Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock
Hi, please unblock devscripts/2.19.5 - debdiff (filtering out the po files) is attached. Changes are: * typos in documentation * small fixes in salsa(1) and a tiny one in uscan(1) * important fixes in mk-origtargz(1) - see the recent post on d-d@ from guillem Thanks for considering. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
debian/changelog | 34 ++++++++++++++++++- lib/Devscripts/MkOrigtargz.pm | 42 +++++++++++++++++------- lib/Devscripts/Salsa/Config.pm | 4 +- lib/Devscripts/Salsa/check_repo.pm | 1 lib/Devscripts/Salsa/update_repo.pm | 6 +++ lib/Devscripts/Uscan/WatchFile.pm | 2 - scripts/hardening-check.pl | 10 ++--- scripts/salsa.pl | 6 ++- scripts/uscan.pl | 3 + test/lib_test_uscan | 2 - test/test_mk-origtargz | 63 ++++++++++++++++++++++++++++++++++-- 11 files changed, 147 insertions(+), 26 deletions(-) diffstat for devscripts-2.19.4 devscripts-2.19.5 diff -Nru devscripts-2.19.4/debian/changelog devscripts-2.19.5/debian/changelog --- devscripts-2.19.4/debian/changelog 2019-03-20 16:57:59.000000000 +0100 +++ devscripts-2.19.5/debian/changelog 2019-05-09 17:01:29.000000000 +0200 @@ -1,3 +1,35 @@ +devscripts (2.19.5) unstable; urgency=medium + + [ Topi Miettinen ] + * hardening-check: + + Fix some typos in the documentation. MR: !118 + + [ Xavier Guimard ] + * Update French translation. + * uscan: + + Don't fail on first error when using multiple watch files. + Closes: #927864; MR: !119 + * salsa: MR: !117 + + Fix token regexp to allow "-" in GitLab tokens. + + Fix useless warnings when old description is null. Closes: #927367 + + Accept sub-groups in --group parameter. Closes: #927350 + + Fix bad warning if user is an inherited member of a subgroup. + Closes: #927373 + + [ Edward Betts ] + * Correct some spelling errors in documentation. MR: !116 + + [ Guillem Jover ] + * mk-origtargz: MR: !120 + + Do not enarmor already armored OpenPGP signatures. This actively caused + broken .asc files to be uploaded to the archive. + + Pass --no-options to gpg. + + Prevent duplicating the signature in case mk-origtargz is called twice. + + Fix OpenPGP signature ASCII enarmor normalization. + + Minore code improvements. + + -- Mattia Rizzolo <mat...@debian.org> Thu, 09 May 2019 17:01:29 +0200 + devscripts (2.19.4) unstable; urgency=medium [ Antonio Terceiro ] @@ -41,7 +73,7 @@ + Add KGB options configuration. Closes: #921641; MR: !115 * uscan: + Fix bad check for "verbose" in Config.pm. Closes: #923441; MR: !111 - * Update French translation + * Update French translation. [ Reiner Herrmann ] * Update German translation. diff -Nru devscripts-2.19.4/lib/Devscripts/MkOrigtargz.pm devscripts-2.19.5/lib/Devscripts/MkOrigtargz.pm --- devscripts-2.19.4/lib/Devscripts/MkOrigtargz.pm 2019-03-01 10:39:51.000000000 +0100 +++ devscripts-2.19.5/lib/Devscripts/MkOrigtargz.pm 2019-05-09 16:52:33.000000000 +0200 @@ -307,9 +307,6 @@ # Final step: symlink, copy or rename for signature file. - my $is_ascfile = $self->config->signature_file =~ /\.asc$/i; - my $is_gpgfile = $self->config->signature_file =~ /\.(gpg|pgp|sig|sign)$/i; - my $destsigfile; if ($self->config->signature == 1) { $destsigfile = sprintf "%s.asc", $destfile; @@ -324,22 +321,43 @@ } if ($self->config->signature == 1 or $self->config->signature == 2) { - if ($is_gpgfile) { - my $enarmor - = `gpg --output - --enarmor $self->{config}->{signature_file} 2>&1`; + my $is_openpgp_ascii_armor = 0; + my $fh_sig; + unless (open($fh_sig, '<', $self->config->signature_file)) { + ds_die "Cannot open $self->{config}->{signature_file}\n"; + return $self->status(1); + } + while (<$fh_sig>) { + if (m/^-----BEGIN PGP /) { + $is_openpgp_ascii_armor = 1; + last; + } + } + close($fh_sig); + + if (not $is_openpgp_ascii_armor) { + my @enarmor + = `gpg --no-options --output - --enarmor $self->{config}->{signature_file} 2>&1`; unless ($? == 0) { ds_die -"mk-origtargz: Failed to convert $self->{config}->{signature_file} to *.asc\n"; +"Failed to convert $self->{config}->{signature_file} to *.asc\n"; return $self->status(1); } - $enarmor =~ s/ARMORED FILE/SIGNATURE/; - $enarmor =~ /^Comment:/d; - unless (open(DESTSIG, ">> $destsigfile")) { + unless (open(DESTSIG, '>', $destsigfile)) { + ds_die "Failed to open $destsigfile for write $!\n"; + return $self->status(1); + } + foreach my $line (@enarmor) { + next if $line =~ m/^Version:/; + next if $line =~ m/^Comment:/; + $line =~ s/ARMORED FILE/SIGNATURE/; + print DESTSIG $line; + } + unless (close(DESTSIG)) { ds_die - "mk-origtargz: Failed to open $destsigfile for append: $!\n"; +"Cannot write signature file $self->{config}->{signature_file}\n"; return $self->status(1); } - print DESTSIG $enarmor; } else { if (abs_path($self->config->signature_file) ne abs_path($destsigfile)) { diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/check_repo.pm devscripts-2.19.5/lib/Devscripts/Salsa/check_repo.pm --- devscripts-2.19.4/lib/Devscripts/Salsa/check_repo.pm 2019-03-11 17:07:17.000000000 +0100 +++ devscripts-2.19.5/lib/Devscripts/Salsa/check_repo.pm 2019-05-09 16:52:23.000000000 +0200 @@ -41,6 +41,7 @@ # check description my %prms = $self->desc($name); if ($self->config->desc) { + $project->{description} //= ''; push @err, "bad description: $project->{description}" if ($prms{description} ne $project->{description}); } diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/Config.pm devscripts-2.19.5/lib/Devscripts/Salsa/Config.pm --- devscripts-2.19.4/lib/Devscripts/Salsa/Config.pm 2019-03-11 17:07:17.000000000 +0100 +++ devscripts-2.19.5/lib/Devscripts/Salsa/Config.pm 2019-05-09 16:52:23.000000000 +0200 @@ -70,7 +70,7 @@ return /^[\w\d\-]+$/ ? 1 : (0, "Bad path $_"); } ], - ['group=s', 'SALSA_GROUP', qr/^[\-\w]+$/], + ['group=s', 'SALSA_GROUP', qr/^[\/\-\w]+$/], ['group-id=s', 'SALSA_GROUP_ID', qr/^\d+$/], ['token', 'SALSA_TOKEN', sub { $_[0]->private_token($_[1]) }], [ @@ -83,7 +83,7 @@ my $s = join '', <F>; close F; if ($s - =~ m/^[^#]*(?:SALSA_(?:PRIVATE_)?TOKEN)\s*=\s*(["'])?(\w+)\1?$/m + =~ m/^[^#]*(?:SALSA_(?:PRIVATE_)?TOKEN)\s*=\s*(["'])?([-\w]+)\1?$/m ) { $self->private_token($2); return 1; diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/update_repo.pm devscripts-2.19.5/lib/Devscripts/Salsa/update_repo.pm --- devscripts-2.19.4/lib/Devscripts/Salsa/update_repo.pm 2019-03-01 12:04:49.000000000 +0100 +++ devscripts-2.19.5/lib/Devscripts/Salsa/update_repo.pm 2019-05-09 16:52:23.000000000 +0200 @@ -115,6 +115,12 @@ if ($self->group_id) { my $tmp = $self->api->group_member($self->group_id, $user_id); unless ($tmp) { + my $members + = $self->api->paginator('all_group_members', $self->group_id, + { query => $user_id }); + while ($_ = $members->next) { + return $_->{access_level} if ($_->{id} eq $user_id); + } ds_warn "You're not member of this group"; return 0; } diff -Nru devscripts-2.19.4/lib/Devscripts/Uscan/WatchFile.pm devscripts-2.19.5/lib/Devscripts/Uscan/WatchFile.pm --- devscripts-2.19.4/lib/Devscripts/Uscan/WatchFile.pm 2019-03-01 12:04:49.000000000 +0100 +++ devscripts-2.19.5/lib/Devscripts/Uscan/WatchFile.pm 2019-05-09 16:52:23.000000000 +0200 @@ -345,7 +345,7 @@ foreach my $line (@{ $self->watchlines }) { # Set same $download for all $line->shared->{download} = $download; - # Non "group" lines where not intialized + # Non "group" lines where not initialized unless ($line->type eq 'group') { if ( $line->parse or $line->search diff -Nru devscripts-2.19.4/scripts/hardening-check.pl devscripts-2.19.5/scripts/hardening-check.pl --- devscripts-2.19.4/scripts/hardening-check.pl 2019-03-01 10:39:51.000000000 +0100 +++ devscripts-2.19.5/scripts/hardening-check.pl 2019-04-28 16:13:11.000000000 +0200 @@ -502,23 +502,23 @@ =item B<--nopie>, B<-p> -No not require that the checked binaries be built as PIE. +Do not require that the checked binaries be built as PIE. =item B<--nostackprotector>, B<-s> -No not require that the checked binaries be built with the stack protector. +Do not require that the checked binaries be built with the stack protector. =item B<--nofortify>, B<-f> -No not require that the checked binaries be built with Fority Source. +Do not require that the checked binaries be built with Fortify Source. =item B<--norelro>, B<-r> -No not require that the checked binaries be built with RELRO. +Do not require that the checked binaries be built with RELRO. =item B<--nobindnow>, B<-b> -No not require that the checked binaries be built with BIND_NOW. +Do not require that the checked binaries be built with BIND_NOW. =item B<--quiet>, B<-q> diff -Nru devscripts-2.19.4/scripts/salsa.pl devscripts-2.19.5/scripts/salsa.pl --- devscripts-2.19.4/scripts/salsa.pl 2019-03-11 17:07:17.000000000 +0100 +++ devscripts-2.19.5/scripts/salsa.pl 2019-05-09 16:52:23.000000000 +0200 @@ -430,6 +430,10 @@ Team to use. Use C<salsa search_group name> to find it. +If you want to use a subgroup, you have to set its full path: + + salsa --group perl-team/modules/packages check_repo lemonldap-ng + C<.devscripts> value: B<SALSA_GROUP> Be careful when you use B<SALSA_GROUP> in your C<.devscripts> file. Every @@ -800,7 +804,7 @@ Copyright (C) 2018, Xavier Guimard E<lt>y...@debian.orge<gt> -It contains code formely found in L<dpt-salsa> I<(pkg-perl-tools)> +It contains code formerly found in L<dpt-salsa> I<(pkg-perl-tools)> copyright 2018, gregor herrmann E<lt>gre...@debian.orge<gt>. This library is free software; you can redistribute it and/or modify diff -Nru devscripts-2.19.4/scripts/uscan.pl devscripts-2.19.5/scripts/uscan.pl --- devscripts-2.19.4/scripts/uscan.pl 2019-03-01 12:04:49.000000000 +0100 +++ devscripts-2.19.5/scripts/uscan.pl 2019-05-09 16:52:23.000000000 +0200 @@ -2010,7 +2010,8 @@ my @wf = find_watch_files($config); foreach (@wf) { - $res ||= process_watchfile(@$_); + my $tmp = process_watchfile(@$_); + $res ||= $tmp; # Are there any warnings to give if we're using dehs? dehs_output if ($dehs); diff -Nru devscripts-2.19.4/test/lib_test_uscan devscripts-2.19.5/test/lib_test_uscan --- devscripts-2.19.4/test/lib_test_uscan 2019-03-20 14:02:49.000000000 +0100 +++ devscripts-2.19.5/test/lib_test_uscan 2019-05-09 16:52:23.000000000 +0200 @@ -53,7 +53,7 @@ # magic function that pipes stdout and stderr into a pipe, and prints it only # on command failure. # This uses a pipe, so it has limited capacity. Do not use it with stuff -# outputing too much data. +# outputting too much data. chronic_sh (){ local pipe pipe=$(mktemp -u) diff -Nru devscripts-2.19.4/test/test_mk-origtargz devscripts-2.19.5/test/test_mk-origtargz --- devscripts-2.19.4/test/test_mk-origtargz 2019-03-01 10:39:51.000000000 +0100 +++ devscripts-2.19.5/test/test_mk-origtargz 2019-05-09 16:52:33.000000000 +0200 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Copyright 2014, Rafael Laboissiere <raf...@laboissiere.net> # Copyright 2015, James McCoy <james...@debian.org> @@ -18,6 +18,10 @@ set -u +# Load GPG +TESTTYPE=MkOrigTarGz +. ./lib_test_uscan + if test "${1:-}" = --installed; then MK_ORIGTARGZ="mk-origtargz" shift @@ -72,9 +76,31 @@ } makeTarBall () { - comp="$1"; + comp="$1" + mkgpg="${2:-none}" makeUpstreamFiles tar --create --auto-compress --file "$TMPDIR/foo-0.1.tar.$comp" --directory "$TMPDIR" foo-0.1 + local gpgopts=( + chronic_sh $GPG + --homedir "$GPGHOME" + --no-options -q --batch --no-default-keyring + --secret-keyring "$PRIVATE_KEYRING" + --default-key 72544FAF + --detach-sign + ) + case "$mkgpg" in + sig) + "${gpgopts[@]}" "$TMPDIR/foo-0.1.tar.$comp" + ;; + asc) + "${gpgopts[@]}" --armor "$TMPDIR/foo-0.1.tar.$comp" + ;; + none) + ;; + *) + fail "unknown parameter in makeTarBall()" + ;; + esac rm -rf "$TMPDIR/foo-0.1" } makeSimpleTar () { @@ -235,6 +261,39 @@ assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)" } +testSymlinkWithConvertedSig() { + makeTarBall gz sig + makeDebianDir + run_mk_origtargz foo "" \ + "Successfully symlinked ../foo-0.1.tar.gz to ../foo_0.1.orig.tar.gz." \ + --signature 1 --signature-file=../foo-0.1.tar.gz.sig \ + ../foo-0.1.tar.gz + assertTrue "original tarball does not exist" "[ -e $TMPDIR/foo-0.1.tar.gz ]" + assertTrue "result does not exist" "[ -e $TMPDIR/foo_0.1.orig.tar.gz ]" + assertTrue "result is not a symlink" "[ -L $TMPDIR/foo_0.1.orig.tar.gz ]" + assertTrue "result is not readable" "[ -r $TMPDIR/foo_0.1.orig.tar.gz ]" + assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)" + assertTrue "signature isn't valid" "$GPG --homedir '$GPGHOME' --verify $TMPDIR/foo_0.1.orig.tar.gz.asc" +} + +testSymlinkWithArmoredSig() { + # MR for https://lists.debian.org/debian-devel/2019/04/msg00459.html + makeTarBall gz asc + # an armored signature, but with the wrong extension. + mv $TMPDIR/foo-0.1.tar.gz.asc $TMPDIR/foo-0.1.tar.gz.sig + makeDebianDir + run_mk_origtargz foo "" \ + "Successfully symlinked ../foo-0.1.tar.gz to ../foo_0.1.orig.tar.gz." \ + --signature 1 --signature-file=../foo-0.1.tar.gz.sig \ + ../foo-0.1.tar.gz + assertTrue "original tarball does not exist" "[ -e $TMPDIR/foo-0.1.tar.gz ]" + assertTrue "result does not exist" "[ -e $TMPDIR/foo_0.1.orig.tar.gz ]" + assertTrue "result is not a symlink" "[ -L $TMPDIR/foo_0.1.orig.tar.gz ]" + assertTrue "result is not readable" "[ -r $TMPDIR/foo_0.1.orig.tar.gz ]" + assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)" + assertTrue "signature isn't valid" "$GPG --homedir '$GPGHOME' --verify $TMPDIR/foo_0.1.orig.tar.gz.asc" +} + testCopy() { makeTarBall gz makeDebianDir
signature.asc
Description: PGP signature