Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
Hi Paul, thanks for your explanations! On 5/18/19 12:30 PM, Paul Gevers wrote: > Control: tags -1 moreinfo > > Hi Arnaud, > > On Tue, 14 May 2019 10:19:06 +0700 Arnaud Rebillout > wrote: >> I just had a quick look, so it turns out that: >> >> - testing has "golang-golang-x-sys (= 0.0~git20181228.9a3f9b0-1)" >> - unstable has "golang-golang-x-sys (=0.0~git20190412.9773273-1)" >> >> As long as I upload a source package to unstable, it will be built >> against golang-golang-x-sys from unstable, hence it will be unsuitable >> for testing. >> >> It seems that I should instead upload to *testing-proposed-update**s*, >> am I correct? > As docker.io embeds golang-golang-x-sys (am I correct on that), yes. Yes, docker being written in Golang, it's built statically against its dependencies. > >> Please notice that the version of docker.io in unstable right now >> (18.09.1+dfsg1-7) has two bug fixes compared to testing: >> >> - *#925224*, which was initially the reason to open this unblock bug >> - *#921600*, which is a bug fix I just uploaded, and I believe should >> also be part of buster >> >> If you agree with this additional bug fix, then what version should I >> use for the package: >> >> - testing-proposed-updates: *18.09.1+dfsg1-7+deb10u1* seems suitable >> - unstable: should I bump the version as well, so that it's above >> 18.09.1+dfsg1-7+deb10u1? Something like 18.09.1+dfsg1-7+deb11u1 (+deb11 >> feels strange honestly). >> >> Sorry to bother you with these, I'm very new and learning all these >> procedures. > A better version would be 18.09.1+dfsg1-7~deb10u1 (your want the same > version in tpu as in unstable, except with a *smaller* version), then > you don't need any changes to unstable and the sorting is still correct. Of course! Somehow it didn't cross my mind, thanks for pointing that out. > Hi, > > On 18-05-2019 07:30, Paul Gevers wrote: >>> It seems that I should instead upload to *testing-proposed-update**s*, >>> am I correct? >> As docker.io embeds golang-golang-x-sys (am I correct on that), yes. > O, and you want to target *buster* instead of *testing-proposed-update*. Ok, I've just done that and uploaded the source package. Is there anything else I should do? Thanks, Arnaud
Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
Hi, On 18-05-2019 07:30, Paul Gevers wrote: >> It seems that I should instead upload to *testing-proposed-update**s*, >> am I correct? > > As docker.io embeds golang-golang-x-sys (am I correct on that), yes. O, and you want to target *buster* instead of *testing-proposed-update*. Paul signature.asc Description: OpenPGP digital signature
Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
Control: tags -1 moreinfo Hi Arnaud, On Tue, 14 May 2019 10:19:06 +0700 Arnaud Rebillout wrote: > I just had a quick look, so it turns out that: > > - testing has "golang-golang-x-sys (= 0.0~git20181228.9a3f9b0-1)" > - unstable has "golang-golang-x-sys (=0.0~git20190412.9773273-1)" > > As long as I upload a source package to unstable, it will be built > against golang-golang-x-sys from unstable, hence it will be unsuitable > for testing. > > It seems that I should instead upload to *testing-proposed-update**s*, > am I correct? As docker.io embeds golang-golang-x-sys (am I correct on that), yes. > Please notice that the version of docker.io in unstable right now > (18.09.1+dfsg1-7) has two bug fixes compared to testing: > > - *#925224*, which was initially the reason to open this unblock bug > - *#921600*, which is a bug fix I just uploaded, and I believe should > also be part of buster > > If you agree with this additional bug fix, then what version should I > use for the package: > > - testing-proposed-updates: *18.09.1+dfsg1-7+deb10u1* seems suitable > - unstable: should I bump the version as well, so that it's above > 18.09.1+dfsg1-7+deb10u1? Something like 18.09.1+dfsg1-7+deb11u1 (+deb11 > feels strange honestly). > > Sorry to bother you with these, I'm very new and learning all these > procedures. A better version would be 18.09.1+dfsg1-7~deb10u1 (your want the same version in tpu as in unstable, except with a *smaller* version), then you don't need any changes to unstable and the sorting is still correct. Paul signature.asc Description: OpenPGP digital signature
Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
On 4/23/19 4:42 PM, Ivo De Decker wrote: > Control: tags -1 moreinfo > > Hi, > > On Tue, Apr 16, 2019 at 05:42:00AM +, Niels Thykier wrote: >>> I'd like to fix #925224 [1] for buster. The fix is trivial, and allows >>> the docker's debootstrap script to work again when it queries >>> security.debian.org, by following redirections. Please see bug for >>> more details. >>> >>> I attached a source debdiff as mentioned in buster freeze policy [2]. >>> >>> Sorry for the inconvenience, > Your upload incorporated a newer version of golang-golang-x-sys in ustable, > which has changes that are not appropriate during the freeze. If you want > docker.io to migrate, the changes in golang-golang-x-sys need to be reverted. > > Thanks, > > Ivo > Hi Ivo, thanks for noticing about golang-golang-x-sys. I just had a quick look, so it turns out that: - testing has "golang-golang-x-sys (= 0.0~git20181228.9a3f9b0-1)" - unstable has "golang-golang-x-sys (=0.0~git20190412.9773273-1)" As long as I upload a source package to unstable, it will be built against golang-golang-x-sys from unstable, hence it will be unsuitable for testing. It seems that I should instead upload to *testing-proposed-update**s*, am I correct? Please notice that the version of docker.io in unstable right now (18.09.1+dfsg1-7) has two bug fixes compared to testing: - *#925224*, which was initially the reason to open this unblock bug - *#921600*, which is a bug fix I just uploaded, and I believe should also be part of buster If you agree with this additional bug fix, then what version should I use for the package: - testing-proposed-updates: *18.09.1+dfsg1-7+deb10u1* seems suitable - unstable: should I bump the version as well, so that it's above 18.09.1+dfsg1-7+deb10u1? Something like 18.09.1+dfsg1-7+deb11u1 (+deb11 feels strange honestly). Sorry to bother you with these, I'm very new and learning all these procedures. Thanks again, Arnaud
Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
Control: tags -1 moreinfo Hi, On Tue, Apr 16, 2019 at 05:42:00AM +, Niels Thykier wrote: > > I'd like to fix #925224 [1] for buster. The fix is trivial, and allows > > the docker's debootstrap script to work again when it queries > > security.debian.org, by following redirections. Please see bug for > > more details. > > > > I attached a source debdiff as mentioned in buster freeze policy [2]. > > > > Sorry for the inconvenience, Your upload incorporated a newer version of golang-golang-x-sys in ustable, which has changes that are not appropriate during the freeze. If you want docker.io to migrate, the changes in golang-golang-x-sys need to be reverted. Thanks, Ivo
Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
Control: tags -1 moreinfo confirmed Arnaud Rebillout: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package docker.io. > > unblock docker.io/18.09.1+dfsg1-5+b10 > > I'd like to fix #925224 [1] for buster. The fix is trivial, and allows > the docker's debootstrap script to work again when it queries > security.debian.org, by following redirections. Please see bug for > more details. > > I attached a source debdiff as mentioned in buster freeze policy [2]. > > Sorry for the inconvenience, > > Thanks! > > Arnaud > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925224 > [2] https://release.debian.org/buster/freeze_policy.html. > > [...] > Please go ahead with the upload and remove the moreinfo tag when it is ready to be unblocked. Thanks, ~Niels
Bug#927189: unblock: docker.io/18.09.1+dfsg1-5+b10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Please unblock package docker.io. unblock docker.io/18.09.1+dfsg1-5+b10 I'd like to fix #925224 [1] for buster. The fix is trivial, and allows the docker's debootstrap script to work again when it queries security.debian.org, by following redirections. Please see bug for more details. I attached a source debdiff as mentioned in buster freeze policy [2]. Sorry for the inconvenience, Thanks! Arnaud [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925224 [2] https://release.debian.org/buster/freeze_policy.html. - -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -BEGIN PGP SIGNATURE- iQJTBAEBCgA9FiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAly1Sk0fHGFybmF1ZC5y ZWJpbGxvdXRAY29sbGFib3JhLmNvbQAKCRDnJeh5FGACFgnpD/4yuJiQwCsyo/RD MgK3YGW6cr2wGd3VcrRuoIp7B1sVGO+fJej/dqAZWI2/prRqQaLc878bjF4ipR88 54k4CuCucdvvEcfz+lwaTuecQwzMzWNAQDwq1qUq1ImvusC9Od2Z276BF3+rMy2Y 8KyeJ3w+gCH/tAHAhqfWMFmkFUHujdoBMkXBgqZEUF1IjjYhW8Qg2bGyOysdt1vJ MCTaIWg/R5ZJWFG8Ef/jbOkCwXJxEBugaAk72lIG5K0ShoYyfuL94l3CPnklwecP t+6rmaEkHo9g1/y8OWIfr6c2I0znPannNGpMgOVSgTW5ABJDVnWyyR9n9veUnhw6 mAdbivorf6/ZopH7zEYYWAG5q5/5c1L/UWr+buJgPwFgpH+OMN1/BF4IB8PzryA1 QJ7SVXxxon7Hw+YosPXisuY3Riw6uFe9dhT0du1nqC0celOPFaxsd6SRBhlv3G6I ldwLTV41jGC71YHR7Dhqg14Nq5aSSCpR8CsF5YpvQIfgxH1XNEvMDrdHoueQlh6A dU0h3sBQJJz/BuOD2BVoYt+cMaU5qtnq49ZIK9T0XQGWrsytm3/UEM5gHHehDnVL c60Ah23D9EnFuQji5RfAHSLFn4ZHO2aGhBe5xJH4T461My3r5uMZmROeANbTZIK8 rq2IJ7ujE6NAVnDAaTYzANYytcbGZg== =4P6K -END PGP SIGNATURE- diff -Nru docker.io-18.09.1+dfsg1/debian/changelog docker.io-18.09.1+dfsg1/debian/changelog --- docker.io-18.09.1+dfsg1/debian/changelog2019-02-02 06:00:35.0 +0700 +++ docker.io-18.09.1+dfsg1/debian/changelog2019-04-16 09:56:17.0 +0700 @@ -1,3 +1,9 @@ +docker.io (18.09.1+dfsg1-6) unstable; urgency=medium + + * Add patch to fix Debian security presence check (Closes: #925224). + + -- Arnaud Rebillout Tue, 16 Apr 2019 09:56:17 +0700 + docker.io (18.09.1+dfsg1-5) unstable; urgency=medium * Install "containerd-shim" as "docker-containerd-shim" (Closes: #920935). diff -Nru docker.io-18.09.1+dfsg1/debian/patches/engine-contrib-debootstrap-curl-follow-location.patch docker.io-18.09.1+dfsg1/debian/patches/engine-contrib-debootstrap-curl-follow-location.patch --- docker.io-18.09.1+dfsg1/debian/patches/engine-contrib-debootstrap-curl-follow-location.patch 1970-01-01 08:00:00.0 +0800 +++ docker.io-18.09.1+dfsg1/debian/patches/engine-contrib-debootstrap-curl-follow-location.patch 2019-04-16 09:56:17.0 +0700 @@ -0,0 +1,25 @@ +From: Mattias Jernberg +Date: Wed, 5 Dec 2018 19:35:17 +0100 +Subject: mkimage: Fix Debian security presence check + +Add Location following since security redirects to security-cdn and caused the repository to be added on Debian unstable. + +Signed-off-by: Mattias Jernberg +Origin: upstream, https://github.com/docker/engine/commit/8db5403 +--- + contrib/mkimage/debootstrap | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/engine/contrib/mkimage/debootstrap b/engine/contrib/mkimage/debootstrap +index 9f7d8987ad2a..a919429b0bde 100755 +--- a/engine/contrib/mkimage/debootstrap b/engine/contrib/mkimage/debootstrap +@@ -193,7 +193,7 @@ if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then + case "$lsbDist" in + debian) + # updates and security! +- if curl -o /dev/null -s --head --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then ++ if curl -o /dev/null -s --head --location --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then + ( + set -x + sed -i " diff -Nru docker.io-18.09.1+dfsg1/debian/patches/series docker.io-18.09.1+dfsg1/debian/patches/series --- docker.io-18.09.1+dfsg1/debian/patches/series 2019-01-27 17:02:58.0 +0700 +++ docker.io-18.09.1+dfsg1/debian/patches/series 2019-04-16 09:56:17.0 +0700 @@ -12,6 +12,7 @@ cli-fix-manpages-build-script.patch cli-fix-registry-debug-message-go-1.11.patch +engine-contrib-debootstrap-curl-follow-location.patch engine-test-noinstall.patch go-metrics_prometheus-fix_Observer.patch