Bug#871937: stretch-pu: package monkeysign/2.2.3
Control: reopen 871937 On 2018-12-02 16:47:48, Julien Cristau wrote: > On Sat, Sep 09, 2017 at 03:23:13PM +0200, Julien Cristau wrote: >> Control: tag -1 moreinfo >> >> On Sat, Aug 12, 2017 at 14:21:11 -0400, Antoine Beaupre wrote: >> >> > Package: release.debian.org >> > Severity: normal >> > Tags: stretch >> > User: release.debian@packages.debian.org >> > Usertags: pu >> > >> > Hi, >> > >> > I am working on a new release of Monkeysign, which I'd like to upload >> > in Debian. If it would be just me, I would tag the current HEAD with >> > 2.2.4, considering the changes are mostly minor and non-disruptive: >> > >> > angela:monkeysign$ git diff 2.2.3 --stat >> > CONTRIBUTING.rst| 9 +- >> > debian/gbp.conf | 2 +- >> > doc/usage.rst | 4 + >> > monkeysign/cli.py | 11 +- >> > monkeysign/gpg.py | 35 ++-- >> > monkeysign/gtkui.py | 81 ++--- >> > monkeysign/tests/files/7B75921E.asc | 331 >> > - >> > monkeysign/tests/test_gpg.py| 21 +-- >> > monkeysign/tests/test_ui.py | 147 - >> > monkeysign/ui.py| 168 --- >> > po/nl.po| 725 >> > >> > 11 files changed, 1225 insertions(+), 309 deletions(-) >> > >> > as you can see, more than half of the diff (725 lines) is just a >> > translation file update. The rest is fixes for tests and critical >> > bugfixes (although the bugfixes have not been reported directly in the >> > Debian BTS, but discovered through my own testing). >> > >> > Attached is the actual diff. Should I upload this as 2.2.4 to unstable >> > and stable-pu? Or should i minimize this diff to a bare minimum and >> > release a more targeted 2.2.4 to stable and a 2.3.0 to unstable? >> > >> There's no such thing as uploading the same package version to unstable >> and proposed-updates. Please first get the changes in unstable, with >> whatever version number. Let them sit for a while, and then come back >> with a request for stable, with a description and justification of the >> changes (which I couldn't see here). >> > That doesn't seem to have happened; closing. I'm confused. I *did* upload the changes to unstable: https://tracker.debian.org/news/966367/accepted-monkeysign-224-source-all-into-unstable/ They migrated to testing and everything. I guess I should have pinged this bug report back again? I can rephrase a description of the changes, but the changelog above is pretty straightforward: [ Tobias Rueetschi ] * false isn't defined, that must be False [ Antoine Beaupré ] * actually send multiple emails instead of a single one * CVE-2018-12020: add no verbose to avoid fake signatures Here's the actual diff, according to git: diff --git c/debian/changelog w/debian/changelog index db96510..1f1d667 100644 --- c/debian/changelog +++ w/debian/changelog @@ -1,3 +1,14 @@ +monkeysign (2.2.4) unstable; urgency=medium + + [ Tobias Rueetschi ] + * false isn't defined, that must be False + + [ Antoine Beaupré ] + * actually send multiple emails instead of a single one + * CVE-2018-12020: add no verbose to avoid fake signatures + + -- Antoine Beaupré Mon, 18 Jun 2018 12:18:46 -0400 + monkeysign (2.2.3) unstable; urgency=medium [ Simon Fondrie-Teitler ] diff --git c/monkeysign/gpg.py w/monkeysign/gpg.py index 223073c..7746861 100644 --- c/monkeysign/gpg.py +++ w/monkeysign/gpg.py @@ -102,6 +102,7 @@ class Context(): 'with-colons': None, 'with-fingerprint': None, 'fixed-list-mode': None, +'no-verbose': None, 'list-options': 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire', } @@ -126,7 +127,7 @@ def unset_option(self, option): if option in self.options: del self.options[option] else: -return false +return False def build_command(self, command): """internal helper to build a proper gpg commandline diff --git c/monkeysign/tests/test_gpg.py w/monkeysign/tests/test_gpg.py index 5ca8472..445ce2e 100755 --- c/monkeysign/tests/test_gpg.py +++ w/monkeysign/tests/test_gpg.py @@ -42,7 +42,7 @@ class TestContext(unittest.TestCase): options = Context.options # ... and this is the rendered version of the above -rendered_options = ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options', 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire', '--batch', '--fixed-list-mode', '--no-tty', '--with-colons', '--use-agent', '--status-fd', '2', '--quiet' ] +rendered_options = ['gpg', '--command-fd', '0', '--with-fingerprint',
Bug#871937: stretch-pu: package monkeysign/2.2.3
Control: tag -1 moreinfo On Sat, Aug 12, 2017 at 14:21:11 -0400, Antoine Beaupre wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian@packages.debian.org > Usertags: pu > > Hi, > > I am working on a new release of Monkeysign, which I'd like to upload > in Debian. If it would be just me, I would tag the current HEAD with > 2.2.4, considering the changes are mostly minor and non-disruptive: > > angela:monkeysign$ git diff 2.2.3 --stat > CONTRIBUTING.rst| 9 +- > debian/gbp.conf | 2 +- > doc/usage.rst | 4 + > monkeysign/cli.py | 11 +- > monkeysign/gpg.py | 35 ++-- > monkeysign/gtkui.py | 81 ++--- > monkeysign/tests/files/7B75921E.asc | 331 > - > monkeysign/tests/test_gpg.py| 21 +-- > monkeysign/tests/test_ui.py | 147 - > monkeysign/ui.py| 168 --- > po/nl.po| 725 > > 11 files changed, 1225 insertions(+), 309 deletions(-) > > as you can see, more than half of the diff (725 lines) is just a > translation file update. The rest is fixes for tests and critical > bugfixes (although the bugfixes have not been reported directly in the > Debian BTS, but discovered through my own testing). > > Attached is the actual diff. Should I upload this as 2.2.4 to unstable > and stable-pu? Or should i minimize this diff to a bare minimum and > release a more targeted 2.2.4 to stable and a 2.3.0 to unstable? > There's no such thing as uploading the same package version to unstable and proposed-updates. Please first get the changes in unstable, with whatever version number. Let them sit for a while, and then come back with a request for stable, with a description and justification of the changes (which I couldn't see here). Cheers, Julien
Bug#871937: stretch-pu: package monkeysign/2.2.3
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I am working on a new release of Monkeysign, which I'd like to upload
in Debian. If it would be just me, I would tag the current HEAD with
2.2.4, considering the changes are mostly minor and non-disruptive:
angela:monkeysign$ git diff 2.2.3 --stat
CONTRIBUTING.rst| 9 +-
debian/gbp.conf | 2 +-
doc/usage.rst | 4 +
monkeysign/cli.py | 11 +-
monkeysign/gpg.py | 35 ++--
monkeysign/gtkui.py | 81 ++---
monkeysign/tests/files/7B75921E.asc | 331 -
monkeysign/tests/test_gpg.py| 21 +--
monkeysign/tests/test_ui.py | 147 -
monkeysign/ui.py| 168 ---
po/nl.po| 725
11 files changed, 1225 insertions(+), 309 deletions(-)
as you can see, more than half of the diff (725 lines) is just a
translation file update. The rest is fixes for tests and critical
bugfixes (although the bugfixes have not been reported directly in the
Debian BTS, but discovered through my own testing).
Attached is the actual diff. Should I upload this as 2.2.4 to unstable
and stable-pu? Or should i minimize this diff to a bare minimum and
release a more targeted 2.2.4 to stable and a 2.3.0 to unstable?
Thanks for the feedback!
A.
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 6e0e004..cf9e3ea 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -351,9 +351,12 @@ To renew the keys, try::
mkdir ~/.gpg-tmp
chmod 700 ~/.gpg-tmp
-gpg --homedir ~/.gpg-tmp --import 7B75921E.asc
+gpg --homedir ~/.gpg-tmp --import monkeysign/tests/files/7B75921E.asc
gpg --homedir ~/.gpg-tmp --refresh-keys
8DC901CE64146C048AD50FBB792152527B75921E
-gpg --homedir ~/.gpg-tmp --export-options export-minimal --armor --export
8DC901CE64146C048AD50FBB792152527B75921E > 7B75921E.asc
+gpg --homedir ~/.gpg-tmp --export-options export-minimal --armor --export
8DC901CE64146C048AD50FBB792152527B75921E > monkeysign/tests/files/7B75921E.asc
+
+Once that is done, the ``@skipIfDatePassed`` tests need to be adjusted
+to not be skipped anymore.
It is also possible the key is just expired and there is no replacement.
In this case the solution is to try and find a similar test case and
@@ -407,10 +410,10 @@ those: ``devscripts``, ``git``, ``git-buildpackage``,
``pip`` and
monkeysign --version
monkeysign --test
monkeyscan
+ dpkg --remove monkeysign
6. build and test Python "wheel"::
- dpkg --remove monkeysign
python setup.py bdist_wheel
pip install dist/*.whl
monkeysign --version
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cb1505f..6513d67 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,3 +1,3 @@
[DEFAULT]
-debian-branch = 2.2.x
+debian-branch = 2.x
debian-tag = %(version)s
diff --git a/doc/usage.rst b/doc/usage.rst
index 7a769b1..c825a5a 100644
--- a/doc/usage.rst
+++ b/doc/usage.rst
@@ -141,6 +141,10 @@ examples of known working configurations.
monkeysign --mua "thunderbird -compose
to=%(to)s,subject=%(subject)s,body=%(body)s,attachment=%(attach)s" [...]
+ .. note:: Thunerbird fails to respect the attachment parameter in
+versions before 52.1.1, see :bts:`837771` for more
+details.
+
* Mutt::
monkeysign --mua "mutt -a %(attach)s -s %(subject)s -i %(body)s %(to)s"
[...]
diff --git a/monkeysign/cli.py b/monkeysign/cli.py
index 62901c1..12745ee 100644
--- a/monkeysign/cli.py
+++ b/monkeysign/cli.py
@@ -20,10 +20,13 @@
import sys
import os
import getpass
+import logging
from monkeysign.ui import MonkeysignUi
import monkeysign.translation
+logger = logging.getLogger(__name__)
+
class MonkeysignCli(MonkeysignUi):
"""sign a key in a safe fashion.
@@ -48,11 +51,11 @@ def main(self):
os.environ['GPG_TTY'] = os.ttyname(sys.stdin.fileno())
except OSError as e:
if e.errno == errno.ENOTTY:
-self.warn(_('cannot find your TTY, GPG may freak out if
you do not set the GPG_TTY environment'))
+logger.warning(_('cannot find your TTY, GPG may freak out
if you do not set the GPG_TTY environment'))
else:
raise
else:
-self.log(_('reset GPG_TTY to %s') % os.environ['GPG_TTY'])
+
