Re: Gitlab support for Debian repositories (Was: Regarding the new "Debian User Repository")

[Mathieu Parent (Debian)]

Le lun. 5 juil. 2021 à 11:46, Holger Levsen  a écrit :
>
> Hi Mathieu,

Hi Holger,

> On Mon, Jul 05, 2021 at 10:37:31AM +0200, Mathieu Parent (Debian) wrote:
> > [2]: https://docs.gitlab.com/ee/user/packages/debian_repository/
>
> thanks, this looks nice and simple!

Thanks.

> Do you have plans to support publishing builds only if they've produced
> bit by bit identical results on several builders? IOW, do you plan to
> support reproducible builds? :)

There is no specific support for reproducible builds. Currently,
buildinfo files can be uploaded and are kept, with the metadata stored
in the DB. but nothing is done yet with those.

But reproducibility can be tested in GItlab jobs, before the upload.

Cheers,
-- 
Mathieu Parent

Re: Gitlab support for Debian repositories (Was: Regarding the new "Debian User Repository")

[Mathieu Parent (Debian)]

Le sam. 3 juil. 2021 à 12:11, Simon McVittie  a écrit :
>
> On Fri, 02 Jul 2021 at 20:04:45 +0200, Mathieu Parent wrote:
> > On a related topic, I'm currently developing support for Debian
> > repositories in Gitlab (and transitively Salsa).
>
> That's great news - being able to build packages in CI and make the results
> easily installable seems like a big step forward, particularly for
> fast-moving non-core packages.
>
> Given the other discussion in this thread, perhaps it should be labelled
> "apt repositories" or ".deb repositories" or something else more
> distro-neutral, to avoid implying Debian approval or official status,
> while also making it obvious that if you want to build and publish
> packages for Ubuntu or Linux Mint or some other Debian derivative,
> this is also the right feature for those?

I'm not sure. "Debian repository" is the official term for the format,
as documented
in the wiki [1]. And here, Debian is not in the product name.

[1]; https://wiki.debian.org/DebianRepository/Format

As the doc is now live [2],any ambiguous usage of the Debian term can be
fixed, but I don't see any.

[2]: https://docs.gitlab.com/ee/user/packages/debian_repository/

-- 
Mathieu Parent

Re: Init systems and docker

[Mathieu Parent (Debian)]

Hello,

Le sam. 12 oct. 2019 à 01:26, Jose-Luis Rivas  a écrit :
>
> Hello Scott,
>
> On 10/11/19 18:49, Scott Kitterman wrote:
[...]
> In short: they should not be using systemd inside the container and if
> they want to the issue is not on how Debian ships systemd but that they
> are not using the --privilege parameter for launching their container.

While I agree to not recommend using systemd inside docker, it is very useful
in CI. We use this at work to test our salt states (salt is like
puppet/ansible/chef/...).

For this, we use Gitlab CI running test-kitchen with ruby-kitchen-salt
and ruby-kitchen-docker (all in buster).
Another solution would either mean hacking gitlab-runner [1] or
spanning a lot of VMs.

[1]: https://gitlab.com/gitlab-org/gitlab-runner/issues/1585

Also systemd can be run inside Docker without --privileged but
requires careful configuration [2].

[2]: 
https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/

Regards

-- 
Mathieu Parent Parent

Bug#942163: O: c-icap-modules -- C-ICAP modules

[Mathieu Parent (Debian)]

Package: wnpp
Severity: normal
Control: block -1 by 942160
X-Debbugs-CC: debian-devel@lists.debian.org

Hello,

I intend to orphan the c-icap-modules package.

See also #942160 for c-icap.

Package: libc-icap-mod-virus-scan
Description: Antivirus Service for c-icap
 This is an antivirus Service for c-icap which uses libclamav or clamd to do
 scanning. It is distributed with c-icap and written by the same author.

Package: libc-icap-mod-urlcheck
Description: URL Check Service for c-icap
 This is an URL Check Service for c-icap. It is
 distributed with c-icap and written by the same author.

Package: libc-icap-mod-contentfiltering
Description: Content filtering Service for c-icap
 This is an score based content filtering icap service. It is distributed with
 c-icap and written by the same author.

Re: Proposal: Repository for fast-paced package backports

[Mathieu Parent (Debian)]

(Please reply to pkg-samba-maint only)

Le jeu. 27 déc. 2018 à 11:00, L.P.H. van Belle  a écrit :
>
>
> Hai,

Hi,

> A very interesting thread this, since im doing this already for samba, my 
> comments..
> If i may ..
>
> Im running a samba repo now for jessie and stretch. ( and ubuntu 18.04 )
> I really needed newer samba packages and i was not able to get them uploaded 
> to unstable.
> So i decided to build them myself and share them.

This is different here. Samba is not in backport because of lack of
time from my side (or other members of the team).

I think that Samba perfectly fits in backport, as the version in
testing is already the latest upstream.

> And now people are more and more using my samba package over the official 
> debian package.
> Because the newer version are build against debian stable or oldstable, and 
> people can choose there upgrade.

Do you have any stats here? How many download each month? How many
different source IPs? per dist, per samba version?

> If the might be a fast-lane repo, why not per package version.
> This way we can keep the changes to other packages small and limited.
>
> What i now now do.
> I have 4 repo's for jessie,  jessie-samba45 jessie-samba46 jessie-samba47 
> jessie-samba48
> I have 4 repo's for stretch, stretch-samba46 stretch-samba47 stretch-samba48 
> stretch-samba49
> (And for the ubuntu supporters a samba49 in amd64 only.)

So, you have 9 repos. How long does it takes to update all those when
a security fix comes?

Regards

-- 
Mathieu Parent

Re: [1/2] MBF: Defunct alioth addresses in the Maintainer: field (serious)

[Mathieu Parent (Debian)]

2018-05-05 17:34 GMT+02:00 Christoph Biedl :
> A lot of now defunct alioth addresses are used in the Maintainer:
> field. This makes the packages rc-buggy for an invalid address.

Hi,

> To create awareness about that issue, also to provide suggestions on
> how to resolve this I intend to do a MBF using the following message:

> Debian PHP PECL Maintainers 
>...
> Horde Maintainers 
>...

I will probably request the (re-)creation of those two mailing lists
unless the team+s...@tracker.debian.org is ready to use. Raphael, what
is the status of this? Where is the doc?

Regards

-- 
Mathieu Parent

Re: Getting DEB_HOST_MULTIARCH from maintscripts

[Mathieu Parent (Debian)]

2016-12-16 1:24 GMT+01:00 Christian Seiler <christ...@iwakd.de>:
> On 12/15/2016 10:50 PM, Mathieu Parent (Debian) wrote:
>> I need to have access to $DEB_HOST_MULTIARCH in prerm and postinst to
>> create the appropriate symlink with update-alternatives.
>>
>> What is the best way to do this?
>
> Generate them from .in files at the appropriate time, resolving
> the variable manually. See for example:
>
> https://sources.debian.net/src/dietlibc/0.34~cvs20160606-3/debian/rules/#L107-L110
> https://sources.debian.net/src/dietlibc/0.34%7Ecvs20160606-3/debian/dietlibc-dev.postinst.in/

Thanks.

This is what I've done:

https://anonscm.debian.org/cgit/pkg-samba/cifs-utils.git/commit/?id=b0fa211e28982d471a988a7f91df32934da64f98

NB: I was a bit confused that dh-exec was not called for maintscript.

Regards
-- 
Mathieu Parent

Getting DEB_HOST_MULTIARCH from maintscripts

[Mathieu Parent (Debian)]

Hi,

I need to have access to $DEB_HOST_MULTIARCH in prerm and postinst to
create the appropriate symlink with update-alternatives.

What is the best way to do this?

Context:
my current hack (with a wildcard):
https://anonscm.debian.org/cgit/pkg-samba/cifs-utils.git/commit/?id=e5c9d43b5f1df09c7cd3c51f87cf5e70d704377a
the introduced bug: https://bugs.debian.org/848275

Regards
-- 
Mathieu Parent

Re: unattended-upgrades by default?

[Mathieu Parent (Debian)]

2016-11-03 19:47 GMT+01:00 Steve McIntyre :
> Hey folks,

Hello,

[...]
> To solve the issue and provide security updates by default, I'm
> proposing that we should switch to installing unattended-upgrades by
> default (and enabling it too) *unless* something else in the
> installation is already expected to deal with security updates.
>
> Thoughts?

+1.

Ubuntu does a similar thing. See
https://patches.ubuntu.com/p/pkgsel/pkgsel_0.43ubuntu2.patch for how
(but does pkgsel applies to cloud image creation?).

Regards
-- 
Mathieu Parent

Re: Putting default config files in /usr [was; (newbie) Disruptive LIRC package update.]

[Mathieu Parent (Debian)]

2015-11-11 1:03 GMT+01:00 Vincent Danjean :
>   Hi,
>
> Le 10/11/2015 14:49, Andrew Shadura a écrit :
>> I think you can try to do it systemd way: keep the default configuration
>> in /usr/lib, and leave /etc for local user configuration which overrides
>> the default config.
>>
>> Not sure how good is this idea, I hope others can comment on this.
>
>   For myself, I find this a very bad behavior:
> - etckeeper cannot track the evolution of the config files

Can't etckeeper keep track of other directories?
(without symlinks?)

> - if I 'modify' a file by putting another one in /etc that overrides
>   the default one in /usr, when the default will change I won't be
>   notified

You have the problem currently with the default set at compilation
time. See for example updates in samba.

> - when I want to look at the config of the software, I've to "merge"
>   two files or even two directories (one in /etc and one in /usr)

Yes. But this is easier than merging some compiled-in defaults with a
config file.

I find /etc currently polluted by unnecessary config, and welcome it
being smaller.egards

Regards

Re: is the whole unstable still broken by gcc-5?

[Mathieu Parent (Debian)]

2015-09-12 21:43 GMT+02:00 Russ Allbery :
> Виталий Филиппов  writes:
>
>> apt-get dist-upgrade tries to remove the following packages:

For sure, blender has not transitioned yet.

> There's tons of noise in there that actually should be removed, like most
> of the libraries (which have newer, conflicting versions), but also some
> stuff that really shouldn't be removed.
>
> What does apt-get upgrade do for you right now?  Does it make any forward
> progress?  You tried three commands, but none of them were that one, which
> is my go-to as the first step.

"apt-get upgrade --with-new-pkgs" is a bit forward (or "apt upgrade").


Regards

-- 
Mathieu Parent

Re: is the whole unstable still broken by gcc-5?

[Mathieu Parent (Debian)]

2015-09-12 21:50 GMT+02:00 Mathieu Parent (Debian) <sath...@debian.org>:
> 2015-09-12 21:43 GMT+02:00 Russ Allbery <r...@debian.org>:
>> Виталий Филиппов <vita...@yourcmc.ru> writes:
>>
>>> apt-get dist-upgrade tries to remove the following packages:
>
> For sure, blender has not transitioned yet.

Actually, it just migrated to testing:

https://tracker.debian.org/news/712642

Regards

-- 
Mathieu Parent

Re: please use signed git commits (and tags)

[Mathieu Parent (Debian)]

Hello,

2015-05-24 13:02 GMT+02:00 Thomas Koch tho...@koch.ro:
[...]
 - always sign all commits:

 git config --global commit.gpgsign true

Is there a git tag equivalent of this?

Regards
-- 
Mathieu Parent


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAFX5sbza9Qcv-ZLB=eguvzzhs5ryfqgzms66okmzqdq6smr...@mail.gmail.com

Re: let missing-debian-source-format lintian tag be a warning!

[Mathieu Parent (Debian)]

Hi,

2014-07-16 3:36 GMT+02:00 Guillem Jover guil...@debian.org:
 Hi!

[...]
 Such warning might have made sense iff:

   - the new formats had been uncontroversial,

There is no such thing as being uncontroversial in Debian. There is
always somebody nitpicking when gaining hundred features and losing
one.

That's why we have some cdbs packages, dh7, dh7.
That's why we don't require Vcs-* fields.
That's why we still have some packages using dpatch
...

Oh, and I don't talk about systemd. Did I?

Mathieu Parent


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAFX5sbya3cU39Lo-2mEP=i-orscmhbd_b5xt-t7bhy4cmtr...@mail.gmail.com

Re: Install security upgrades by default in jessie?

[Mathieu Parent (Debian)]

OK,

As nobody seems for a against, let's clarify.

2014-04-11 22:31 GMT+02:00 Mathieu Parent (Debian) sath...@debian.org:
 Hello all,

 Currently, Debian, as installed by default (unless a DE is installed
 too) doesn't install security fixes automatically.

 An experienced user will activate this and keep all machines safe
 [user-updates], but others will have a less secure computer.

 Couldn't we activate security upgrades by default?

 Which tool? unattended-upgrades?

Answering myself: u-u seems the best solution.

 How/where? d-i only? debootstrap? tasksel? ...

debootrap seems too low level: it will add a additional 55MB (+16%)
because of python deps.

Proposal: install u-u from d-i (with a question of low priority, true
by default)[1], and change u-u to have
unattended-upgrades/enable_auto_updates defaults to true.

[snip]
[1]: base-installer: library.sh in configure_apt.

Regards
-- 
Mathieu Parent


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cafx5sbxtapwfua6k4kjdvludjrc9o7j1y0wxhtty0n2nksm...@mail.gmail.com

Install security upgrades by default in jessie?

[Mathieu Parent (Debian)]

Hello all,

Currently, Debian, as installed by default (unless a DE is installed
too) doesn't install security fixes automatically.

An experienced user will activate this and keep all machines safe
[user-updates], but others will have a less secure computer.

Couldn't we activate security upgrades by default?

Which tool? unattended-upgrades?

How/where? d-i only? debootstrap? tasksel? ...

It was proposed for debian-edu in 2010 [debian-edu-2010], and is
currently under discussion for a wheezy cloud image
[debian-cloud-u-u].

[user-updates]: There are various ways: manual, unattended-upgrades,
cron-apt, apt-dater, home-made, ...
[debian-edu-2010]: https://lists.debian.org/debian-edu/2010/09/msg00023.html
[debian-cloud-u-u]: https://lists.debian.org/debian-cloud/2014/04/msg00044.html

Regards
-- 
Mathieu Parent


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAFX5sbyaGjCQudi4J+te774QMD=L3u1RAyAYWF=fGsyh5=SL=g...@mail.gmail.com