02 Thread Cyril Brulebois
Pirate Praveen  (2019-09-02):
> On Mon, Sep 2, 2019 at 10:03 PM, Julien Cristau  wrote:
> > On Mon, Sep  2, 2019 at 21:27:46 +0500, Pirate Praveen wrote:
> > 
> > >  How do I get this file? There is no such log in /var/log. There is
> > > no
> > >  logfile option I can find in manpage.
> > > 
> > Look in /srv/chroot/debian-sid.
> > 
> 
> Thanks. debootstrap.log attached.

I don't really understand what's going on.

Can you please:
 - tell us what environment this is (assuming buster, with backports enabled?)
 - remove the target directory and start over, with the --verbose flag
 - share the new debootstrap.log
 - tell us whether some (transparent) proxy might be having fun with your 
traffic
 - try with forcing either cdn-fastly or cdn-aws
 - try with a different mirror (e.g. ftp.{ch,de,fr}.debian.org)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#939266: debootstrap fails to create a sid chroot with Error executing gpgv to check Release signature

2019-09-02 Thread Cyril Brulebois
Control: reopen -1

Pirate Praveen  (2019-09-02):
> On Mon, Sep 2, 2019 at 9:37 PM, Cyril Brulebois  wrote:
> > I think you should install the Recommends before reporting a bug.
> 
> I have all the recommends installed. Why do you assume I don't have it?

I seem to have hit the reply button too fast, apologies for that.

What if you instrument debootstrap's functions file to output what it
sees from gpg? Or wrap the debootstrap call with strace?

Like Julien, I cannot replicate your issue locally.



Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935827: buster-pu: package cryptsetup/2:2.1.0-5+deb10u2

2019-08-31 Thread Cyril Brulebois
Hi,

Guilhem Moulin  (2019-08-26):
> A s-p-u was previously filed (#934956) — and accepted — for 2:2.1.0-5+deb10u1.
> The new commit cherry-picked from upstream also includes a unit test; like
> most of the test suite it'll be ignored by the build daemons as it requires
> root access, but I did verify that the entire test suite still passes on amd64
> and i386 (and that indeed large devices no longer overflow).
> 
> Given that Buster currently has 2:2.1.0-5, should the .changes include all
> changes since that version, or only since 2:2.1.0-5+deb10u1?
> 
> Thanks for considering its inclusion in Buster!  CC'ing KiBi for the d-i ack.

No obvious regressions, so no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932684: buster-pu: package gnupg2/2.2.12-1+deb10u1

2019-08-31 Thread Cyril Brulebois
Adam D. Barratt  (2019-08-22):
> > Thanks, that's entirely reasonable.  I've put this NEWS item into the
> > debian/buster branch on salsa.  Otherwise, the debdiff is the same.

No obvious regressions, so no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935386: buster-pu: package raspi3-firmware/1.20190215-1+deb10u1

2019-08-28 Thread Cyril Brulebois
Hi Adam,

Adam D. Barratt  (2019-08-27):
> Control: tags -1 + confirmed
> 
> On Thu, 2019-08-22 at 09:51 +0200, Cyril Brulebois wrote:
> > I'd like to request a raspi3-firmware update in buster to add some
> > hardware support. The buster kernel already had all required code to
> > handle Raspberry Pi CM 3 in addition to the regular Raspberry Pi 3
> > but
> > the former needs:
> >  - an updated linux kernel which ships an extra DTB;
> >  - an updated raspi3-firmware that deploys the extra DTB under
> >/boot/firmware.
> > 
> 
> Please go ahead.

Thanks, uploaded.

(And linux debian/4.19.67-2 is on its way too, yay!)


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/


signature.asc
Description: PGP signature


Bug#935370: buster-pu: package lacme/0.5-1+deb10u1

2019-08-26 Thread Cyril Brulebois
Hi Guilhem,

Guilhem Moulin  (2019-08-22):
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Dear release team,
> 
> Per RFC 8555 sec 6.3 the Let's Encrypt folks are deprecating
> unauthenticated GETs from their v2 API.  Support for these requests will
> be removed on *Nov 01 2019* (so likely between Debian 10.1 and 10.2) [0].
> 
> lacme uses the v2 API by default since 0.5, and removing support for
> unauthenticated GETs means that applying for certificate issuance will
> stop working.  Replacing GETs with POST-as-GETs is trivial (debdiff
> attached), and I'd like to fix that in Buster via s-p-u.
> 
> (0.6 from Sid is not affected, and neither is 0.2 from Stretch as the
> latter supports only the v1 API.)

That seems like a welcome change indeed but I'm not entirely sure we're
accepting pu requests that have no matching bug reports against the
affected package; admittedly, it's been a while since I've last handled
pu requests, so I need to get my memory refreshed a little…

I'll let someone else comment on that point, to ensure I'm not making
you jump through hoops needlessly…


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935392: buster-pu: package sogo/4.0.7-1+deb10u1

2019-08-26 Thread Cyril Brulebois
Control: tag -1 confirmed

Hi Jordi,

Jordi Mallach  (2019-08-22):
> I'm requesting permission to upload sogo to stable-pu, to fix a high
> impact usability bug when dealing with S/MIME signed emails.

That looks good to me, please go ahead.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935386: buster-pu: package raspi3-firmware/1.20190215-1+deb10u1

2019-08-26 Thread Cyril Brulebois
Hi,

Cyril Brulebois  (2019-08-22):
> I'll double check that my cherry-picks on top of the buster branch
> still do the trick, but it seems to me we should be able to move this
> pu request forward without blocking on the linux bits.

This resulted in this specific merge request, that was merged into
buster but still needs an upload:
  https://salsa.debian.org/kernel-team/linux/merge_requests/169

> The changelog reads:
> 
> ,---
> | raspi3-firmware (1.20190215-1+deb10u1) buster; urgency=medium
> | 
> |   * Add support for bcm2837-rpi-cm3-io3.dtb (as generated by the Linux
> | kernel build system) aka. bcm2710-rpi-cm3.dtb (as expected by the
> | bootloader), designed to work for:
> |  - Raspberry Pi Compute Module 3 (CM3);
> |  - Raspberry Pi Compute Module 3 Lite (CM3L);
> |  - Raspberry Pi Compute Module IO Board V3.
> | With many thanks to Charles Fendt for the tests (#932158).
 ^^^

A “Closes:” is missing in front of it…

> |   * The DTB addition in the linux source package is tracked in #932157.
> | 
> |  -- Cyril Brulebois   Thu, 22 Aug 2019 09:15:16 +0200
> `
> 
> and the full source debdiff is attached.
> 
> 
> (I've OK'd this pu request with Romain Perier, who is one of the
> maintainers; all of them are in X-D-Cc anyway.)

I had initially thought the unstable upload had reached the archive but
some GPG errors delayed its being processed. After a sponsored upload,
it reached the NEW queue (raspi3-firmware was renamed to raspi-firmware,
given the brand new Pi 4…), and was accepted from there. So the bugfix
I'd like to backport to buster is in unstable finally.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/


signature.asc
Description: PGP signature


Bug#935625: preseed: lvm commands during preseed/late_command don't finish

2019-08-25 Thread Cyril Brulebois
Holger Wansing  (2019-08-25):
> Tiger!P  wrote:
> > On Sun, Aug 25, 2019 at 08:26:26AM +0200, Cyril Brulebois wrote:
> > > Hi,
> > 
> > Hello Cyril,
> > 
> > > Tiger!P  (2019-08-24):
> > > > When using a preseed file to install a system, it is not possible to
> > > > keep a part of the VG free for future use.
> > > 
> > > I'm not sure this is true:
> > >   
> > > https://salsa.debian.org/installer-team/installation-guide/commit/07d72d9a8afc201949ee116506564645e91d618f
> > 
> > I was not aware of this option, because it is not yet available in the
> > preseed file which is mentioned in appendix B.4 of the stable release
> > notes. Thank you for pointing it out.
> 
> As I wrote at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930846#57
> that's still an issue with the Debian website:
> 
> the relevant text has been included in the installation-guide package,
> however it is not shown under
> https://www.debian.org/releases/buster/example-preseed.txt

I know; that's why I linked to the git commit instead of where one would
expect documentation to show up (the website). Unfortunately, it seems I
can't beat that pesky “only 24 hours in a day” thing.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935540: debian-installer: Errors on sources.list security repositories

2019-08-25 Thread Cyril Brulebois
[ Please don't drop submitters; quoting in full accordingly. ]

Philip Hands  (2019-08-24):
> Cyril Brulebois  writes:
> 
> > Control: tag -1 - d-i
> >
> > Hi Gustavo,
> >
> > Gustavo Romero Vazquez  (2019-08-23):
> >> See the Wiki Debian (https://wiki.debian.org/Status/Testing), the
> >> security repositories for bullseye are the next (and they working):
> >>
> >> deb http://security.debian.org testing-security main contrib non-free
> >> deb-src http://security.debian.org testing-security main contrib non-free
> >>
> >> Regards and good luck!!
> >
> > You're absolutely right. I had stashed a branch a while ago, but it was
> > suggested to handle things slightly differently:
> >
> >“do it other way around and hardcode the old releases rather than
> > hardcode the new one?”
> >
> > I've just rebased it on top of master, and it'd be great if someone
> > could rework it to take the above comment in consideration:
> >
> >   
> > https://salsa.debian.org/installer-team/apt-setup/tree/pu/security-naming-scheme
> 
> Hopefully something like this what you were wanting done:
> 
>   
> https://salsa.debian.org/installer-team/apt-setup/commit/78078caff231de7bb5a161fa19210b4ac6eb2cb5

Yes, that looks sane enough.

I meant to check how this could affect Ubuntu. But from what I can see
in apt-setup/0.141ubuntu2, there are a bunch of changes already anyway,
so except for a possible merge conflict, that shouldn't be much of an
issue.

Feel free to release that to master/the archive if you like.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935625: preseed: lvm commands during preseed/late_command don't finish

2019-08-25 Thread Cyril Brulebois
Control: tag -1 - d-i + moreinfo

Hi,

Tiger!P  (2019-08-24):
> When using a preseed file to install a system, it is not possible to
> keep a part of the VG free for future use.

I'm not sure this is true:
  
https://salsa.debian.org/installer-team/installation-guide/commit/07d72d9a8afc201949ee116506564645e91d618f


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935540: debian-installer: Errors on sources.list security repositories

2019-08-24 Thread Cyril Brulebois
Control: tag -1 - d-i

Hi Gustavo,

Gustavo Romero Vazquez  (2019-08-23):
> See the Wiki Debian (https://wiki.debian.org/Status/Testing), the
> security repositories for bullseye are the next (and they working):
> 
> deb http://security.debian.org testing-security main contrib non-free
> deb-src http://security.debian.org testing-security main contrib non-free
> 
> Regards and good luck!!

You're absolutely right. I had stashed a branch a while ago, but it was
suggested to handle things slightly differently:

   “do it other way around and hardcode the old releases rather than
hardcode the new one?”

I've just rebased it on top of master, and it'd be great if someone
could rework it to take the above comment in consideration:

  
https://salsa.debian.org/installer-team/apt-setup/tree/pu/security-naming-scheme

Alternatively, I suppose we could release apt-setup with this change and
keep track of the suggestion in a bug report.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#935386: buster-pu: package raspi3-firmware/1.20190215-1+deb10u1

2019-08-22 Thread Cyril Brulebois
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to request a raspi3-firmware update in buster to add some
hardware support. The buster kernel already had all required code to
handle Raspberry Pi CM 3 in addition to the regular Raspberry Pi 3 but
the former needs:
 - an updated linux kernel which ships an extra DTB;
 - an updated raspi3-firmware that deploys the extra DTB under
   /boot/firmware.

The kernel part was requested in:
 - https://bugs.debian.org/932157
 - https://salsa.debian.org/kernel-team/linux/merge_requests/155

and is available starting from 4.19.37-6. I wasn't sure how 4.19.y
updates would be handled in sid and in buster, but it seems the most
recent upload to buster (yesterday) didn't include those patches.

I'll double check that my cherry-picks on top of the buster branch
still do the trick, but it seems to me we should be able to move this
pu request forward without blocking on the linux bits.

The changelog reads:

,---
| raspi3-firmware (1.20190215-1+deb10u1) buster; urgency=medium
| 
|   * Add support for bcm2837-rpi-cm3-io3.dtb (as generated by the Linux
| kernel build system) aka. bcm2710-rpi-cm3.dtb (as expected by the
| bootloader), designed to work for:
|  - Raspberry Pi Compute Module 3 (CM3);
|  - Raspberry Pi Compute Module 3 Lite (CM3L);
|  - Raspberry Pi Compute Module IO Board V3.
| With many thanks to Charles Fendt for the tests (#932158).
|   * The DTB addition in the linux source package is tracked in #932157.
| 
|  -- Cyril Brulebois   Thu, 22 Aug 2019 09:15:16 +0200
`

and the full source debdiff is attached.


(I've OK'd this pu request with Romain Perier, who is one of the
maintainers; all of them are in X-D-Cc anyway.)


Thanks for considering, thanks for your time.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
diff --git a/debian/changelog b/debian/changelog
index d79fda7..9ac783f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+raspi3-firmware (1.20190215-1+deb10u1) buster; urgency=medium
+
+  * Add support for bcm2837-rpi-cm3-io3.dtb (as generated by the Linux
+kernel build system) aka. bcm2710-rpi-cm3.dtb (as expected by the
+bootloader), designed to work for:
+ - Raspberry Pi Compute Module 3 (CM3);
+ - Raspberry Pi Compute Module 3 Lite (CM3L);
+ - Raspberry Pi Compute Module IO Board V3.
+With many thanks to Charles Fendt for the tests (#932158).
+  * The DTB addition in the linux source package is tracked in #932157.
+
+ -- Cyril Brulebois   Thu, 22 Aug 2019 09:15:16 +0200
+
 raspi3-firmware (1.20190215-1) unstable; urgency=medium
 
   [ Gunnar Wolf ]
diff --git a/debian/kernel/postinst.d/z50-raspi3-firmware 
b/debian/kernel/postinst.d/z50-raspi3-firmware
index d91c0b8..14b81bf 100755
--- a/debian/kernel/postinst.d/z50-raspi3-firmware
+++ b/debian/kernel/postinst.d/z50-raspi3-firmware
@@ -70,6 +70,7 @@ if [ "$KERNEL" = "auto" ]; then
   pi2b_dtb=${dtb_path}/bcm2836-rpi-2-b.dtb
   pi3b_dtb=${dtb_path}/bcm2837-rpi-3-b.dtb
   pi3bp_dtb=${dtb_path}/bcm2837-rpi-3-b-plus.dtb
+  picm3_dtb=${dtb_path}/bcm2837-rpi-cm3-io3.dtb
 
   [ -e "${pi0w_dtb}"  ] && cp "${pi0w_dtb}"  
/boot/firmware/bcm2835-rpi-zero-w.dtb
   [ -e "${pi1ap_dtb}"  ] && cp "${pi1ap_dtb}" 
/boot/firmware/bcm2835-rpi-a-plus.dtb
@@ -77,6 +78,7 @@ if [ "$KERNEL" = "auto" ]; then
   [ -e "${pi2b_dtb}"  ] && cp "${pi2b_dtb}"  /boot/firmware/bcm2709-rpi-2-b.dtb
   [ -e "${pi3b_dtb}"  ] && cp "${pi3b_dtb}"  /boot/firmware/bcm2710-rpi-3-b.dtb
   [ -e "${pi3bp_dtb}" ] && cp "${pi3bp_dtb}" 
/boot/firmware/bcm2710-rpi-3-b-plus.dtb
+  [ -e "${picm3_dtb}" ] && cp "${picm3_dtb}" /boot/firmware/bcm2710-rpi-cm3.dtb
 
   latest_kernel_basename=$(basename "$latest_kernel")
   latest_initrd_basename=$(basename "$latest_initrd")


Bug#933764: buster-pu: package e2fsprogs/1.44.5-1+deb10u1

2019-08-21 Thread Cyril Brulebois
Jonathan Wiltshire  (2019-08-04):
> As there's a udeb involved I will just check with the d-i release
> managers that this isn't an issue, though I can't see that fixing a
> crash would be all that controversial.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934956: buster-pu: package cryptsetup/2:2.1.0-5+deb10u1

2019-08-21 Thread Cyril Brulebois
Hi,

Guilhem Moulin  (2019-08-17):
> The 3 cherry-picked patches are all backported from 2.2.0 [1,2], and the
> version in sid is not affected.  (The one in Stretch is not affected
> either as it doesn't have LUKS2 support.)  The diff also includes unit
> tests, but note that the tests in question need root access hence are
> ignored by the build daemons.  I did ensure that the whole test-suite
> still passes on amd64, though.
> 
> In case you're unhappy with this changeset, then I propose to only
> include the first 2 patches.  IMHO what should really be fixed in Buster
> is the libcryptsetup part.  For the CLI part (third patch) the risk of
> data loss is lower as the volume key is stored in a file.
> 
> Thanks for considering its inclusion in Buster!  CC'ing KiBi for the d-i ack.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#933535: buster-pu: package glib2.0/2.58.3-2+deb10u1

2019-08-21 Thread Cyril Brulebois
Adam D. Barratt  (2019-08-05):
> On Wed, 2019-07-31 at 11:13 +0100, Simon McVittie wrote:
> > GLib in buster is vulnerable to CVE-2019-13012 (configuration files
> > and directories created with more open permissions than intended),
> > which the security team have indicated is too minor for a DSA.
> > <https://bugs.debian.org/931234>
> > 
> > GLib has a udeb, so this technically needs a d-i ack, although I
> > can't imagine why d-i would either use GKeyfileSettingsBackend or
> > care about the resulting permissions.
> 
> It does seem rather unlikely, but let's do the CC-for-ack dance in any
> case.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932900: buster-pu: package freetype 2.9.1-4

2019-08-21 Thread Cyril Brulebois
Adam D. Barratt  (2019-07-26):
> As freetype produces a udeb, this will need an ack from the d-i release
> manager, so CCing and tagging appropriately.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934741: stretch-pu: package glib2.0/2.50.3-2+deb9u1

2019-08-21 Thread Cyril Brulebois
Hi,

Adam D. Barratt  (2019-08-20):
> Looks OK from an SRM perspective; thanks. Tagging so it shows up in the
> right place in the BTS.

Testing looks good, no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#933263: stretch-pu: package freetype/2.6.3-3.2+deb9u1

2019-08-21 Thread Cyril Brulebois
Hi,

Adam D. Barratt  (2019-08-16):
> Control: tags -1 + confirmed d-i
> 
> On Fri, 2019-08-16 at 18:04 +1000, Hugh McMaster wrote:
> > On Sun, 4 Aug 2019 at 11:13 am, Hugh McMaster wrote:
> > > Control: retitle -1 stretch-pu: package freetype/2.6.3-3.2+deb9u1
> > > 
> > > Updated debdiff, now with correct update version.
> > > 
> > 
> > Just following up on this. I’m guessing it needs a d-i ack as well?
> 
> That's correct, yes.

Testing looks good; no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934163: buster-pu: package ncurses/6.1+20181013-2+deb10u1

2019-08-21 Thread Cyril Brulebois
Hi Sven,

Sven Joachim  (2019-08-07):
> Since ncurses builds a udeb I need a d-i ack, debian-boot@ and kibi@
> are already in X-Debbugs-CC.  The libraries are not touched by the
> patch and are identical with and without it.  The xterm terminfo file
> is used by src:debian-installer-utils to build di-utils-terminfo.udeb,
> but only on kfreebsd.

Many thanks for mentioning this and checking the contents of the
libraries…

Trusting your assessment and no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934826: buster-pu: package console-setup/1.193~deb10u1

2019-08-16 Thread Cyril Brulebois
Adam D. Barratt  (2019-08-16):
> Control: tags -1 + confirmed
> 
> On Thu, 2019-08-15 at 16:22 +0200, Cyril Brulebois wrote:
> > I'd like to get #924657 fixed in buster. A Perl change triggered a
> > bunch of brokenness in translations, and I haven't been able to
> > review the fix before the release. I've done that now, as documented
> > in:
> >   https://bugs.debian.org/924657#49
> 
> Please go ahead; thanks.

Thanks, uploaded.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934827: buster-pu: package apt-setup/1:0.151~deb10u1

2019-08-16 Thread Cyril Brulebois
Adam D. Barratt  (2019-08-16):
> Control: tags -1 + confirmed
> 
> On Thu, 2019-08-15 at 17:01 +0200, Cyril Brulebois wrote:
> > I'd like to get apt-setup updated in buster to fix preeeding apt keys
> > (#851774). This update was kindly tested by Moritz by fetching the
> > updated udebs from unstable, on buster systems:
> >   https://bugs.debian.org/851774#108
> 
> Please go ahead; thanks.

Thanks, uploaded.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#682342: Latest patch successfully tested

2019-08-15 Thread Cyril Brulebois
Hi,

Nishanth Aravamudan  (2019-08-14):
> We are able to reproduce this issue at will in Ubuntu Bionic's
> installer (not identical to Debian's, but code-wise in this path the
> same).  While quite a while after the last update from Philipp, we
> tested the patch (netcfg_dhcp_domain.patch) after updating it to avoid
> a compilation issue, we found it did fix the problem for us.
> 
> I am not sure if I can get Debian into our infrastructure to test
> explicitly, but I will work on it; at the same time,  the code change
> seems straightforward.

Thanks for your feedback. Care to share the fixed version? :)

I'm a little reluctant to blindly merging this patch (originally
labeled “untested”) without a go from its author. Philipp, should
I go ahead?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934827: buster-pu: package apt-setup/1:0.151~deb10u1

2019-08-15 Thread Cyril Brulebois
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to get apt-setup updated in buster to fix preeeding apt keys
(#851774). This update was kindly tested by Moritz by fetching the
updated udebs from unstable, on buster systems:
  https://bugs.debian.org/851774#108

I'd think backporting the package currently in unstable would make
sense, and also include some l10n updates:

 debian/changelog   |   30 ++
 debian/po/ar.po|   12 +-
 debian/po/hi.po|5 -
 debian/po/hr.po|  254 ++---
 generators/60local |   18 ++-
 5 files changed, 176 insertions(+), 143 deletions(-)

Changes from buster:
| apt-setup (1:0.151~deb10u1) buster; urgency=medium
| 
|   * Rebuild for buster.
| 
|  -- Cyril Brulebois https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
diff --git a/debian/changelog b/debian/changelog
index 182e8a4..9d6ae16 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
+apt-setup (1:0.151~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster.
+
+ -- Cyril Brulebois   Thu, 15 Aug 2019 16:27:55 +0200
+
+apt-setup (1:0.151) unstable; urgency=medium
+
+  [ Moritz Mühlenhoff ]
+  * When preseeding a local repository via apt-setup/localX/repository,
+the repository key for Secure Apt needs to be configured with
+apt-setup/localX/key. This key used to be set up with apt-key, but
+its use is deprecated and apt's former dependency on gnupg has been
+demoted to a Suggests, rendering apt-key non-functional in d-i.
+Apply a patch by Lars Kollstedt (thanks!) which adds the repository
+key(s) to /etc/apt/trusted.gpg.d, following the approach used by
+pbuilder (Closes: #851774, #928931):
+ - .asc suffix if the key file seems to be armoured ASCII (i.e. it
+   contains a “-BEGIN PGP PUBLIC KEY BLOCK-” line);
+ - .gpg suffix otherwise. Please note that only “GPG key public ring”
+   are supported by APT, newer “keybox database” format isn't at the
+   moment.
+
+  [ Updated translations ]
+  * Arabic (ar.po) by ButterflyOfFire
+  * Hindi (hi.po) by KushagraKarira
+  * Croatian (hr.po) by gogogogi
+
+ -- Cyril Brulebois   Fri, 12 Jul 2019 10:49:08 +0200
+
 apt-setup (1:0.150) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/po/ar.po b/debian/po/ar.po
index c467737..45ce0fc 100644
--- a/debian/po/ar.po
+++ b/debian/po/ar.po
@@ -11,6 +11,7 @@
 # Abdelhak Bougouffa, 2017.
 # najib LAARIBI , 2018.
 # ButterflyOfFire , 2018.
+# Osama , 2019.
 #
 # Translations from iso-codes:
 # Translations taken from ICU SVN on 2007-09-09
@@ -27,7 +28,7 @@ msgstr ""
 "Project-Id-Version: ar\n"
 "Report-Msgid-Bugs-To: apt-se...@packages.debian.org\n"
 "POT-Creation-Date: 2019-01-28 21:20+\n"
-"PO-Revision-Date: 2018-01-25 01:44+\n"
+"PO-Revision-Date: 2019-06-10 10:55+\n"
 "Last-Translator: ButterflyOfFire \n"
 "Language-Team: \n"
 "Language: ar\n"
@@ -259,8 +260,9 @@ msgstr ""
 #. Description
 #. :sl3:
 #: ../apt-setup-udeb.templates:12001
+#, fuzzy
 msgid "Enable source repositories in APT?"
-msgstr ""
+msgstr "تمكين المستودعات المصدرية في APT؟"
 
 #. Type: boolean
 #. Description
@@ -396,15 +398,11 @@ msgstr "تغيير القرص"
 #. This template uses the same text as used in the package apt for apt-cdrom
 #. Do not translate "/cdrom/" (the mount point)
 #: ../apt-cdrom-setup.templates:7001
-#, fuzzy
-#| msgid ""
-#| "/cdrom/:Please insert the disc labeled: '${LABEL}' in the drive '/cdrom/' "
-#| "and press enter."
 msgid ""
 "/cdrom/: Please insert the disc labeled '${LABEL}' in the drive '/cdrom/' "
 "and press enter."
 msgstr ""
-"/cdrom/:رجاءً أدخل القرص السمى: '${LABEL}' في السواقة '/cdrom/' واضغط زر "
+"/cdrom/: رجاءً أدخل القرص المسمى '${LABEL}' في السواقة '/cdrom/' واضغط زر "
 "الإدخال."
 
 #. Type: text
diff --git a/debian/po/hi.po b/debian/po/hi.po
index b096ceb..ce85477 100644
--- a/debian/po/hi.po
+++ b/debian/po/hi.po
@@ -32,8 +32,8 @@ msgstr ""
 "Project-Id-Version: debian-installer_packages_po_sublevel1_hi\n"
 "Report-Msgid-Bugs-To: apt-se...@packages.debian.org\n"
 "POT-Creation-Date: 2019-01-28 21:20+\n"
-"PO-Revision-Date: 2018-10-06 15:28+\n"
-"Last-Translator: Kumar Appaiah\n"
+"PO-Revision-Date: 2019-06-18 19:05+\n"
+"Last-Translator: KushagraKarira \n"
 "Language-Team: \n"
 "Language: hi\n"
 "MIME-Version: 1.0\n"
@@ -250,7 +250,6 @@ msgstr ""
 #. Description
 #. :sl1:
 #: ../apt-setup-udeb.templates:11002
-#, fuzzy
 msgid ""
 "Backported s

Bug#934713: os-prober: missing dependency on mount

2019-08-15 Thread Cyril Brulebois
Johannes Schauer  (2019-08-15):
> Quoting Cyril Brulebois (2019-08-15 15:50:03)
> > > The script /usr/lib/os-probes/50mounted-tests calls the `umount` utility
> > > which resides in the mount package. But os-prober does not depend on mount
> > > and thus one might get this error message:
> > > 
> > > Generating grub configuration file ...
> > > Found linux image: /boot/vmlinuz-5.2.0-2-amd64
> > > Found initrd image: /boot/initrd.img-5.2.0-2-amd64
> > > /usr/lib/os-probes/50mounted-tests: 10: umount: not found
> > > rmdir: failed to remove '/var/lib/os-prober/mount': Device or resource 
> > > busy
> > > 
> > > 
> > > The mount package used to be Essential:yes. Since version 2.29.2-3
> > > it is not essential anymore and os-prober should depend on it.
> > 
> > How come packages drop their Essential: yes bit all of a sudden?
> 
> Version 2.29.2-3 was released more than two years ago. It was brought
> up on debian-devel here:
> 
> https://lists.debian.org/20170726081846.ga22...@fatal.se

Well, debian-devel@ isn't where one files bug reports against packages
that suddenly need a dependency?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934703: keyboard-configuration: debconf localisation for Finnish full of Russian and Spanish prompts

2019-08-15 Thread Cyril Brulebois
Martin-Éric Racine  (2019-08-15):
> to 15. elok. 2019 klo 16.53 Cyril Brulebois (k...@debian.org) kirjoitti:
> > #924657 I suppose?
> 
> It seems similar enough.  However, #924657 works under the assumption
> of a changed locale, yet the locale on this host has remained at
> fi_FI.UTF-8 ever since Debian migrated away from Latin encodings.

No? The contents of the buster binaries are broken, because of the
locale changes at build time.

(Just filed #934826 BTW.)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#851774: fixed in apt-setup 1:0.151

2019-08-15 Thread Cyril Brulebois
Hi,

Moritz Muehlenhoff  (2019-07-17):
> On Fri, Jul 12, 2019 at 09:07:45AM +0000, Cyril Brulebois wrote:
> >  apt-setup (1:0.151) unstable; urgency=medium
> >  .
> >[ Moritz Mühlenhoff ]
> >* When preseeding a local repository via apt-setup/localX/repository,
> >  the repository key for Secure Apt needs to be configured with
> >  apt-setup/localX/key. This key used to be set up with apt-key, but
> >  its use is deprecated and apt's former dependency on gnupg has been
> >  demoted to a Suggests, rendering apt-key non-functional in d-i.
> >  Apply a patch by Lars Kollstedt (thanks!) which adds the repository
> >  key(s) to /etc/apt/trusted.gpg.d, following the approach used by
> >  pbuilder (Closes: #851774, #928931):
> >   - .asc suffix if the key file seems to be armoured ASCII (i.e. it
> > contains a “-BEGIN PGP PUBLIC KEY BLOCK-” line);
> >   - .gpg suffix otherwise. Please note that only “GPG key public ring”
> > are supported by APT, newer “keybox database” format isn't at the
> > moment.
> 
> Hi Cyril,
> as discussed on #debian-boot last week: I've tested a Buster installation with
> "d-i mirror/udeb/suite   string  unstable" and our previous
> "d-i base-installer/includes string  gnupg" workaround dropped which uses
> the https://apt.wikimedia.org repository and that worked fine.

Many thanks, I'll be submitting a buster-pu bug accordingly. I wouldn't
mind an extra confirmation after it's been published in a point release
(peace of mind and all that).

> I've also submitted a patch to installation-guide to enhance the docs
> so that the constraints for the Secure Apt key file are explicitly
> mentioned (#932284)

Much appreciated, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934826: buster-pu: package console-setup/1.193~deb10u1

2019-08-15 Thread Cyril Brulebois
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I'd like to get #924657 fixed in buster. A Perl change triggered a bunch
of brokenness in translations, and I haven't been able to review the fix
before the release. I've done that now, as documented in:
  https://bugs.debian.org/924657#49

Since I've double checked this, 1.193 was uploaded with a few translation
updates and it seems to make sense to include them as well, hence this
proposed 1.193~deb10u1.

Changes from 1.191:
| console-setup (1.193~deb10u1) buster; urgency=medium
| 
|   * Rebuild for buster.
| 
|  -- Cyril Brulebois   Thu, 15 Aug 2019 16:11:30 > 0200
| 
| console-setup (1.193) unstable; urgency=medium
| 
|   * Team upload
| 
|   [ Updated translations ]
|   * Croatian (hr.po) by gogogogi
|   * Tajik (tg.po) by Victor Ibragimov
| 
|  -- Holger Wansing   Sun, 04 Aug 2019 12:08:32 > 0200
| 
| console-setup (1.192) unstable; urgency=medium
| 
|   * Remove Christian Perrier from Uploaders, with many thanks for all
| his contributions over the years! (Closes: #927511)
|   * Merge patch by Iain Lane to fix internationalization issues when
| switching locales with Perl >= 5.28 (Closes: #924657, LP: #1817453).
| 
|  -- Cyril Brulebois   Thu, 04 Jul 2019 17:41:47 > 0200

git diff from the tag attached.


Thanks for considering, and thanks for your time.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
diff --git a/Keyboard/kbdnames-maker b/Keyboard/kbdnames-maker
index 9d66731..56d42d8 100755
--- a/Keyboard/kbdnames-maker
+++ b/Keyboard/kbdnames-maker
@@ -39,6 +39,8 @@ for my $mo () {
 $lang =~ s:/usr/share/locale/(.*)/LC_MESSAGES/xkeyboard-config.mo:$1:;
 $ENV{'LANGUAGE'} = $lang;
 setlocale(LC_ALL,"");
+bindtextdomain("xkeyboard-config", "/usr/share/locale");
+textdomain("xkeyboard-config");
 
 $lang =~ s:\@:__:;
 $lang =~ s:__Latn:__latin:; # special fixup for sr
diff --git a/debian/changelog b/debian/changelog
index 2b8cf2d..afd1c0a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,24 @@
+console-setup (1.193) unstable; urgency=medium
+
+  * Team upload
+
+  [ Updated translations ]
+  * Croatian (hr.po) by gogogogi
+  * Tajik (tg.po) by Victor Ibragimov
+
+ -- Holger Wansing   Sun, 04 Aug 2019 12:08:32 +0200
+
+console-setup (1.192) unstable; urgency=medium
+
+  * Remove Christian Perrier from Uploaders, with many thanks for all
+his contributions over the years! (Closes: #927511)
+  * Merge patch by Iain Lane to fix internationalization issues when
+switching locales with Perl >= 5.28 (Closes: #924657, LP: #1817453).
+
+ -- Cyril Brulebois   Thu, 04 Jul 2019 17:41:47 +0200
+
 console-setup (1.191) unstable; urgency=medium
+
   * Team upload
 
   [ Updated translations ]
@@ -8,6 +28,7 @@ console-setup (1.191) unstable; urgency=medium
  -- Holger Wansing   Sat, 23 Mar 2019 21:13:24 +0100
 
 console-setup (1.190) unstable; urgency=medium
+
   * Team upload
 
   * console-setup(5) manpage: correct section of setfont manpage and remove
@@ -20,6 +41,7 @@ console-setup (1.190) unstable; urgency=medium
  -- Holger Wansing   Mon, 04 Mar 2019 04:44:51 +0100
 
 console-setup (1.189) unstable; urgency=medium
+
   * Team upload
 
   [ Holger Wansing ]
diff --git a/debian/control b/debian/control
index ceba9df..b8e69f0 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: console-setup
 Section: utils
 Priority: optional
 Maintainer: Debian Install System Team 
-Uploaders: Anton Zinoviev , Christian Perrier 
+Uploaders: Anton Zinoviev 
 Build-Depends-Indep: xkb-data (>= 1.6), locales-all, sharutils
 Build-Depends: perl, debhelper (>= 9), po-debconf, libxml-parser-perl, bdfresize, liblocale-gettext-perl, dh-systemd
 Standards-Version: 3.9.1
diff --git a/debian/po/ar.po b/debian/po/ar.po
index 9c70c7f..99ffd82 100644
--- a/debian/po/ar.po
+++ b/debian/po/ar.po
@@ -11,6 +11,7 @@
 # Abdelhak Bougouffa, 2017.
 # najib LAARIBI , 2018.
 # ButterflyOfFire , 2018.
+# Osama , 2019.
 #
 # Translations from iso-codes:
 # Translations taken from ICU SVN on 2007-09-09
@@ -27,7 +28,7 @@ msgstr ""
 "Project-Id-Version: ar\n"
 "Report-Msgid-Bugs-To: console-se...@packages.debian.org\n"
 "POT-Creation-Date: 2018-03-10 23:15+0100\n"
-"PO-Revision-Date: 2018-10-05 16:21+\n"
+"PO-Revision-Date: 2019-06-10 10:55+\n"
 "Last-Translator: ButterflyOfFire \n"
 "Language-Team: \n"
 "Language: ar\n"
@@ -169,14 +170,15 @@ msgstr "# Latin2 - وسط أوروبا والرومانية"
 #. :sl3:
 #: ../console-setup.templates:5001
 msgid "# Latin3 and Latin8 - Chichewa; Esperanto; Irish; Maltese and Welsh"
-msgstr "# Latin3 و Latin8 - تشيتشيوا; إسبترنتو; الآيرلندية; المال

Bug#934492: debian-installer: installing drivers through preseed file causes black screen

2019-08-15 Thread Cyril Brulebois
Hi,

Wouter Wijsman  (2019-08-11):
> Lately I've been playing with creating my own Debian ISO files with
> some drivers in them. In doing so I have found an issue with the
> installer which is causing me some problems.
> 
> When I use the pkgsel line in my default.preseed file to install
> either the package nvidia-driver or broadcom-sta-dkms, the screen will
> go black directly after the installer installed one of these packages.
> It will not go back to normal, even after waiting over for 10 minutes
> and constantly moving the mouse and pressing buttons on the keyboard,
> but the installer itself doesn't crash.  If the default.preseed file
> automates every step after installing one or both of these packages,
> the installation will finish without other issues, even with the black
> screen.
> 
> When I don't have the nvidia-driver or broadcom-sta-dkms package in my
> default.preseed, I do not experience this issue. I have tested this on
> an Alienware Steam Machine, a Zotac ZBOX-CI323NANO (which has intel
> graphics) and in Virtualbox and I'm seeing this issue on all of them.
> 
> I think this is related to dkms being triggered, as I haven't seen
> this issue being caused by other packages so far. I hope this can be
> resolved without having to rebuild these packages to not do so.

While I understand why that must be not fun, I'm not sure I'd call that
a bug in the installer… You might need to take some extra step in some
preseed command to ensure DKMS doesn't kick in while you're installing
those packages, if that triggers such issues during the installation.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934703: keyboard-configuration: debconf localisation for Finnish full of Russian and Spanish prompts

2019-08-15 Thread Cyril Brulebois
Hi,

Holger Wansing  (2019-08-14):
> Martin-Éric Racine  wrote:
> > Package: keyboard-configuration
> > Version: 1.191
> > Severity: important
> > Tags: l10n
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > The debconf template in keyboard-configuration for Finnish is full of 
> > prompts 
> > and selectable options written in Russian or Spanish. This is a serious
> > usability issue. In cases where a template has not been fully localised, 
> > text in the locale C would be expected.
> 
> I which environment did you see this?
> Did this happen while installing Debian with the debian-installer?

#924657 I suppose?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#934713: os-prober: missing dependency on mount

2019-08-15 Thread Cyril Brulebois
Johannes 'josch' Schauer  (2019-08-13):
> Package: os-prober
> Version: 1.76
> Severity: important
> 
> Hi,
> 
> The script /usr/lib/os-probes/50mounted-tests calls the `umount` utility
> which resides in the mount package. But os-prober does not depend on
> mount and thus one might get this error message:
> 
> Generating grub configuration file ...
> Found linux image: /boot/vmlinuz-5.2.0-2-amd64
> Found initrd image: /boot/initrd.img-5.2.0-2-amd64
> /usr/lib/os-probes/50mounted-tests: 10: umount: not found
> rmdir: failed to remove '/var/lib/os-prober/mount': Device or resource busy
> 
> 
> The mount package used to be Essential:yes. Since version 2.29.2-3 it is
> not essential anymore and os-prober should depend on it.

How come packages drop their Essential: yes bit all of a sudden?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#933749: fail2ban: ever-growing fail2ban sqlite database

2019-08-02 Thread Cyril Brulebois
Package: fail2ban
Version: 0.10.2-2.1
Severity: serious
Justification: filing up filesystem, slow startup

Hi,

I've noticed this on both stretch and buster hosts with the default
configuration: the database (/var/lib/fail2ban/fail2ban.sqlite3) doesn't
seem to get any kind of clean-up. I'm seeing this at the moment on those
two internet-connected hosts:

626M /var/lib/fail2ban/fail2ban.sqlite3
940M /var/lib/fail2ban/fail2ban.sqlite3

Toying with sqlite3 and a "select * from bans limit 1;", I'm seeing:

sshd|ANO.NYM.IZ.ED|1519714548|{"matches": ["Feb 27 07:46:29 […]
sshd|ANO.NYM.IZ.ED|1520144221|{"matches": ["Mar  4 07:16:36 […]

(I'm not even sure which year those entries come from…)

The only thing that seems related returns:

Current database purge age is:
`- 86400seconds

which matches this in /etc/fail2ban/fail2ban.conf:

# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 1d

and I'm not sure it's taken into account. Or whether that's meant to
control that the database grows forever.

A cheap workaround might be to switch the dbfile setting to:

dbfile = :memory:

but having to do that seems very wong.


Looking around in the BTS, #823892 and #898536 seemed related but they
were closed already (with inappropriate versions since the BTS doesn't
know about backports anyway?)

Please let me know if I can help debug this further.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/


Bug#930420: stretch-pu: package grub2/2.02~beta3-5+deb9u2

2019-07-27 Thread Cyril Brulebois
Adam D. Barratt  (2019-07-26):
> Sorry for the delay in getting back to you regarding this.
> 
> While it doesn't sound like the changes should affect d-i, I would
> still appreciate an ack on that side, so tagging and CCing
> appropriately.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932900: buster-pu: package freetype 2.9.1-4

2019-07-27 Thread Cyril Brulebois
Hi,

Adam D. Barratt  (2019-07-26):
> -4 has already been uploaded to unstable, so this would need to be
> 2.9.1-3+deb10u1. The changelog distribution is also preferred as
> "buster", rather than "stable".
> 
> As freetype produces a udeb, this will need an ack from the d-i
> release manager, so CCing and tagging appropriately.

I'll need some time to get that tested properly.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932175: stretch-pu: package openssh/1:7.4p1-10+deb9u7

2019-07-27 Thread Cyril Brulebois
Adam D. Barratt  (2019-07-26):
> On 2019-07-16 06:36, Moritz Muehlenhoff wrote:
> > This update for OpenSSH fixes a dead lock in AuthorizedKeysCommand
> > (#905226).
> > 
> > The fixed package is running fine on a formerly affected Stretch system
> > (https://phabricator.wikimedia.org)
> 
> This looks OK to me, but will need a d-i ack due to the udeb; tagging and
> CCing accordingly.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#933125: buster-pu: package systemd/241-5+deb10u1

2019-07-27 Thread Cyril Brulebois
Hi,

Michael Biebl  (2019-07-26):
> 241-5+deb10u1 is identical to 241-7 which has been uploaded to
> unstable/bullseye and we haven't received any regression reports so
> far.
> 
> None of those changes should touch udev-udeb, i.e. d-i.
> That said, I've added kibi/debian-boot to CC for his ack.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932665: stretch-pu: package systemd/232-25+deb9u12

2019-07-22 Thread Cyril Brulebois
Adam D. Barratt  (2019-07-22):
> This looks OK to me, thanks. While I can't see how it might affect d-i
> in any sense, I would still prefer an ack for completeness, so CCing
> and tagging appropriately.

Ack for completeness. ;)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#931386: stretch-pu: package fribidi/0.19.7-1.1

2019-07-21 Thread Cyril Brulebois
Jonathan Wiltshire  (2019-07-21):
> On Wed, Jul 03, 2019 at 07:36:55PM +0200, Samuel Thibault wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: stretch
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Hello,
> > 
> > As reported on #917909, the text-based debian installer support for
> > right-to-left languages is completely broken, only due to a path
> > mismatch. This was fixed in Buster in January with the attached change,
> > which I have uploaded to stretch as 0.19.7-1.1, could you accept it?
> 
> Looks OK to me, d-i ack needed.

No objections to the actual diff (as received following your upload), as
opposed to the attached diff (which is a src:xorg-server patch by the
looks of it). ;p

Attaching the actual diff for further reference.


By the way, it might be nice for release team members to have a slightly
more descriptive changelog entry (mentioning the RTL fix directly, as
you did in this pu bug), so that it can be mentionined in the summary of
changes issued at point release time. Example for 9.9:
  https://www.debian.org/News/2019/20190427


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
Version in base suite: 0.19.7-1

Base version: fribidi_0.19.7-1
Target version: fribidi_0.19.7-1.1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/fribidi/fribidi_0.19.7-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/fribidi/fribidi_0.19.7-1.1.dsc

 changelog|8 
 libfribidi0-udeb.install |2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff -Nru fribidi-0.19.7/debian/changelog fribidi-0.19.7/debian/changelog
--- fribidi-0.19.7/debian/changelog	2015-08-12 05:32:03.0 +
+++ fribidi-0.19.7/debian/changelog	2019-06-08 20:39:38.0 +
@@ -1,3 +1,11 @@
+fribidi (0.19.7-1.1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * libfribidi0-udeb: Install the shared library files into a multi-arch libdir
+(Closes: #917909).
+
+ -- Samuel Thibault   Sat, 08 Jun 2019 22:39:38 +0200
+
 fribidi (0.19.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru fribidi-0.19.7/debian/libfribidi0-udeb.install fribidi-0.19.7/debian/libfribidi0-udeb.install
--- fribidi-0.19.7/debian/libfribidi0-udeb.install	2015-08-12 05:32:03.0 +
+++ fribidi-0.19.7/debian/libfribidi0-udeb.install	2019-06-08 20:39:38.0 +
@@ -1 +1 @@
-usr/lib/*/libfribidi.so.* lib
+usr/lib/*/libfribidi.so.*


signature.asc
Description: PGP signature


Bug#932521: kbd-chooser: Don't build against flex-old

2019-07-20 Thread Cyril Brulebois
Control: tag -1 patch pending

Hi Tommi,

Tommi Vainikainen  (2019-07-20):
> Hi, as a maintainer of flex-old package I'm considering requesting
> removing it as obsolete and unmaintained version of flex.  kbd-chooser
> Build-Depends on flex-old as alternative to current flex. Please build
> the package only against current flex by removing references to
> flex-old package such as changed in the following patch.
> 
> --- a/debian/control
> +++ b/debian/control
> @@ -3,7 +3,7 @@ Section: debian-installer
>  Priority: optional
>  Maintainer: Debian Install System Team 
>  Uploaders: Colin Watson , Steve McIntyre 
> <93...@debian.org>
> -Build-Depends: debhelper (>= 9), libdebian-installer4-dev (>= 0.41), 
> po-debconf (>= 0.5.0), flex | flex-old , bison, libdebconfclient0-dev (>= 
> 0.49)
> +Build-Depends: debhelper (>= 9), libdebian-installer4-dev (>= 0.41), 
> po-debconf (>= 0.5.0), flex, bison, libdebconfclient0-dev (>= 0.49)

Oh wow, archaeology time:
| commit 795a20074750702ba02abd7881e93f02e3b15c44
| Author: Alastair McKinstry 
| Date:   Mon Jul 28 11:07:38 2003 +
| 
| - Can build with flex | flex-old
| - Prepare for upload
| - Patch to avoid trying to load files we can't handle
| - Changed my email address to mckins...@debian.org
| 
| r3727

Just pushed a commit to master to take care of it, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932258: console-setup-freebsd: missing dependency

2019-07-16 Thread Cyril Brulebois
Hi Héctor,

Héctor Orón Martínez  (2019-07-17):
> Package: console-setup-freebsd
> Version: 1.191
> Severity: grave
> 
> 
> Dear Maintainer,
> 
>   console-setup-freebsd has a dependency on vidcontrol, which is not
> part of buster|bullseye|unstable, and causes the package to be
> uninstallable.

Adding debian-bsd@ to the loop for advise.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#932158: raspi3-firmware: add DTB support for Pi Compute Module 3

2019-07-15 Thread Cyril Brulebois
Package: raspi3-firmware
Severity: important
Tags: patch

Hi,

I've just opened a bug report and a merge request against the linux
kernel to get a DTB added to support Pi Compute Module 3:
 - https://bugs.debian.org/932157
 - https://salsa.debian.org/kernel-team/linux/merge_requests/155

The latter was just merged by Vagrant, so I hope to get this into sid
soon, and into buster after a while.

I've also pushed this commit into raspi3-firmware.git as the repository
is open to contributions from all DDs…
 - 
https://salsa.debian.org/debian/raspi3-firmware/commit/bf3b70946e2600c4197df9ca78996f10d134621e

… so that the extra DTB can be used when it's available.


It might be worth considering backporting this addition through
buster-pu so that buster users can benefit from it. I can probably
handle that on my own if you agree but:
 1. I'm not really familiar with this package and how often such
backports happen;
 2. Due to improved console handling, I might end up using a package
from buster-backports (either locally crafted or picked from that
repository if/when that ends up existing) anyway, instead of a
possibly updated buster package. But I suppose it would make sense
to help other users anyway. :)


Please let me know what you think of my commit to master, and about a
possible backport.

Thanks for your time.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/


Bug#932157: Please add DTB support for Rasperry Pi Compute Module 3

2019-07-15 Thread Cyril Brulebois
Package: src:linux
Severity: important
Tags: patch

Hi,

Please consider backporting DTB support for Rasperry Pi Compute Module
3, which means 3 commits from v4.20-rc1. That was both (cross)build
tested on armhf, (cross)build tested and runtime tested on arm64
(tester in X-D-Cc).

I've tried pushing that towards stable@[0,1,2,3] but apparently a DTB
addition doesn't satisfy the device ID addition criterion for stable[4],
hence my proposing this downstream.

 0. https://www.spinics.net/lists/stable/msg315856.html
 1. https://www.spinics.net/lists/stable/msg315849.html
 2. https://www.spinics.net/lists/stable/msg316229.html
 3. https://www.spinics.net/lists/stable/msg315851.html
 4. https://www.spinics.net/lists/stable/msg316478.html

I've prepared a merge request against the sid branch and I'm opening
this bug report to also have a reference for the upcoming
raspi3-firmware bug report and patch to complete this DTB addition.

  https://salsa.debian.org/kernel-team/linux/merge_requests/155

Please let me know if you'd like those patches to be handled in a
different way.

Thanks for considering.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/



Bug#911604: haveged start up fails due to apparmor denying write access to /run/haveged.pid

2019-07-15 Thread Cyril Brulebois
Hi Justin,

(I'm adding back others in cc as the Debian BTS doesn't Cc people by
default.)

Justin Pasher  (2019-07-15):
> > From: Cyril Brulebois 
> >
> > But I'd be very happy to have success reports from sysvinit users
> > before considering backporting this to buster.
> 
> I use sysvinit. I've installed the 1.9.1-8 version of the package, and it
> seems to work properly for me. For reference, I did the following test:
> 
> 1. Blank out /etc/apparmor.d/local/usr.sbin.haveged to remove my added line
> 2. /etc/init.d/haveged stop
> 3. aa-enforce /usr/sbin/haveged
> 4. /etc/init.d/haveged start  --  It failed to start (as expected)
> 5. Update to haveged=1.9.1-8
> 6. Verify haveged has started (the post install scripts take care of
> apparmor and starting the process)
> 7. Verify /etc/apparmor.d/local/usr.sbin.haveged is still blank
> 8. Reboot and verify haveged still starts up properly
> 
> Thanks for the quick turn around!

Many thanks for the confirmation.

Meanwhile, I've confirmed with apparmor maintainers that the patch looks
good in theory as well, so having your confirmation that it works on the
practical level too means I'm well equipped to prepare the backport
dance. :)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#931917: grub-installer: call efibootmgr (if available) to keep track of boot order/options

2019-07-13 Thread Cyril Brulebois
Control: tag -1 patch

Cyril Brulebois  (2019-07-12):
> With stretch, we were getting efibootmgr's output in the installer's
> syslog, which could help track down issues related to the boot sequence.
> 
> With buster, due to grub2's switch to using libefi* (since both the
> 2.02+dfsg1-14 and 2.02+dfsg1-15 uploads), efibootmgr is no longer used;
> it's kept in Recommends (since 2.02+dfsg1-17) though.
> 
> It would be great to check whether efibootmgr is present and to call it
> to get its output back into the installer's syslog.
> 
> This would have been helpful for the #931910 installation report, for
> example.
> 
> 
> Once it's implemented and tested in unstable/testing, I'll consider
> backporting this for a buster point release.

Untested commit pushed in the pu/efibootmgr-for-debugging-931917 branch.

Review/tests welcome!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#931910: Installation report with missing UEFI boot entry

2019-07-12 Thread Cyril Brulebois
Control: reassign -1 efibootmgr
Control: forcemerge -1 905319

Steve McIntyre  (2019-07-12):
> Control: reassign efibootmgr
> Control: forcemerge -1 905319
> […]
> Merging the bugs...

Fixing the merging. ;)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#911604: haveged start up fails due to apparmor denying write access to /run/haveged.pid

2019-07-12 Thread Cyril Brulebois
Control: tag -1 patch pending

Hi,

Axel Beckert  (2018-10-22):
> haveged silently fails to start on one of my machines, seemingly due
> to apparmor. From /var/log/syslog after unsucessfully trying to start
> haveged:
> 
> Oct 22 15:40:26 someone haveged: haveged starting up
> Oct 22 15:40:26 someone kernel: [24678702.682596] audit: type=1400 
> audit(1540215626.982:65757): apparmor="DENIED" operation="mknod" 
> profile="/usr/sbin/haveged" name="/run/haveged.pid" pid=7421 comm="haveged" 
> requested_mask="c" denied_mask="c" fsuid=0 ouid=0
> 
> What helped was adding the line
> 
>   /run/haveged.pid w,
> 
> to /etc/apparmor.d/local/usr.sbin.haveged, so you should probably add
> that line to /etc/apparmor.d/usr.sbin.haveged.

Everyone: please deploy -8 (just uploaded) to your buster and/or
unstable systems and report back. I've tested this on a stretch system
that's running with systemd, using the daemon directly, or a hacked up
init script to make sure I was evading the initscript→systemd machinery
through LSB functions; and everything looks good with the patch.

But I'd be very happy to have success reports from sysvinit users before
considering backporting this to buster.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#931917: grub-installer: call efibootmgr (if available) to keep track of boot order/options

2019-07-12 Thread Cyril Brulebois
Package: grub-installer
Version: 1.165
Severity: important

With stretch, we were getting efibootmgr's output in the installer's
syslog, which could help track down issues related to the boot sequence.

With buster, due to grub2's switch to using libefi* (since both the
2.02+dfsg1-14 and 2.02+dfsg1-15 uploads), efibootmgr is no longer used;
it's kept in Recommends (since 2.02+dfsg1-17) though.

It would be great to check whether efibootmgr is present and to call it
to get its output back into the installer's syslog.

This would have been helpful for the #931910 installation report, for
example.


Once it's implemented and tested in unstable/testing, I'll consider
backporting this for a buster point release.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant



Bug#928931: The inability to use apt-setup/local0/repository makes it impossible to upgrade to Debian 10

2019-07-12 Thread Cyril Brulebois
Hi Magnus,

Magnus Määttä  (2019-07-12):
> I'm also having this issue which is making it impossible to upgrade to
> Debian 10 from Debian 9.
> 
> I'm depending on the possibility to add a repo during PXE-boot. Using
> late-commands is not an option as there doesn't seem to be any
> $selected_packages variable I can use to actually install the packages
> selected during installtion, while ignoring the fact that it's going
> to try to install them without the repo available, making the
> installation fail anyway.
> 
> Someone gave the recommendation to use different preseed files, but
> that also is not an option as the boot menu would need to have 50-100
> entries to accommodate for the most common options of package
> selections (which will make the size of the installation vary between
> 15GB and 80GB).
> 
> So for us, this is a real show stopper for using Debian 10 as it makes
> it impossible to install (manual installation is not an option)..

We're aware of the issue and we've already sketched out an outline to
get the fix into unstable (then migration to testing) but also into a
point release.

“Me too”-like messages mean distraction and wasted time, so it would be
great if we could avoid getting more of them.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#926242: [rb-general] Bug#926242: jenkins.debian.org: Please test reproducibility status of Debian Installer images

2019-07-08 Thread Cyril Brulebois
Chris Lamb  (2019-07-08):
> Chris Lamb wrote:
> 
> > In light of that (and whilst my shell is a little rusty) but how about
> > we just make this all more explicit instead of abusing sed/awk?
> > 
> > For example:
> 
> […]
> 
> So, I heard a vague rumour that this "buster" thing was released? I
> was thus wondering whether we could apply my patch from:
> 
>   https://bugs.debian.org/926242#127
>   
> :)

My current plan is (1) breathing a little, (2) getting the needed
bugfixes into 10.1.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#924657: kbdnames are generated with incorrect translations

2019-07-04 Thread Cyril Brulebois
Control: tag -1 patch pending

(Dropping -perl@ this time.)

Hi,

Cyril Brulebois  (2019-03-16):
> Iain Lane  (2019-03-15):
> > Package: keyboard-configuration
> > Version: 1.188
> > Severity: serious
> > Tags: patch
> > 
> > Control: forwarded -1 
> > https://salsa.debian.org/installer-team/console-setup/merge_requests/2
> > 
> > I'm reporting from my Ubuntu system but I've confirmed this also affects
> > 1.188 in buster, or any version that was built with perl ≥ 5.28.
> > 
> > The generated names in keyboard-configuration.config are translated
> > incorrectly:
> > 
> >   laney@raleigh> dpkg --ctrl-tarfile keyboard-configuration_1.188_all.deb | 
> > tar xO- ./config | grep "en_GB\*model\*sun_type6_jp"
> >   en_GB*model*sun_type6_jp*Sun Type 6 (Japonesa)
> >   en_GB*model*sun_type6_jp_usb*Sun Type 6 USB (Japonesa)
> > 
> > That should be "(Japanese)". Very many other entries are also affected.
> > I've provided a patch on the referenced salsa URL.
> 
> Thanks for the report and the patch/MR.

The ship has sailed for buster r0 but trying to get that merged into a
later point release, I've just double-checked the effects of this patch.

By “diffing” below I mean checking the control (config script) area of
the keyboard-configuration binary package.


Diffing an unpatched package built in sid, against a patched package
built in sid: plenty of changes that look good.

Diffing an unpatched package built in stretch, against the same patched
package built in sid: fewer changes, but those can be explained by
different xkb-data versions (which is the “source” via Build-Depends,
for all those changes).

Diffing an unpatched package built in stretch but using unstable's
xkb-data, against the same patched package built in sid: no changes
at all.

So I'm quite convinced that the proposed patch makes it possible to
build the package properly, without any/other side effects that we
wouldn't have seen.


I'm therefore uploading 1.192 to unstable right now to fix this bug
there, and I'm taking a note to propose 1.192~deb10u1 through pu.

Thanks again, Iain; and apologies for the delay.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#924657: release-notes? Was: Re: kbdnames are generated with incorrect translations

2019-07-04 Thread Cyril Brulebois
Hi,

Paul Gevers  (2019-07-04):
> This apparently wasn't uploaded, so it's to late for the initial buster
> release. Does it make any sense to mention this in the release notes? I
> tend to say it doesn't, but will do it nevertheless when others think it
> does.

I see release notes as something that should be meaningful during the
the release's lifetime? I would rather see that issue documented in
installer's errata instead, as that's something we expect to be fixed
“soon”?

  
https://salsa.debian.org/webmaster-team/webwml/blob/master/english/devel/debian-installer/errata.wml

I've just double checked the effects of the patch and I'll send a
separate update, as a follow-up to the initial patch proposal.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#927165: [pkg-cryptsetup-devel] Bug#927165: debian-installer: improve support for LUKS

2019-07-03 Thread Cyril Brulebois
Control: tag -1 patch pending

Hi Guilhem,

Guilhem Moulin  (2019-07-03):
> On Mon, 01 Jul 2019 at 04:45:47 +0200, Guilhem Moulin wrote:
> > Sure, I even planned to do that when I heard about your post-mini-DebConf
> > “hiccup” ;-)  I remained on the road for another 3 weeks and unfortunately
> > didn't find time since the mini Debconf.  Thanks for the poke, I'll try to
> > tend to it this week.
> 
> It was less difficult than I imagined ;-)  Sorry for delaying it, I
> could have done that immediately after writing the document.
> 
> 
> https://salsa.debian.org/installer-team/installation-guide/merge_requests/9

Don't worry about the delay, I'm very happy to merge this now, and have
an opportunity to backport it in a point release later on. If I got the
process right, having the changes in master should trigger an update of
pot/po files by the l10n robot, and translators will be able to catch up
in a couple of hours.

Again: Many thanks!

> Do you still think it'd be a good idea to add a boot parameter
> ‘luks-version=’ or so (defaulting to ‘2’) so users can easily format
> to LUKS1, or do you agree documenting the “downgrade path” is enough?
> (I guess it's too late for Buster anyway, but maybe a later point
> release?)

As we discussed a couple of weeks ago, adding support for tweaking the
LUKS version was envisioned before buster; but with that documentation
now being available, and with buster being released real soon now, I'm
not convinced adding this option, even in a later point release, is
really a good use of everyone's time.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#851774: Bug#928931: more info

2019-07-01 Thread Cyril Brulebois
Hi,

Raphaël Halimi  (2019-07-01):
> Le 29/06/2019 à 16:20, Cyril Brulebois a écrit :
> > Plus, we've got a MR against apt-setup now, see #851774. It's also
> > come late and nobody reviewed it yet. Plus, the other, serious bug
> > report was marked as buster-ignore by a release team member, so
> > there's no *need* to fix this before buster.
> 
> What exactly does "MR" mean ? I googled but I didn't find anything.
> 
> > All in all, it looks like we're instead going to consider the MR at the
> > beginning of the bullseye release cycle, and backport the fix to buster
> > if it proves to be working fine.
> 
> That's where I disagree. More precisely, I don't understand how the
> current situation (which is that generators/60local crashes
> systematically, unless in the very rare case that an unsigned
> repository is configured, **and**
> debian-installer/allow_unauthenticated is set) can be preferable to
> merging the patch in [1] before release.
> 
> (There was also a merge request based on this patch [2] which didn't
> receive any answer)

Merge request, MR.

So you're pointing out exactly what I was referring to.

> Please enlighten me (I'm not being ironic here, this is a legitimate
> question, I really don't understand how releasing Buster with a partly
> broken apt-setup is preferable to merging a patch which is admittedly
> not tested by a lot of people, but is so simple that it's very
> unlikely to fail, especially when 60local nearly **always** fail
> without a fix).

Because it makes no sense to be making changes until the very last
minute. Especially for a highly specific use case where one would expect
advanced users to be able to find the relevant bug report(s).

> Personally, I don't mind, since my PXE server has a complex preseed
> system with preseed file snippets, scripts and hooks everywhere, so
> adding a hook to replace 60local for Buster was very easy; but I'm
> thinking of people who use a single preseed file, they will have a
> really bad surprise when Buster is released.

If you personally don't mind, you may want to just trust us to make the
right call. Hypothetical users that haven't been testing release
candidates and haven't noticed the issue can surely 1) find bug reports
when they run into this issue; 2) apply a workaround; 3) or wait until
10.1 is released.

> If you don't change your mind, please at least agree that this bug
> (and its possible workarounds) must absolutely be documented with big
> fat warnings in the preseed documentation [3].

An errata item might be in order; but then, we tend to put out .1 rather
quickly so that might mean more work for translators for little benefits
anyway.

> I have to say that I **really** miss the times when a new Debian
> release was ready "when it's ready"... :(

I'll refrain from adding my own “I have to say” here.


Cheers anyway,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#927165: debian-installer: improve support for LUKS

2019-06-30 Thread Cyril Brulebois
Hi Roger,

Roger Shimizu  (2019-06-30):
> On Tue, Jun 11, 2019 at 12:06 AM Guilhem Moulin  wrote:
> >
> > Hi there,
> >
> > On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> > >>> One could argue that cryptodisk support has never been supported by
> > >>> d-i anyway,
> > >>
> > >> Yup, and I suppose that's why I overlooked this in my mail to
> > >> debian-boot :-P  Jonathan Carter had a similar report last week
> > >>
> > >> https://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/2019-April/008196.html
> > >
> > > While I'm usually fine to dismiss some bug reports as “it's unsupported,
> > > sorry”, making users' life harder doesn't seem really reasonable… :/
> >
> > During last week's gathering at MiniDebConf Hamburg we (cryptsetup package
> > maintainer + KiBi) talked and came up with the following guide/notes:
> >
> > https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
> 
> Thank for the above doc, which is quite easy understanding and 
> straightforward!
> I didn't notice this until it's mentioned by release announcement of
> D-I RC2 [1].
> 
> I confirmed with /boot set up in LUKS1, everything works fine.
> It‘d configure non encrypted /boot when in D-I, then after finishing
> D-I, and reboot to system, manually make LUKS1 for /boot partition.

Thanks for letting us know you appreciate it.

Guilhem, any chance I could trick you into adding a pointer from the
installation-guide to your documentation? It would be an extra string
for translators to deal with, but that might be added to unstable and
then backported at a later point to buster once translators have had a
chance to catch up.

I was meaning to do that before closing this bug report (#927165) but
I didn't manage to get to that in the past weeks due to a little hiccup
after the mini-DebConf in HH.

> However, I found adding:
>   GRUB_PRELOAD_MODULES="luks cryptodisk"
> to /etc/default/grub is not necessary.
>   GRUB_ENABLE_CRYPTODISK=y
> is the only setting need to append manually.
> (/etc/fstab /etc/crypttab need to be edited for sure)
> 
> Thanks again for your effort on the guide/notes above!
> 
> [1] https://lists.debian.org/debian-devel-announce/2019/06/msg5.html

From my limited tests, it seemed that GRUB_ENABLE_CRYPTODISK=y was
indeed sufficient.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930856: autopkgtest-build-qemu: captures something from host

2019-06-29 Thread Cyril Brulebois
Hi,

Dmitry Bogatov  (2019-06-29):
> [ After futher investigation, this command fails with same error directly,
>  without autopkgtest, so reassigning ]
> 
> control: reassing -1 debootstrap
> control: retitle -1 debootstrap uses wrong keyring
> 
> Dear maintainer of debootstrap, I can't create chroot due following error:
> 
>   # debootstrap --variant - unstable /tmp/foo.dir http://deb.debian.org
>   I: Checking Release signature
>   E: Release signed by unknown key (key id 04EE7237B7D453EC)
>  The specified keyring /usr/share/keyrings/devuan-archive-keyring.gpg may 
> be incorrect or out of date.
>  You can find the latest Debian release key at 
> https://ftp-master.debian.org/keys.html
> 
> Note that APT tries to use Devuan keyring to validate Debian release and
> fail. How does `debootstrap' decides, which keyring to use?

What debootstrap version is that? And what distribution is it?

In a sid chroot I'm getting this:

(sid-amd64-devel)kibi@armor:/tmp$ sudo debootstrap --variant - unstable 
/tmp/foo.dir http://deb.debian.org
I: Target architecture can be executed
I: Retrieving InRelease 
I: Retrieving Release 
E: Failed getting release file http://deb.debian.org/dists/unstable/Release

which is sensible because there's a missing /debian directory.

With that fixed:

(sid-amd64-devel)kibi@armor:/tmp$ sudo debootstrap --variant - unstable 
/tmp/foo.dir http://deb.debian.org/debian
I: Target architecture can be executed
I: Retrieving InRelease 
I: Checking Release signature
I: Valid Release signature (key id 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC)
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
[…]

> I am aware about --keyring option, original bug was about
> `autopkgtest-build-qemu', which invokes debootstrap through several
> layers and does not allow passing additional arguments to `debootstrap'.

There's no devuan-archive-keyring.gpg in Debian anyway, so I'd suggest
filing this issue with your actual vendor.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#851774: Bug#928931: Bug #928931: more info + patch

2019-06-29 Thread Cyril Brulebois
Hi Raphaël,

Raphaël Halimi  (2019-06-29):
> I don't mean to rush you, but […]

Hrm.

> My current workaround is to add a hook in base-installer.d (because it
> has to be done just before apt gets configured) to replace
> /usr/lib/apt-setup/generators/60local with a version including a line
> to install gnupg before "apt-key add" is called (patch included).
> 
> (the modification can also be done manually during the base system
> installation phase, but it is error-prone, has to be done very quickly
> at the right moment, and of course completely defeats the purpose of
> an unattended installation)
> 
> I noticed that gnupg used to be Priority: important, whereas it's now
> Priority: optional.
> 
> If installing gnupg is what it takes to fix the bug, IMHO it should be
> done; anyway, with this patch, it would be installed only if a local
> repository with a GnuPG key is used at all.

Well, I proposed doing so a while ago but that didn't happen. Looking at
the current gnupg package, it's not about installing just a single,
extra package:

Depends: dirmngr (<< 2.2.13-2.1~), dirmngr (>= 2.2.13-2), gnupg-l10n (= 
2.2.13-2), gnupg-utils (<< 2.2.13-2.1~), gnupg-utils (>= 2.2.13-2), gpg (<< 
2.2.13-2.1~), gpg (>= 2.2.13-2), gpg-agent (<< 2.2.13-2.1~), gpg-agent (>= 
2.2.13-2), gpg-wks-client (<< 2.2.13-2.1~), gpg-wks-client (>= 2.2.13-2), 
gpg-wks-server (<< 2.2.13-2.1~), gpg-wks-server (>= 2.2.13-2), gpgsm (<< 
2.2.13-2.1~), gpgsm (>= 2.2.13-2), gpgv (<< 2.2.13-2.1~), gpgv (>= 2.2.13-2)

I'm also not sure what part of dirmngr and/or gpg-agent are going to
stay around running, after calling “apt-key add” with gnupg installed.

Testing that was conceivable a couple of weeks/months back; a few days
before an archive freeze, not so much.

Plus, we've got a MR against apt-setup now, see #851774. It's also come
late and nobody reviewed it yet. Plus, the other, serious bug report was
marked as buster-ignore by a release team member, so there's no *need*
to fix this before buster.

> I hope this fix (or another one of your own choice) will make it to
> d-i before release.

All in all, it looks like we're instead going to consider the MR at the
beginning of the bullseye release cycle, and backport the fix to buster
if it proves to be working fine.

Letting the other bug and Moritz know through cc.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#931043: unblock: expat/2.2.6-2

2019-06-28 Thread Cyril Brulebois
Hi,

Ivo De Decker  (2019-06-25):
> On Tue, Jun 25, 2019 at 06:59:09AM +0200, Salvatore Bonaccorso wrote:
> > Please unblock package expat, it fixes CVE-2018-20843 and got fixed by
> > Laszlo cherry-picking the upstream fix. The issue is tracked as
> > #931031 in the BTS:
> > 
> > > expat (2.2.6-2) unstable; urgency=high
> > > 
> > >   * Fix extraction of namespace prefix from XML name (CVE-2018-20843)
> > > (closes: #931031).
> > > 
> > >  -- Laszlo Boszormenyi (GCS)   Mon, 24 Jun 2019 21:18:31 
> > > +
> > 
> > unblock expat/2.2.6-2
> 
> I'm fine with this, but expat has a udeb, so this needs a d-i ack. Kibi Cc's
> (and diff quoted below for easy review).

No obvious regressions in the graphical installer, so no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#931064: unblock: grub2/2.02+dfsg1-20

2019-06-28 Thread Cyril Brulebois
Ivo De Decker  (2019-06-25):
> Control: tags -1 confirmed d-i
> 
> Hi,
> 
> On Tue, Jun 25, 2019 at 01:33:50PM +0100, Steve McIntyre wrote:
> > Subject: unblock: grub2/2.02+dfsg1-20
> 
> Unblocked. Still needs the unblock u-deb (kibi Cc'ed).

Right, we've discussed this while we were releasing, no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929667: debian-installer doesn't install Recommends of linux-image-*

2019-06-23 Thread Cyril Brulebois
Hi Ben & Patrick,

Ben Hutchings  (2019-05-28):
> Control: tag -1 serious
> 
> On Tue, 2019-05-28 at 10:16 +0200, Patrick wrote:
> > Package: debian-installer
> > Version: 20190410
> > 
> > debian-installer doesn't install the Recommends of "linux-image-*".
> > Apparently, this is by design since [1].
> >
> > The effects are:
> > 1) For "buster", a clean install doesn't include "apparmor" and
> > "firmware-linux-free" (both are Recommends for "linux-image-*"). This
> > is curious, because [2] suggests "apparmor" is enabled by default,
> > while it actually isn't.
> > 2) A future kernel upgrade initiated by "apt" _WILL_ install the
> > "Recommends", causing "apparmor" and "firmware-linux-free" to be
> > installed at that stage.

Right, thanks for the catch and the report.

> There has (effectively) been a change in APT's behaviour since that
> earlier commit.  "apt-get upgrade" does not install new packages unless
> you use the --with-new-pkgs option.  However, the newer "apt upgrade"
> command does install new dependencies and recommendations.
> 
> Because security upgrades sometimes introduce ABI changes and new
> binary packages, we now recommend use of either
> "apt-get upgrade --with-new-pkgs" or "apt upgrade" for all upgrades,
> and since last year the installer uses the former.
> 
> > I think these effects are undesired. I'd suggest to use
> > "APT::Install-Recommends true" when installing the linux image.
> 
> I agree that it's a serious problem that AppArmor may only be properly
> enabled later, and I'm upgrading the severity accordingly.
> 
> I think that for at least the kernel installation,
> APT::Install-Recommends should be set to the same value it will have in
> the installed system, i.e. dependent on base-installer/install-
> recommends.
> 
> However, I think we should revert this commit entirely.  The current
> default behaviour is that *any* security update or other stable update
> will cause the installation of its recommendations where they weren't
> installed before, and that is likely to be quite surprising.

This approach seems reasonable; feel free to go ahead on the commit,
upload, and possibly unblock request fronts. Given the current freeze
related hints, base-installer can be uploaded right away if you wish
to do so, that shouldn't impact the d-i release process for RC 2.

Cc-ing Steve who mentioned an interest in this bugfix; worst case I'll
deal with it myself in a couple of days.

Thanks everyone!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930936: unblock: installation-guide/20190622

2019-06-22 Thread Cyril Brulebois
Samuel Thibault  (2019-06-22):
> We have updated the installation guide a bit, could you unblock it?
> (Cc-ing kibi)
> 
> We will probably make a last upload for Buster with only translation
> updates.
> 
> Thanks!
> 
> unblock installation-guide/20190622

Fully agreed with the proposed plan, as discussed on IRC.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930771: unblock: partman-auto/149

2019-06-22 Thread Cyril Brulebois
Hi again,

Cyril Brulebois  (2019-06-22):
> Paul Gevers  (2019-06-22):
> > This needs an unblock by d-i, hence kibi in CC.
> 
> No objections to the workaround through l10n tweaks for Arabic.

We definitely want that in D-I Buster RC 2, which is why I think I'll go
for a little exception in this very specific case.

> > Can you please upload targeted fix, in line with our policy of this
> > moment of the freeze [1]? Even trivial changes can introduce new
> > bugs.
> 
> FWIW the ia64/sparc changes shouldn't be an issue, even if I share
> your concerns here regarding unnecessary changes…

Let's see what we have:

kibi@armor:~/debian-installer/packages/partman-auto$ git diff --stat 
148..149
 debian/changelog  | 19 +++
 debian/control|  2 +-
 debian/po/ar.po   | 23 ++-

Bugfix and “bubulle removal”, which we'd like to get.

 recipes-ia64  |  1 +
 recipes-ia64/_numbers |  3 ---
 recipes-ia64/atomic   | 18 --
 recipes-ia64/home | 26 --
 recipes-ia64/multi| 40 
 recipes-sparc/atomic  |  2 +-
 recipes-sparc/home|  2 +-
 recipes-sparc/multi   |  2 +-

I'm not too keen on reverting those changes (either through unstable or
by cherry-picking stuff through t-p-u), as we might run into some delays
on the buildd side, and the regression potential seems very close to 0
(but it would have been nice not to have them in our way in the first
place)…

I'll take all the blame and fingerpointing if anything goes wrong here.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930846: partman-auto-lvm: debconf show guided_size during auto install

2019-06-22 Thread Cyril Brulebois
Steve McIntyre  (2019-06-22):
> On Sat, Jun 22, 2019 at 01:05:01PM +0200, Baptiste BEAUPLAT wrote:
> >Tags: patch
> >
> >Added patch:
> >https://salsa.debian.org/installer-team/installation-guide/merge_requests/7
> 
> Merged, thanks for your contribution!

Right, the suggestion to add that to the preseed example was perfect; thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930330: unblock: cryptsetup/2.1.0-5

2019-06-22 Thread Cyril Brulebois
Hi,

Guilhem Moulin  (2019-06-10):
> During a chat last at MiniDebConf Hamburg last week-end we (cryptsetup
> package maintainers + KiBi + ivodd) discussed a path forward for #927165
> (debian-installer: improve support for LUKS) in Buster.
> 
> In the cryptsetup side of thing, we produced an online document/guide/notes
> on GRUB unlocking for both LUKS devices, including extra work-arounds for
> LUKS2: https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
> 
> The document isn't shipped to any of cryptsetup/2.1.0-5's binary packages,
> because it'll likely be amended in later d-i Buster RCs (based on which
> flag/workaround is implemented there), and shipping the document to our
> binary packages would then require extra roundtrips and unblock requests.
> 
> Instead, we added a section "Unlocking LUKS devices from GRUB" to
> README.Debian with a link to the aforementioned document [0].

This package's been unblocked already, but I wanted to mention it's all
fine with me of course, and many thanks for the chat, and extra docs,
and all that. :)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930494: unblock: rootskel/1.131

2019-06-22 Thread Cyril Brulebois
Samuel Thibault  (2019-06-13):
> As mentioned in #930493, I have re-measured the minimum memory
> contraints of d-i, and the g-i part is in rootskel, as attached here,
> could you unblock it?
> 
> unblock rootskel/1.131

Looks good to me as well, as the lowmem part. Thanks!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930493: unblock: lowmem/1.47

2019-06-22 Thread Cyril Brulebois
Hi,

Samuel Thibault  (2019-06-13):
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Now that things have settled down, I have re-measured the minimum memory
> contraints of d-i and thus uploaded a new version of lowmem with the
> attached changes, could you unblock it?
> 
> It can be noted that the minimum have changed quite a lot because I
> changed the test a bit: we were not testing with encryption support
> previously, and it happens to require quite a lot of memory.
> 
> I have also added ignoring a lintian error about missing translations,
> since lowmem conditions are precisely when we want to drop translations
> :)
> 
> unblock lowmem/1.47

After-the-{fact,unblock} comments for reasons mentioned elsewhere:
 - thanks a lot for the update;
 - great idea to check encrypted LVM;
 - there are some RAM requirements mentioned in the manual as well,
   should there be an update there as well? Someone mentioned [1] on
   IRC lately.

 1. https://www.debian.org/releases/stable/amd64/ch02s05.html.en


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930757: unblock: grub2/2.02+dfsg1-19

2019-06-22 Thread Cyril Brulebois
Paul Gevers  (2019-06-22):
> Control: tags -1 confirmed d-i
> Control: reopen -1
> 
> On 21-06-2019 23:10, Paul Gevers wrote:
> > On 20-06-2019 01:37, Colin Watson wrote:
> >> unblock grub2/2.02+dfsg1-19
> >> unblock grub-efi-amd64-signed/1+2.02+dfsg1+19
> >> unblock grub-efi-arm64-signed/1+2.02+dfsg1+19
> >> unblock grub-efi-ia32-signed/1+2.02+dfsg1+19
> > 
> > Unblocked, thanks.
> 
> I failed to notice this needs an ACK from d-i. Hence the CC.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#930771: unblock: partman-auto/149

2019-06-22 Thread Cyril Brulebois
Hi,

Paul Gevers  (2019-06-22):
> user release.debian@packages.debian.org
> usertags 930771 unblock
> tags 930771 d-i moreinfo
> thanks
> 
> Hi Holger,
> 
> On 20-06-2019 10:35, Holger Wansing wrote:
> > Package: release.debian.org
> > Usertags: unblock
> 
> You missed to change the user above for the unblock usertag. So we
> nearly missed your request. Please be careful next time.
> 
> > I would like to request an unblock for version 149 of partman-auto.
> 
> This needs an unblock by d-i, hence kibi in CC.

No objections to the workaround through l10n tweaks for Arabic.

> > Beside trivial things (trimm uploader field, changings for ia64 and sparc
> > ports) it has a workaround for the installer hanging at harddisk detection
> > step when installing in Arabic.
> > 
> > 
> > A corresponding debdiff is attached.
> 
> Can you please upload targeted fix, in line with our policy of this
> moment of the freeze [1]? Even trivial changes can introduce new bugs.

FWIW the ia64/sparc changes shouldn't be an issue, even if I share your
concerns here regarding unnecessary changes…


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#917909: [text-based installer] right-to-left writing direction broken

2019-06-08 Thread Cyril Brulebois
Hi,

Samuel Thibault  (2019-06-08):
> Cyril Brulebois, le mer. 02 janv. 2019 06:53:44 +0100, a ecrit:
> > Samuel Thibault  (2018-12-31):
> > > (which I could check as fixing the issue in the textual installer,
> > > without breaking the graphical installer). And we can probably
> > > backport it to Stretch.
> > 
> > That would be great, yes.
> 
> Beta1 has the fix and it seems to be going fine.
> 
> I have uploaded the attached NMU to delayed/5.

And of course no objections there, based on the above report.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#926242: jenkins.debian.org: Please test reproducibility status of Debian Installer images

2019-06-05 Thread Cyril Brulebois
Chris Lamb  (2019-06-05):
> I naturally understand your hesitation but on the other hand I would
> truly love to see this in buster. Indeed, we may actually have done
> enough work to boast about having reproducible installer images for
> the upcoming release (!) although without testing on our more-
> comprehensive testing framework it is difficult to tell at the
> moment...
> 
> Devil's advocate: this is surely unlikely to break the release of
> buster itself? I mean, for the "final" official buster builds, that is?

That's exactly the point: I don't think it's unlikely. And it can't be
tested until it reaches the buildds. At which point, seeing breakages
isn't exactly what we want when a release is about to happen.

As a middle ground, how does the following sound? First test this in
unstable with the first alpha for bullseye, and possible backport it
in a point release?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#926242: jenkins.debian.org: Please test reproducibility status of Debian Installer images

2019-06-05 Thread Cyril Brulebois
Hi,

Chris Lamb  (2019-06-05):
> Apologies for the delay in getting back to you all here.
> 
> I've got this working locally here although we require the following
> change to the gen-sources.list.udeb script. Basically, we need print
> three columns if we have "[options]", otherwise we just print two:
> 
> diff --git a/build/util/gen-sources.list.udeb 
> b/build/util/gen-sources.list.udeb
> index 539345a45..ac416266a 100755
> --- a/build/util/gen-sources.list.udeb
> +++ b/build/util/gen-sources.list.udeb
> @@ -36,10 +36,9 @@ get_mirrors() {
>   [ -s $file ] || continue
>   grep '^deb[[:space:]]' $file | \
>  grep -v '^deb[[:space:]]\+cdrom:' | \
> -sed 's,^deb \[[^]]*\] ,deb ,' | \
>  grep -v 
> '\(security.debian.org\|volatile.debian.\(net\|org\)\)' | \
>  grep '[[:space:]]main' | \
> -awk '{print $1 " " $2}' | \
> +awk '{ print (substr($2, 0, 1) == "[") ? $1 " " $2 " " $3 : 
> $1 " " $2 }' | \
>  sed 's,^deb file,deb copy,' | \
>  sed 's,/* *$,,'
>   done
> 
> How does this look to you? Shell "golf" suggestions welcome,
> naturally. (I tried a few sed variants but it got a bit messy.)

I'm a little wary with possibly merging this late in the release cycle,
so I'd rather get see that looked at after Buster is out. With extra
apologies since I've just broken the context of your patch by removing
the volatile references (in both debian-installer{,-netboot-images}.git)
since volatile disappeared with Squeeze and it's about time we dealt
with it… (https://www.debian.org/volatile/)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929956: unblock: glib2.0/2.58.3-2

2019-06-04 Thread Cyril Brulebois
Simon McVittie  (2019-06-04):
> Please unblock package glib2.0 to fix CVE-2019-12450.
> 
> glib2.0 builds a udeb (for the graphical installer) so this will need
> a d-i ack.
> 
> unblock glib2.0/2.58.3-2
> unblock-udeb glib2.0/2.58.3-2

Tests look good, no objections from the d-i side.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929912: unblock: ltsp/5.18.12-3

2019-06-04 Thread Cyril Brulebois
Niels Thykier  (2019-06-04):
> Control: tags -1 confirmed d-i
> 
> Vagrant Cascadian:
> > Please unblock package ltsp
> > 
> > unblock ltsp/5.18.12-3
> 
> Looks good to me, CC'ing KiBi for a d-i ack before completing the unblock.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929913: unblock: simple-cdd/0.6.7

2019-06-04 Thread Cyril Brulebois
Niels Thykier  (2019-06-04):
> Vagrant Cascadian:
> > unblock simple-cdd/0.6.7
> 
> Looks good to me, CC'ing KiBi for a d-i ack before completing the unblock.

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#926540: unblock: xorg-server/2:1.20.4-1

2019-06-03 Thread Cyril Brulebois
Hi,

Andreas Boll  (2019-05-11):
> On Sat, Apr 06, 2019 at 10:25:31PM +0200, Cyril Brulebois wrote:
> > Hi,
> > 
> > Andreas Boll  (2019-04-06):
> > > CCing kibi for unblock-udeb review
> > 
> > This is coming a little late for RC1 that should be published very soon.
> > I've added this to my local todo list but feel free to prod me once RC1
> > is published.
> 
> Ping :)

Apologies for the delay, been busy…

Runtime tests look good, no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#926630: unblock: libpng1.6/1.6.36-6

2019-06-03 Thread Cyril Brulebois
Hi,

Paul Gevers  (2019-05-11):
> > debdiff attached
> > 
> > thanks for caring,
> > 
> > unblock libpng1.6/1.6.36-6
> 
> I am fine with this, but it needs a review by d-i (CC-ed kibi).

Apologies for the delay.

Based on runtime tests: no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929171: unblock: espeakup/1:0.80-15

2019-06-03 Thread Cyril Brulebois
Niels Thykier  (2019-05-18):
> Samuel Thibault:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > 
> > Hello,
> > 
> > As reported on Bug#929169, “the Linux kernel in Buster seems to take
> > much longer (as much as 12s!) to detect some sound card such as the
> > widespread Intel HDA. The current timeout in espeakup-udeb is thus way
> > too short, and makes the Debian installer useless for blind people
> > having such audio cards.”
> > 
> > In version 1:0.80-15 (debdiff attached) I have thus made the timeout
> > longer. A proper solution would be to make espeakup startup event-based,
> > but that would be very involved at this stage of development.
> > 
> > This version was confirmed to be fixing the issue on a few user systems.
> > 
> > Samuel
> > 
> > unblock espeakup/1:0.80-15
> > 
> > [...]
> 
> Ack from here; CC'ing KiBi for a d-i ack before it is fully unblocked.

Testing multi-cards support (-soundhw all), I'm seeing errors that are
likely due to busybox's sleep not supporting decimal numbers (“sleep
0.1” is called).

Not a regression if I'm reading the diff correctly, but might be worth
fixing at some point…

Speaking of error messages, we're also getting invalid commands from
amixer. Is that expected/known/tracked somewhere? (I think I've been
seeing this for months, maybe years.)


Back to the actual unblock request, that looks reasonable.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929132: unblock (pre-approval): dbus/1.12.14-1

2019-06-03 Thread Cyril Brulebois
Niels Thykier  (2019-05-19):
> Ok. I have added an unblock and age-days 8 hint.  Also CC'ing KiBi for
> a d-i ack before adding an unblock-udeb hint.

Apologies for the delay; no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929215: unblock: systemd/241-5

2019-06-03 Thread Cyril Brulebois
Hi,

Michael Biebl  (2019-06-03):
> 241-5 is waiting for an ack from d-i. Since the AMD related RDRAND
> breakage is rather nasty for users of those affected systemd, it would
> be good to have that version in testing.
> While I don't expect any issues on the udeb/udev related parts, it would
> be great if you can have a look and give this version a try wrt to d-i.

Apologies for the delay.

Changes look good, and so do runtime tests, so no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928931: debian-installer: apt-setup/local0/key fails on buster because gnupg is not installed

2019-06-02 Thread Cyril Brulebois
Hi Philipp,

Philipp Huebner  (2019-05-20):
> I just ran into this very same issue.
> 
> > I seem to remember having seen some discussion regarding how to detect
> > binary or armoured keys; maybe a cheap(er) fix would be to make sure we
> > install the needed gnupg bits into /target when such a setting 
> > (apt-setup/local*/key) is detected?
> > 
> > See generators/60local in apt-setup.
> 
> Sounds good to me, I would like to see this fixed soon and can offer to
> test fixed d-i images.

Please use reply-all on the BTS, otherwise people don't see your replies
unless they specifically keep track of a particular bug report… I would
have taken care of this 10+ days ago if I had seen your reply earlier.

For the record, I've received dozens of 451 notifications from the bug
submitter, which would usually make me close the bug report directly.
But given that's a well-known issue, I'll refrain from doing so…


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929828: unblock: cryptsetup/2:2.1.0-4

2019-06-02 Thread Cyril Brulebois
Paul Gevers  (2019-06-02):
> Control: tags -1 confirmed
> 
> On 01-06-2019 12:10, Guilhem Moulin wrote:
> > Debdiff between 2:2.1.0-3 and 2:2.1.0-4 attached.  This also includes a
> > patch by jmtd fixing the long description of cryptsetup-{bin,run}.  The
> > diff doesn't touch our .udeb binary packages, but X-Debbugs-CC'ing kibi
> > anyway as cryptsetup is also under udeb-block.
> > 
> > unblock cryptsetup/2:2.1.0-4
> 
> I'm fine with this. I'll unblock after the ack of kibi as I am not sure
> about checking the udeb part myself (an area that I still have to learn).

The proposed change seems reasonable. And yeah, had it been impacting
MODULES=most, I would have seen this long ago, as encrypted LVM is one
of the basic scenarios I run on a regular basis and before all releases.

Regarding the udeb part, debdiffing udebs before/after the change is
usually sufficient to spot changes. I use DEBDIFF_CONTROLFILES=ALL in
~/.devscripts for all debdiff calls (udeb and non-udeb), to make sure I
notice all changes.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929731: unblock: flash-kernel/3.99

2019-05-29 Thread Cyril Brulebois
Hi,

Niels Thykier  (2019-05-29):
> Vagrant Cascadian:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > X-Debbugs-Cc: vagr...@debian.org, debian-b...@lists.debian.org
> > 
> > Please unblock package flash-kernel
> > 
> > This upload adds support for two additional boards, one additional name
> > for another board, and updates the Uploaders list. The changes should be
> > very low risk to existing platforms, and really appreciated by people
> > with the added boards.
> > 
> > 
> > [...]
> > 
> > unblock flash-kernel/3.99

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929476: Debian 9 installation.

2019-05-26 Thread Cyril Brulebois
Hi Mauro,

mb  (2019-05-24):
> The installation in Graphic mode after the language, country and locales 
> stops because cannot find the CD.
> It is not clear what is such "CD"? All installation software isn't in 
> thedebian-9.9.0-amd64-DVD-1.iso  
> <https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-9.9.0-amd64-DVD-1.iso>
>   file loaded on the USB pen drive?

The ISO image is indeed what you copied onto your USB device. I'm not
sure why there's an issue detecting it here, and I'm cc-ing the
debian-cd folks who are responsible for producing installation images,
and know a lot about this specific area.

Did you verify the checksum of what you downloaded? Wondering whether it
could be corrupted in some way, which could maybe explain why all copy
methods you tried gave the same results.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929175: Buster d-i RC1: Synaptics touchpad didn't work in installer on HP Mini

2019-05-18 Thread Cyril Brulebois
Hi Jacob,

And thanks for your report.

Jacob Nevins  (2019-05-18):
> My biggest problem: my touchpad didn't work at all in the graphical
> installer; the mouse pointer is stuck in the centre of the screen and
> doesn't respond to movement on the touchpad.
> It works in the installed system, out of the box; I'm using Xfce4. I
> think it's a Synaptics sort of a device, but I'm a bit unclear on the
> details. Hopefully the attached files give enough detail.

Wondering whether this could be something similar to #926057. I suppose
an lsmod from the installed system could give some hints.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#929097: unblock: u-boot/2019.01+dfsg-7

2019-05-18 Thread Cyril Brulebois
Hi,

Vagrant Cascadian  (2019-05-16):
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> Severity: normal
> X-Debbugs-CC: debian-b...@lists.debian.org
> 
> Please unblock package u-boot

No objections on the d-i side.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928863: debian-installer: Add support for NanoPi NEO2

2019-05-14 Thread Cyril Brulebois
Hi,

Domenico Andreoli  (2019-05-14):
> > I suppose we could merge this and let you test and report what
> > happens with daily builds. Would that be fine with you?
> 
> Of course it's fine with me.

Great! Just pushed an updated master; you should find updated images in
a couple of hours here:
  https://d-i.debian.org/daily-images/daily-build-overview.html
  https://d-i.debian.org/daily-images/arm64/daily/

> > I see that Vagrant already spotted the needed bump to Build-Depends.
> > :)
> 
> I already fixed it, the MR is updated.

Yeah, sure! I just mentioned it because that's one of our usual gotchas
when adding support to new hardware, and I was happy to see it was
already taken care of. :)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928931: debian-installer: apt-setup/local0/key fails on buster because gnupg is not installed

2019-05-14 Thread Cyril Brulebois
Hi,

Mikko Tuumanen  (2019-05-13):
> Package: debian-installer
> Severity: normal
> 
> Dear Maintainer,
> 
> I tried to preseed Debian buster with
> 
> d-i apt-setup/local0/repository string http://foo/ buster bar
> d-i apt-setup/local0/key string http://foo/key
> d-i pkgsel/include string baz
> 
> and used netboot "linux" and "initrd.gz" dated 2019-04-10.
> 
> This caused
> 
> May 13 06:34:21 main-menu[300]: (process:30688): 2019-05-13 06:34:18
> URL:http://foo/key [2448/2448] -> "/target/tmp/_fetch-url_key0.pub.31236" [1]
> May 13 06:34:21 main-menu[300]: (process:30688): E: gnupg, gnupg2 and gnupg1 
> do
> not seem to be installed, but one of them is required for this operation
> 
> and later package baz was not found which stopped the installation.

Right, I had been meaning to take care of it, but this special use case
had way lower priority than other issues…

> Work-around:
> 
> d-i preseed/late_command string in-target /bin/bash -c "\
> wget -O /etc/foo.asc http://foo/key ;\
> echo 'deb [signed-by=/etc/foo.asc] http://foo/ buster bar'
> >>>>/etc/apt/sources.list ;\
> apt update ;\
> apt -y install baz"

I seem to remember having seen some discussion regarding how to detect
binary or armoured keys; maybe a cheap(er) fix would be to make sure we
install the needed gnupg bits into /target when such a setting 
(apt-setup/local*/key) is detected?

See generators/60local in apt-setup.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928863: debian-installer: Add support for NanoPi NEO2

2019-05-14 Thread Cyril Brulebois
Hi Domenico,

Domenico Andreoli  (2019-05-12):
>   please consider adding the generation of the installer image file
> for FriendlyArm NanoPi NEO 2. MR is available on Salsa:
> 
> https://salsa.debian.org/installer-team/debian-installer/merge_requests/9

At first glance, that looks good to me.

> I was not able to cross-build the arm64 installer from amd64 so the
> patch is not tested.

I suppose we could merge this and let you test and report what happens
with daily builds. Would that be fine with you?

> Please mind that the NanoPi NEO 2 target for u-boot has just been
> merged in sid so it's not yet in Buster.

I see that Vagrant already spotted the needed bump to Build-Depends. :)

That shouldn't stop us from merging your work right now, I can always
hint u-boot into buster, should we need it; but thanks for mentioning it
anyway!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928204: lower severity

2019-05-13 Thread Cyril Brulebois
HoLger,

Holger Levsen  (2019-05-13):
> severity 928204 important
> tags 928204 unreproducible moreinfo
> # thanks
> 
> Kibi,
> 
> #928204 is the bug with the title "check-support-status: cannot create 
> /var/lib/debian-security-support/security-support.semaphore: Directory
> nonexistent"...
> 
> how did you create that chroot? is maybe apparmor involved (in a way
> thats not the default? (guessing based on the hostname in your log.)

debootstrap; I'm running with apparmor=1 but that has absolutely 0
things to do with the hostname (https://en.wikipedia.org/wiki/Armorica).


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928929: ccache: please add support for gcc/g++ 9

2019-05-13 Thread Cyril Brulebois
Package: ccache
Version: 3.7.1-1
Severity: normal

Hi,

Even if gcc-9 only appears in experimental for now (where gcc-defaults
defaults to it), it'd be nice to have ccache have support for it.

Thanks for considering.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant



Bug#928609: [Pkg-utopia-maintainers] Bug#928609: network-manager: Invalid system-connections configuration during preseeding

2019-05-09 Thread Cyril Brulebois
Hi,

Michael Biebl  (2019-05-08):
> Control: reassign -1 netcfg

Thanks for forwarding this.

> Am 08.05.19 um 14:12 schrieb Yannick Schinko:
> >> I assume this file is created by the debian installer, so you
> >> should probably talk to them. See
> >>
> >> https://qa.debian.org/developer.php?email=debian-boot%40lists.debian.org
> >>
> >> I would guess that the netcfg part is the most likely package.
> > 
> > So you suggest to recreate this report on the netcfg package instead?
> 
> If netcfg is the component responsible for creating that file, yes.
> I'm not sure though, which is why I suggested to contact the
> debian-b...@lists.debian.org first.
> 
> You don't need to file or recreate the bug report btw, we can just
> re-assign it.
> 
> Thinking about it, I'll just do this now and let the debian-installer
> maintainers re-assign as needed.

netcfg looks like a good candidate indeed.

Yannick, it'd be great to see the installer's syslog, that should have
been stored under /var/log/installer.

(Please compress it.)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928507: unblock: grub2/2.02+dfsg1-18

2019-05-09 Thread Cyril Brulebois
Hi,

Ivo De Decker  (2019-05-09):
> On Mon, May 06, 2019 at 01:07:50PM +0100, Colin Watson wrote:
> > Please unblock grub2 2.02+dfsg1-18.  #927888 is RC; #927269 possibly
> > should be RC since it entirely breaks one of GRUB's platforms; and
> > #919915 causes upgrade trouble if you run into it.
> > 
> > (Apologies for the .gitignore/.bzrignore noise, which is the result of
> > switching to using dgit as of this upload.  But it's easy enough to, er,
> > ignore.)
> 
> I unblocked it, but it needs a d-i ack as well (Cc kibi, diff below).

No objections, thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#926903: Installation-report addition

2019-05-06 Thread Cyril Brulebois
Ben Hutchings  (2019-05-06):
> 1. The installer-with-firmware is not installing firmware-amd-graphics
>automatically on systems with AMD GPUs that need it.
[…]

> I'm cloning this and will fix the second bug, but I don't know how to
> fix the first.

src:discover?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#833706: I have a problem in install

2019-05-06 Thread Cyril Brulebois
John Superman  (2019-05-05):
> Please help me to sucessfully install Kali Linux. Problem:loading
> libc6-udeb for unknown reasons

Please take this to Kali people.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928506: installation-report: fails to find mirror under OpenBSD vmm(4) hypervisor

2019-05-06 Thread Cyril Brulebois
Control: tag -1 - d-i

Hi Matthew,

Matthew T Hoare  (2019-05-06):
> Dear Maintainer,
> 
>* What led up to the situation?
>I ran the installer under OpenBSD's vmm(4) hypervisor.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
>Tried to connect to a mirror to download the installation packages.
>* What was the outcome of this action?
>The connection failed, a mirror was not found.
>* What outcome did you expect instead?
>That a mirror be detected and used.
> 
> -- Package-specific info:
> 
> Boot method: OpenBSD vmm(4) hypervisor
> Image version: 
> https://cdimage.debian.org/cdimage/buster_di_rc1/amd64/iso-cd/debian-buster-DI-rc1-amd64-netinst.iso
> Date: 2019-05-05 approx 11pm
> 
> Machine: vmm(4) in OpenBSD-current on ThinkPad X201
> Partitions: 
>  See attatched output.
> 
> Base System Installation Checklist:
> [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it
> 
> Initial boot:   [O]
> Detect network card:[O]
> Configure network:  [O]
> Detect CD:  [O]
> Load installer modules: [O]
> Clock/timezone setup:   [O]
> User/password setup:[O]
> Detect hard drives: [O]
> Partition hard drives:  [O]
> Install base system:[E]
> Install tasks:  [E]
> Install boot loader:[O]
> Overall install:[O]
> 
> Comments/Problems:
> 
> The installer detected the virtual interface and was able to configure it but 
> was then unable to find the mirror.

“the mirror” isn't a thing. There are plenty of them. Which one did you
configure?

> I couldn't ping 8.8.8.8 from the busybox shell so it wasn't just name
> resolution. However I could manage to connect once the system was
> installed and booted, both ifupdown and systemd-networkd are fully
> functional.

Please share (compressed) /var/log/installer/syslog so that we have a
chance at trying to understand what happened. See below:

> Please make sure that the hardware-summary log file, and any other
> installation logs that you think would be useful are attached to this
> report. Please compress large files using gzip.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928496: unblock: haveged/1.9.1-7

2019-05-05 Thread Cyril Brulebois
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please review the haveged udeb addition that I've implemented to fix
entropy starvation issues in d-i. There are other changes in d-i
components to leverage this addition (in rootskel and debian-installer)
that I'm fine with vetting myself since they're clearly under the
installer team umbrella (unless you instruct otherwise).

haveged isn't directly maintained by us and even if the maintainer
gave me carte blanche[1], I'd be more content with a review from the
release team.

 1. https://bugs.debian.org/927376#10


Changelog excerpt (full source debdiff attached):

,---
| haveged (1.9.1-7) unstable; urgency=medium
| 
|   [ Cyril Brulebois ]
|   * Add haveged-udeb, for use from the Debian Installer (See: #923675,
| Closes: #927376).
|   * Bundle the daemon and the library in haveged-udeb, since the daemon
| is the only user of the libhavege.so.1 SONAME.
| 
|   [ Ondřej Nový ]
|   * d/control: Set Vcs-* to salsa.debian.org
| 
|  -- Cyril Brulebois   Fri, 19 Apr 2019 18:29:05 +0200
`---


If that looks fine, feel free to:

  unblock haveged/1.9.1-7
  unblock-udeb haveged/1.9.1-7


Thanks for your time!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
diff -Nru haveged-1.9.1/debian/changelog haveged-1.9.1/debian/changelog
--- haveged-1.9.1/debian/changelog  2017-07-17 16:05:45.0 +
+++ haveged-1.9.1/debian/changelog  2019-04-19 16:29:05.0 +
@@ -1,3 +1,16 @@
+haveged (1.9.1-7) unstable; urgency=medium
+
+  [ Cyril Brulebois ]
+  * Add haveged-udeb, for use from the Debian Installer (See: #923675,
+Closes: #927376).
+  * Bundle the daemon and the library in haveged-udeb, since the daemon
+is the only user of the libhavege.so.1 SONAME.
+
+  [ Ondřej Nový ]
+  * d/control: Set Vcs-* to salsa.debian.org
+
+ -- Cyril Brulebois   Fri, 19 Apr 2019 18:29:05 +0200
+
 haveged (1.9.1-6) unstable; urgency=high
 
   * Start haveged.service after systemd-tmpfiles-setup.service has been run.
diff -Nru haveged-1.9.1/debian/control haveged-1.9.1/debian/control
--- haveged-1.9.1/debian/control2017-07-17 15:42:46.0 +
+++ haveged-1.9.1/debian/control2019-04-18 16:32:42.0 +
@@ -5,8 +5,8 @@
 Build-Depends: debhelper (>= 9), dh-apparmor, dh-autoreconf, dh-systemd
 Standards-Version: 3.9.8
 Homepage: http://issihosts.com/haveged/
-Vcs-Git: https://alioth.debian.org/anonscm/git/collab-maint/haveged.git
-Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/haveged.git
+Vcs-Git: https://salsa.debian.org/debian/haveged.git
+Vcs-Browser: https://salsa.debian.org/debian/haveged
 
 Package: haveged
 Architecture: linux-any
@@ -71,3 +71,11 @@
  http://www.irisa.fr/caps/projects/hipsor/
  .
  This package contains the development files.
+
+Package: haveged-udeb
+Package-Type: udeb
+Section: debian-installer
+Architecture: linux-any
+Depends: ${shlibs:Depends}
+Description: Linux entropy source using the HAVEGE algorithm -- udeb
+ This package is for use in the Debian Installer.
diff -Nru haveged-1.9.1/debian/haveged-udeb.install 
haveged-1.9.1/debian/haveged-udeb.install
--- haveged-1.9.1/debian/haveged-udeb.install   1970-01-01 00:00:00.0 
+
+++ haveged-1.9.1/debian/haveged-udeb.install   2019-04-16 22:25:12.0 
+
@@ -0,0 +1,2 @@
+usr/sbin/haveged
+usr/lib/*/libhavege.so.*
diff -Nru haveged-1.9.1/debian/shlibs.local haveged-1.9.1/debian/shlibs.local
--- haveged-1.9.1/debian/shlibs.local   1970-01-01 00:00:00.0 +
+++ haveged-1.9.1/debian/shlibs.local   2019-04-16 22:45:49.0 +
@@ -0,0 +1,4 @@
+# No need to ship a separate libhavege1-udeb, so bundle the daemon and
+# the library in the same udeb (haveged-udeb), and let shlibs:Depends
+# computation know where libhavege.so.1 is shipped:
+udeb: libhavege 1 haveged-udeb


Bug#928407: unblock: bind9/1:9.11.5.P4+dfsg-5

2019-05-05 Thread Cyril Brulebois
Niels Thykier  (2019-05-05):
> I have flagged it as ok from the RT PoV and is CC'ing KiBi for a d-i
> review before it is finally unblocked.

No objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928269: unblock: cryptsetup/2.1.0-3

2019-05-05 Thread Cyril Brulebois
Ivo De Decker  (2019-05-05):
> On Tue, Apr 30, 2019 at 10:14:22PM +0200, Guilhem Moulin wrote:
> > The cryptsetup package found in Buster, currently at version 2:2.1.0-2,
> > contains regressions affecting unlocking using OpenSC (PKCS#15 compatible
> > Smart Card):
> > 
> > [#926573] The `decrypt_opensc` keyscript poisons standard output,
> > causing `cryptsetup open --key-file -` to fail.  (Since 2:2.0.3-7.)
> > https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/8
> > 
> > [#928263] The initramfs hook fails to copy libpcsclite.so to the
> > initramfs on non-usrmerge systems, causing the pcscd daemon to fail to
> > start, hence failing unlocking at initramfs stage.  (Since 2:2.0.3-2.)
> > 
> > These regressions are RC for users relying on OpenSC integration, but
> > the bugs have ‘Severity: important’ since src:cryptsetup is still usable
> > to others.
> > 
> > Debdiff between 2:2.1.0-2 and 2:2.1.0-3 attached.
> 
> This looks ok, but needs a d-i ack. Cc'ed kibi.

LGTM, no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928404: unblock: glibc/2.28-10

2019-05-04 Thread Cyril Brulebois
Hi,

Aurelien Jarno  (2019-05-03):
> The glibc package in version 2.28-10 currently in sid mostly updates the
> git-updates.diff patch to the latest upstream stable branch:
> - Fix security issue CVE-2019-9169.
> - Support for the new Reiwa era to the ja_JP which seems to be something
>   quite important for Japanese people. 
>   provide shared libraries (not) tuned for the corresponding platforms.
> - Fix for an infinite loop in the pldd binary, which makes it unusable
>   (regression from stretch).
> - Support for vector instructions related hwcap on s390x to allow one to
> - Fix for a riscv specific issue in a file which is not used on other
>   architectures, so with no risk for them.
> 
> In addition to that it includes a fix for a bug in dlopen introduced by
> an arm patch, but affecting all architectures.
> 
> I believe that all the above changes are suitable for buster. If you
> agree, could you please unblock package glibc:
> 
> unblock glibc/2.28-10

All tests look good, no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


Bug#928310: unblock: wpa/2:2.7+git20190128+0c1e29f-5

2019-05-03 Thread Cyril Brulebois
Hi,

Paul Gevers  (2019-05-01):
> Control: tags -1 d-i moreinfo confirmed
> 
> On 01-05-2019 22:08, Salvatore Bonaccorso wrote:
> > Please unblock package wpa. The followup update to unstable for wpa
> > 2:2.7+git20190128+0c1e29f-5 fixes one additional security issue
> > ("EAP-pwd message reassembly issue with unexpected fragment"). It got
> > CVE-2019-11555 later assigned.
> 
> This needs an ACK from d-i, but otherwise I'd unblock it.

Tested succesfully on bare metal: please go ahead.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature


  1   2   3   4   5   6   7   8   9   10   >