Bug#871937: stretch-pu: package monkeysign/2.2.3
Control: reopen 871937 On 2018-12-02 16:47:48, Julien Cristau wrote: > On Sat, Sep 09, 2017 at 03:23:13PM +0200, Julien Cristau wrote: >> Control: tag -1 moreinfo >> >> On Sat, Aug 12, 2017 at 14:21:11 -0400, Antoine Beaupre wrote: >> >> > Package: release.debian.org >> > Severity: normal >> > Tags: stretch >> > User: release.debian@packages.debian.org >> > Usertags: pu >> > >> > Hi, >> > >> > I am working on a new release of Monkeysign, which I'd like to upload >> > in Debian. If it would be just me, I would tag the current HEAD with >> > 2.2.4, considering the changes are mostly minor and non-disruptive: >> > >> > angela:monkeysign$ git diff 2.2.3 --stat >> > CONTRIBUTING.rst| 9 +- >> > debian/gbp.conf | 2 +- >> > doc/usage.rst | 4 + >> > monkeysign/cli.py | 11 +- >> > monkeysign/gpg.py | 35 ++-- >> > monkeysign/gtkui.py | 81 ++--- >> > monkeysign/tests/files/7B75921E.asc | 331 >> > - >> > monkeysign/tests/test_gpg.py| 21 +-- >> > monkeysign/tests/test_ui.py | 147 - >> > monkeysign/ui.py| 168 --- >> > po/nl.po| 725 >> > >> > 11 files changed, 1225 insertions(+), 309 deletions(-) >> > >> > as you can see, more than half of the diff (725 lines) is just a >> > translation file update. The rest is fixes for tests and critical >> > bugfixes (although the bugfixes have not been reported directly in the >> > Debian BTS, but discovered through my own testing). >> > >> > Attached is the actual diff. Should I upload this as 2.2.4 to unstable >> > and stable-pu? Or should i minimize this diff to a bare minimum and >> > release a more targeted 2.2.4 to stable and a 2.3.0 to unstable? >> > >> There's no such thing as uploading the same package version to unstable >> and proposed-updates. Please first get the changes in unstable, with >> whatever version number. Let them sit for a while, and then come back >> with a request for stable, with a description and justification of the >> changes (which I couldn't see here). >> > That doesn't seem to have happened; closing. I'm confused. I *did* upload the changes to unstable: https://tracker.debian.org/news/966367/accepted-monkeysign-224-source-all-into-unstable/ They migrated to testing and everything. I guess I should have pinged this bug report back again? I can rephrase a description of the changes, but the changelog above is pretty straightforward: [ Tobias Rueetschi ] * false isn't defined, that must be False [ Antoine Beaupré ] * actually send multiple emails instead of a single one * CVE-2018-12020: add no verbose to avoid fake signatures Here's the actual diff, according to git: diff --git c/debian/changelog w/debian/changelog index db96510..1f1d667 100644 --- c/debian/changelog +++ w/debian/changelog @@ -1,3 +1,14 @@ +monkeysign (2.2.4) unstable; urgency=medium + + [ Tobias Rueetschi ] + * false isn't defined, that must be False + + [ Antoine Beaupré ] + * actually send multiple emails instead of a single one + * CVE-2018-12020: add no verbose to avoid fake signatures + + -- Antoine Beaupré Mon, 18 Jun 2018 12:18:46 -0400 + monkeysign (2.2.3) unstable; urgency=medium [ Simon Fondrie-Teitler ] diff --git c/monkeysign/gpg.py w/monkeysign/gpg.py index 223073c..7746861 100644 --- c/monkeysign/gpg.py +++ w/monkeysign/gpg.py @@ -102,6 +102,7 @@ class Context(): 'with-colons': None, 'with-fingerprint': None, 'fixed-list-mode': None, +'no-verbose': None, 'list-options': 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire', } @@ -126,7 +127,7 @@ def unset_option(self, option): if option in self.options: del self.options[option] else: -return false +return False def build_command(self, command): """internal helper to build a proper gpg commandline diff --git c/monkeysign/tests/test_gpg.py w/monkeysign/tests/test_gpg.py index 5ca8472..445ce2e 100755 --- c/monkeysign/tests/test_gpg.py +++ w/monkeysign/tests/test_gpg.py @@ -42,7 +42,7 @@ class TestContext(unittest.TestCase): options = Context.options # ... and this is the rendered version of the above -rendered_options = ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options', 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire', '--batch', '--fixed-list-mode', '--no-tty', '--with-colons', '--use-agent', '--status-fd', '2', '--quiet' ] +rendered_options = ['gpg', '--command-fd', '0', '--with-fingerprint',
Bug#871937: stretch-pu: package monkeysign/2.2.3
Control: tag -1 moreinfo On Sat, Aug 12, 2017 at 14:21:11 -0400, Antoine Beaupre wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian@packages.debian.org > Usertags: pu > > Hi, > > I am working on a new release of Monkeysign, which I'd like to upload > in Debian. If it would be just me, I would tag the current HEAD with > 2.2.4, considering the changes are mostly minor and non-disruptive: > > angela:monkeysign$ git diff 2.2.3 --stat > CONTRIBUTING.rst| 9 +- > debian/gbp.conf | 2 +- > doc/usage.rst | 4 + > monkeysign/cli.py | 11 +- > monkeysign/gpg.py | 35 ++-- > monkeysign/gtkui.py | 81 ++--- > monkeysign/tests/files/7B75921E.asc | 331 > - > monkeysign/tests/test_gpg.py| 21 +-- > monkeysign/tests/test_ui.py | 147 - > monkeysign/ui.py| 168 --- > po/nl.po| 725 > > 11 files changed, 1225 insertions(+), 309 deletions(-) > > as you can see, more than half of the diff (725 lines) is just a > translation file update. The rest is fixes for tests and critical > bugfixes (although the bugfixes have not been reported directly in the > Debian BTS, but discovered through my own testing). > > Attached is the actual diff. Should I upload this as 2.2.4 to unstable > and stable-pu? Or should i minimize this diff to a bare minimum and > release a more targeted 2.2.4 to stable and a 2.3.0 to unstable? > There's no such thing as uploading the same package version to unstable and proposed-updates. Please first get the changes in unstable, with whatever version number. Let them sit for a while, and then come back with a request for stable, with a description and justification of the changes (which I couldn't see here). Cheers, Julien
Bug#871937: stretch-pu: package monkeysign/2.2.3
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, I am working on a new release of Monkeysign, which I'd like to upload in Debian. If it would be just me, I would tag the current HEAD with 2.2.4, considering the changes are mostly minor and non-disruptive: angela:monkeysign$ git diff 2.2.3 --stat CONTRIBUTING.rst| 9 +- debian/gbp.conf | 2 +- doc/usage.rst | 4 + monkeysign/cli.py | 11 +- monkeysign/gpg.py | 35 ++-- monkeysign/gtkui.py | 81 ++--- monkeysign/tests/files/7B75921E.asc | 331 - monkeysign/tests/test_gpg.py| 21 +-- monkeysign/tests/test_ui.py | 147 - monkeysign/ui.py| 168 --- po/nl.po| 725 11 files changed, 1225 insertions(+), 309 deletions(-) as you can see, more than half of the diff (725 lines) is just a translation file update. The rest is fixes for tests and critical bugfixes (although the bugfixes have not been reported directly in the Debian BTS, but discovered through my own testing). Attached is the actual diff. Should I upload this as 2.2.4 to unstable and stable-pu? Or should i minimize this diff to a bare minimum and release a more targeted 2.2.4 to stable and a 2.3.0 to unstable? Thanks for the feedback! A. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 6e0e004..cf9e3ea 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -351,9 +351,12 @@ To renew the keys, try:: mkdir ~/.gpg-tmp chmod 700 ~/.gpg-tmp -gpg --homedir ~/.gpg-tmp --import 7B75921E.asc +gpg --homedir ~/.gpg-tmp --import monkeysign/tests/files/7B75921E.asc gpg --homedir ~/.gpg-tmp --refresh-keys 8DC901CE64146C048AD50FBB792152527B75921E -gpg --homedir ~/.gpg-tmp --export-options export-minimal --armor --export 8DC901CE64146C048AD50FBB792152527B75921E > 7B75921E.asc +gpg --homedir ~/.gpg-tmp --export-options export-minimal --armor --export 8DC901CE64146C048AD50FBB792152527B75921E > monkeysign/tests/files/7B75921E.asc + +Once that is done, the ``@skipIfDatePassed`` tests need to be adjusted +to not be skipped anymore. It is also possible the key is just expired and there is no replacement. In this case the solution is to try and find a similar test case and @@ -407,10 +410,10 @@ those: ``devscripts``, ``git``, ``git-buildpackage``, ``pip`` and monkeysign --version monkeysign --test monkeyscan + dpkg --remove monkeysign 6. build and test Python "wheel":: - dpkg --remove monkeysign python setup.py bdist_wheel pip install dist/*.whl monkeysign --version diff --git a/debian/gbp.conf b/debian/gbp.conf index cb1505f..6513d67 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,3 +1,3 @@ [DEFAULT] -debian-branch = 2.2.x +debian-branch = 2.x debian-tag = %(version)s diff --git a/doc/usage.rst b/doc/usage.rst index 7a769b1..c825a5a 100644 --- a/doc/usage.rst +++ b/doc/usage.rst @@ -141,6 +141,10 @@ examples of known working configurations. monkeysign --mua "thunderbird -compose to=%(to)s,subject=%(subject)s,body=%(body)s,attachment=%(attach)s" [...] + .. note:: Thunerbird fails to respect the attachment parameter in +versions before 52.1.1, see :bts:`837771` for more +details. + * Mutt:: monkeysign --mua "mutt -a %(attach)s -s %(subject)s -i %(body)s %(to)s" [...] diff --git a/monkeysign/cli.py b/monkeysign/cli.py index 62901c1..12745ee 100644 --- a/monkeysign/cli.py +++ b/monkeysign/cli.py @@ -20,10 +20,13 @@ import sys import os import getpass +import logging from monkeysign.ui import MonkeysignUi import monkeysign.translation +logger = logging.getLogger(__name__) + class MonkeysignCli(MonkeysignUi): """sign a key in a safe fashion. @@ -48,11 +51,11 @@ def main(self): os.environ['GPG_TTY'] = os.ttyname(sys.stdin.fileno()) except OSError as e: if e.errno == errno.ENOTTY: -self.warn(_('cannot find your TTY, GPG may freak out if you do not set the GPG_TTY environment')) +logger.warning(_('cannot find your TTY, GPG may freak out if you do not set the GPG_TTY environment')) else: raise else: -self.log(_('reset GPG_TTY to %s') % os.environ['GPG_TTY']) +