Bug#999598: dpkg-dev: Can we have binary package descriptions back for source uploads?

hi, (leaving full context for debian-policy@l.d.o) On Sat, Nov 13, 2021 at 06:56:24AM +0100, Petter Reinholdtsen wrote: > Package: dpkg-dev > Version: 1.20.9 > > Dear dpkg-dev developers, > > One feature that is deeply missed, and which disappered when we moved to > source only uploads, is the

Bug#980909: dpkg-dev: dpkg-buildpackage : gpg command uses expired key

On Mon, Jan 25, 2021 at 04:29:45PM +0100, Guillem Jover wrote: > > having two variables, DEBSIGN_KEYID and DEB_SIGN_KEYID, for the same thing > > seems wrong to me. Do you agree? > The first is a configuration variable, the second is an environment > variable. :) ah, ok, then. & thanks for

Bug#980909: dpkg-dev: dpkg-buildpackage : gpg command uses expired key

hi, On Mon, Jan 25, 2021 at 01:56:02AM +0100, Guillem Jover wrote: > I'm assuming you have this configured in ~/.devscripts with > DEBSIGN_KEYID. You should be able to get similar results for > dpkg-buildpackage by either setting the DEB_SIGN_KEYID environment > variable having two variables,

Bug#892664: +1 (Re: Bug#892664: dpkg: Please add support for zstd (Zstandard) compressed packages)

On Fri, Jan 08, 2021 at 08:54:01PM +0100, Balint Reczey wrote: > I'm wondering if decompression support could be accepted for Bullseye, > to let compression being enabled, too, in Bookworm. I'd love to see this as well - and wouldn't mind having both for Bullseye ;) -- cheers, Holger

Bug#964111: dpkg-source: False positive 'points outside source root'

On Tue, Jul 07, 2020 at 03:52:08PM +0200, Guillem Jover wrote: > Holger, as I mentioned some days ago, I consider this case a > regression which I was planning on fixing. This fix was already > included earlier today in the dpkg 1.20.4 upload. :) yup, I've seen this today. Thank you! --

Bug#964111: dpkg-source: False positive 'points outside source root'

On Mon, Jul 06, 2020 at 09:08:43PM -0700, Felix Lechner wrote: > > not sure if this is the same bug or just a similar one: > > lrwxrwxrwx 1 user user 9 Jul 3 16:07 debian/munin.service -> /dev/null > As for Holger's package, Lintian also flags that condition. Source > packages can be unpacked

Bug#964111: dpkg-source: False positive 'points outside source root'

Hi, not sure if this is the same bug or just a similar one: [...] dpkg-source: info: extracting munin in munin-2.0.63 dpkg-source: info: unpacking munin_2.0.63.orig.tar.gz dpkg-source: info: unpacking munin_2.0.63-1.debian.tar.xz dpkg-source: error: pathname 'munin-2.0.63/debian/munin.service'

Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems

hi Guillem, On Fri, Nov 09, 2018 at 11:55:38AM +0100, Guillem Jover wrote: > Actually, I guess the other option that might be an option for stable is > to make dpkg-buildpackage generate the buildinfo file itself, and on > source-only uploads force the name to be _source.buildinfo regardless > of

Bug#942087: dpkg-source and dpkg-genchanges disagree how .dsc should be named if version ends with +b1

On Sat, Oct 12, 2019 at 09:29:18AM +0200, Ansgar wrote: > > Why should it generate a new source? > Because sourceful uploads need a new source package. [...] > > This is using the version suffix > > for binNMUs, using this convention for something that is not a binNMU > > seems just wrong. I

Bug#931135: German translation made me laugh during a meeting

Hi Helge, On Thu, Aug 01, 2019 at 05:56:28PM +0200, Helge Kreutzmann wrote: > I would suggest discussing this on debian-l10n-german so everybody > interested from the German team notices and can join. ack > On Wed, Jul 31, 2019 at 09:05:35PM +0000, Holger Levsen wrote: > > On We

Bug#931135: German translation made me laugh during a meeting

On Wed, Jul 31, 2019 at 10:23:21PM +0200, Helge Kreutzmann wrote: > The translation only changed one word, namely canary. You can find it > in the upstream git repository. > > The remaining translation is only in the latest version in sid (and > most of it in earlier version, e.g. in stable, as

Bug#931135: German translation made me laugh during a meeting

On Wed, Jul 31, 2019 at 09:13:51PM +0200, Helge Kreutzmann wrote: > [...] I appreciate getting feedback for the > translation. where can one find the updated translation? -- tschau, Holger ---

Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems

Hi, On Thu, May 09, 2019 at 07:24:56PM +0200, Salvatore Bonaccorso wrote: > > On Sun, Nov 11, 2018 at 08:38:36AM +0100, Salvatore Bonaccorso wrote: > > > On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote: > > > > On Thu, 2018-11-08 at 20:28:57

Bug#922039: dpkg-buildpackage: error: short OpenPGP key IDs are broken; please use key fingerprints instead

control: severity -1 wishlist thanks On Tue, Oct 30, 2018 at 01:14:00PM +0200, Martin-Éric Racine wrote: > Package: dpkg-dev > Version: 1.19.2 > Severity: important > > The above error message is useless. It doesn't tell what needs to be fixed or > where. while I agree that the location should

Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems

Hi, On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote: > We were again biten by this issue for some security-updates (most > recent one nginx). Do any involved parties know, was there any > progress in adressing this problem? in

Bug#910819: dpkg: ../../src/packages.c:245: process_queue: Assertion `dependtry <= 4' failed

Hi Guillem, thanks for your feedback! However I'm not sure what to do with it... On Sun, Oct 14, 2018 at 01:20:22AM +0200, Guillem Jover wrote: > Just in case this is helpful in the future, I've reproduced this now, > by using in addition: [...] interesting, thanks for sharing! > Then, first,

Bug#910819: dpkg: ../../src/packages.c:245: process_queue: Assertion `dependtry <= 4' failed

Package: dpkg Version: 1.18.25 Severity: important Dear Guillem, on June 28th 2018 was the last successful test of https://jenkins.debian.net/job/chroot-installation_stretch_install_education-mathematics_upgrade_to_buster/ which tests the installation of the education-mathmatics meta-package on

Bug#909754: dpkg -l now always pipes to less and ignores $COLUMNS

lar. these all seem pretty useful/nice to me, thanks for your work & feedback here. > On Fri, 2018-09-28 at 11:40:38 +, Holger Levsen wrote: > > also, running eg 'dpkg -l dpkg' and then ending up in less is confusing > > and breaking >20y old habbits, and then I press 'q'

Bug#909754: dpkg -l now always pipes to less and ignores $COLUMNS

On Fri, Sep 28, 2018 at 02:42:19AM +1000, Craig Sanders wrote: > I upgraded dpkg today and noticed that 'dpkg -l' now always pipes its output > through less, even if $PAGER is unset. The only way to get the output to go > to the tty is to explicitly pipe it to cat. > > This is exactly the

Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems

Hi Guillem, people are still affected by this bug... On Fri, Mar 02, 2018 at 01:25:51AM +0100, Guillem Jover wrote: > Perhaps the simplest and more correct might be to name it using > something like source+amd64 as the arch name, which seems like a > dubious arch, but at least is accurate and

Bug#802241: #802241: dpkg: please store the hash of the installed .deb and allow to query it

Hi josch, adding #774415 to to: and reply-to:… On Fri, Jun 08, 2018 at 07:54:20PM +0200, Johannes Schauer wrote: > > as I'm not an sbuild user (yet) myself, I was hesistant to try this > > myself, so I'm confused now: does it work as it is now? (or does it need > > changes to snapshot.d.o?) > >

Bug#802241: #802241: dpkg: please store the hash of the installed .deb and allow to query it

Guillem, josch: thanks for your feedback, much appreciated. On Fri, Jun 08, 2018 at 08:38:49AM +0200, Johannes Schauer wrote: > > I say it's an artificial blocker, because it is based on the problem > > faced while implementing the srebuild script to use the current > > snapshot.d.o API. And I

Bug#802241: #802241: dpkg: please store the hash of the installed .deb and allow to query it

Hi Guillem, ping on this bug, you haven't replied to it yet and it's a blocker for "#774415 sbuild: please add the srebuild sbuild wrapper to reproduce builds" which is a rather important one to give users the means to easily reproduce Debian packages, which is a core feature of reproducible

Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same

On Thu, Apr 05, 2018 at 05:43:58PM +0200, Jean-Michel Vourgère wrote: > So, during compilation: > SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries > because it breaks Multi-Arch:same on bin-nmu. > > During dpkg-deb (: > SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries >

Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems

On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote: > Any news regarding this proposal from Ansgar? We were biten now > several times already by this (e.g. php update, curl via > security.d.o). Guilem, what's your stance on this bug? We (reproducible builds) really dont want

Bug#888546: gnome-chrom-shell: After purging files have disappeared: /etc/opt/ owned by: chrome-gnome-shell

Package: base,chrome-gnome-shell Severity: important hi, from #debian-edu and #-release just now: https://piuparts.debian.org/sid/fail/education-desktop-gnome_2.10.14.log fails with 17m25.6s ERROR: FAIL: After purging files have disappeared: /etc/opt/ owned by: chrome-gnome-shell hmm.

Bug#873937: in package dpkg marked as pending

On Tue, Oct 17, 2017 at 01:13:09AM +, Guillem Jover wrote: > Bug #873937 in package dpkg reported by you has been fixed in > the dpkg/dpkg.git Git repository. You can see the changelog below, and > you can check the diff of the fix at: >

Bug#873937: dpkg: should include information about the used kernel in .buildinfo files

Source: dpkg Version: 1.8.24 Severity: wishlist User: reproducible-bui...@lists.alioth.debian.org Usertags: toolchain X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org Hi Guillem, during discussing #844431 it became clear, that some information about the running kernel should be included

Bug#802241: please store the hash of the installed .deb and allow to query it

hi, while I very much like this idea, please don't store md5sums, but rather sha256sums. Thank you! -- cheers, Holger (wondering why I seem to have to write this in 2017) signature.asc Description: Digital signature

Bug#845436: dpkg-dev: dpkg-buildpackage leaves spurious debian/files in source tree

On Wed, Feb 08, 2017 at 06:28:27AM +0100, Guillem Jover wrote: > Sure, and I question the wisdom of doing a pure source-only upload w/o > building the binaries at the same time. I do this all the time: #1 debuild -S #2 sudo pbuilder $thatnewdsc #3 do tests & compare whats in the archive with

Bug#845556: dpkg: should not generate .buildinfo files for source only uploads

Package: dpkg Version: 1.18.15 Severity: normal Hi Guillem, the subject basically says it all, dpkg should not generate .buildinfo files for source only uploads, as they are totally pointless for those. (I'm also not even sure whether you had implemented in most recent uploads, but I thought I

Bug#843073: dpkg-shlibdeps: broken on i386 with merged /usr

Hi Michael, On Wed, Nov 09, 2016 at 07:16:53PM +0100, Michael Biebl wrote: > > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/systemd.html > Do you also have builds for i386? (which this issue is about, amd64 is fine) yes, they are linked from that url as well, though you can

Bug#843073: dpkg-shlibdeps: broken on i386 with merged /usr

Hi, On Sat, Nov 05, 2016 at 08:58:06PM +0100, Michael Biebl wrote: > As this breaks packages to build successfully, I'm bumping this to RC. > E.g. I'm unable to successfully build systemd in a freshly created > chroot on i386. I suspect once the buildds update their chroot, it will > affect a lot

Bug#126505: reopen, closed by spam, please cleanup (was Re: Bug#126505: marked as done (dpkg-statoverride : add 'recursive', 'dirs', and 'files' options in rules-file))

control: reopen -1 On Wed, Oct 05, 2016 at 06:33:05PM +, Debian Bug Tracking System wrote: > Date: Wed, 5 Oct 2016 20:30:35 +0200 > From: "FedEx 2Day A.M." > To: 126505-cl...@bugs.debian.org closed by spam… -- cheers, Holger signature.asc

Bug#787980: status: normalize file permissions when creating control.tar ?

Hi Guillem, (sorry for the late reply…) On Thu, Jul 07, 2016 at 12:20:44AM +0200, Guillem Jover wrote: > > could you please comment briefly on > > your take on this bug and it's status? > > I've had my qualms about the need for this patch, but in any > case the provided patch has not been

Bug#787980: status: normalize file permissions when creating control.tar ?

Hi, Guillem, (kudos and thanks for the recent dpkg upload(s)! Glad to see progress with reproducible bits!) could you please comment briefly on your take on this bug and it's status? It's in the BTS since 13 months without a maintainer comment. Thanks! ;-) -- cheers, Holger

Bug#735377: 3.0 (native) silently ignores many binary files by default.

Hi, On Tue, Apr 26, 2016 at 10:54:15AM +0200, Guillem Jover wrote: > That's weird, it does work fine here, just checked with git master to > make sure there's been no regressions: we've been seeing the same behavior when uploading diffoscope. When I build it, tests/data/test(1|2).(o|a) are not

Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Hi, On Wed, Mar 30, 2016 at 02:19:02AM -0400, Daniel Kahn Gillmor wrote: > No one is arguing for dropping the build path from .buildinfo files. ok, cool. Thanks (to you both) for clarifying! -- cheers, Holger signature.asc Description: Digital signature

Bug#759886: [patch #8925] Support --clamp-mtime for binary reproducibility]

Hey! On Wed, Mar 30, 2016 at 10:32:08AM +0200, Guillem Jover wrote: > Yes, I was notified on IRC, and also saw your private mail. :) hehe, lol. Too much travelling and a new mail client… so I forgot :) but then, it's also good to have that in the BTS, as a matter of proper workflows… > In

Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Hi, On Tue, Mar 29, 2016 at 09:36:00PM -0400, Daniel Kahn Gillmor wrote: > This isn't fun-spoiling, it's a useful reality check. But if we were > required to get all the way to 100% before we made any progress, then > reproducible builds wouldn't have gotten off the ground at all. it's surely

Bug#759886: [patch #8925] Support --clamp-mtime for binary reproducibility]

Hi Guillem, FYI, GNU tar's upstream has accepted our patch! :-) cheers, Holger - Forwarded message from Sergey Poznyakoff - Date: Thu, 24 Mar 2016 05:33:34 + From: Sergey Poznyakoff To: Sergey Poznyakoff

Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

Hi, not wanting to spoil the fun, but… On Mon, Mar 28, 2016 at 06:33:49PM -0400, Daniel Kahn Gillmor wrote: > > Ah great! And one less way to leak local information. > yep :) I *believe* it's not enough (for reproducible builds in arbitrary pathes) if gcc+clang can now cope. IIRC there are

Bug#138409: [Reproducible-builds] Bug#138409: Bug#138409: Bug#138409: dpkg-dev: please add support for .buildinfo files

Lunar, also: < josch> personally i'd be happy with Lunar's suggestion: Installed-Build- Depends < josch> i think the natural understanding of that term implies the transitivity as well as that it's not the closure that is meant * h01ger likes Installed-Build-Depends too < h01ger> | [12:14] <

Bug#138409: [Reproducible-builds] Bug#138409: Bug#138409: Bug#138409: dpkg-dev: please add support for .buildinfo files

Hi Josch, On Donnerstag, 4. Februar 2016, Johannes Schauer wrote: > maybe we can merge Lunar's original suggestion Installed-Build-Depends (a > name which is missing the transitive/recursive-ness) with the new > suggestion and make it: > > Installed-Transitive-Build-Depends > > This way it

Bug#138409: [Reproducible-builds] Bug#138409: Bug#138409: Bug#138409: dpkg-dev: please add support for .buildinfo files

no thanks for totally dismissing what I said… and making funny signs about the crap I said. very funny. signature.asc Description: This is a digitally signed message part.

Bug#138409: [Reproducible-builds] Bug#138409: Bug#138409: dpkg-dev: please add support for .buildinfo files

Hi, On Donnerstag, 4. Februar 2016, Guillem Jover wrote: > I asked for more suggestions on #debian-dpkg, and Johannes Schauer > suggested Transitive-Build-Depends, which is something I had in mind > too (that or «Recursive-»), but kind of softly discarded in trying to > have a consistently

Bug#138409: dpkg-dev: please add support for .buildinfo files

+many thanks for your thorough review! :-) signature.asc Description: This is a digitally signed message part.

Bug#138409: dpkg-dev: please add support for .buildinfo files

Hi, On Freitag, 29. Januar 2016, Guillem Jover wrote: > > (I'd be in favor of naming the first accepted buildinfo > > file of the archive just "" so that it's predictable… > I'm not sure how we'd use a sequential number in a distributed manner > starting with 0s though? :9 we can't :)

Bug#138409: dpkg-dev: please add support for .buildinfo files

Hi Guillem, just quickly commenting on two sub topics… On Donnerstag, 28. Januar 2016, Guillem Jover wrote: > > One of the main change is that `.buildinfo` should now be named with an > > arbitrary identifier. By default this defaults to $HOSTNAME-$TIMESTAMP > > but can be set to an arbitrary

Bug#804018: dpkg: provide options to avoid service startup on package installation

reassign -1 debian-policy thanks signature.asc Description: This is a digitally signed message part.

Bug#804018: dpkg: provide options to avoid service startup on package installation

Hi Patrick, you are aware of echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d to implement exactly this? cheers, Holger signature.asc Description: This is a digitally signed message part.

Bug#770448: reassigning to dpkg (Setting up libpam-modules-bin (1.1.8-3.1) hangs forever with dpkg using 100% cpu)

On Sonntag, 7. Dezember 2014, Niels Thykier wrote: For reference, dpkg is upgraded to 1.17.21 before the problem occurs. It is possible that this is fixed in dpkg 1.17.22 (which is not in Jessie). FWIW,

Bug#768466: [pkg-php-pear] Bug#768466: php-htmlpurifier: fails to install

Hi David, On Freitag, 7. November 2014, David Prévot wrote: I’m not able to get the dpkg version out of the provided log, but given the date, (2014-11-01 21:29:50 UTC), I’d expect it to be still dpkg/1.17.13 (while 1.17.21 migrated to Jessie on 2014-11-03). Can you please update the chroot

Bug#768598: font-config: cycle found while processing triggers

package: font-config severity: serious x-debbugs-cc: debian-d...@lists.debian.org Hi, I'm not 100% sure the following issue is caused by font-config, please reassign appropriatly if it is not. https://jenkins.debian.net/job/chroot-installation_wheezy_install_education-

Bug#768599: man-db: cycle found while processing triggers:

package: man-db severity: serious x-debbugs-cc: debian-d...@lists.debian.org Hi, I'm not 100% sure the following issue is caused by man-db, please reassign appropriatly if it is not. https://jenkins.debian.net/job/chroot-installation_wheezy_install_education-

Bug#768600: readahead-fedora: cycle found while processing triggers

package: readahead-fedora severity: serious x-debbugs-cc: debian-d...@lists.debian.org Hi, I'm not 100% sure the following issue is caused by readahead-fedora, please reassign appropriatly if it is not. (eg or is it man-db?)

Bug#659129: using pbzip2 or pigz when building packages

Hi Guillem, thanks for following up on these bugs! And for maintaining dpkg in the first place! :-) On Samstag, 14. Juni 2014, Guillem Jover wrote: I'm merging with the already filed bug report, because the request seems confused. The time spent when building kernel packages rests in

Bug#746354: closed by Guillem Jover guil...@debian.org (Bug#746354: fixed in dpkg 1.17.9)

Hi Guillem, thanks for fixing this bug so fast! cheers, Holger signature.asc Description: This is a digitally signed message part.

Bug#659129: using pbzip2 or pigz when building packages

package: dpkg-dev severity: wishlist Hi, it would be awesome if dpkg-dev would support this nativly. cheers, Holger -- Forwarded Message -- Betreff: using pbzip2 or pigz when building packages Datum: Mittwoch, 11. Januar 2012 Von: Holger Levsen hol...@layer

Bug#609327: unpacking of 3.0 format creates files with perms 000

package: dpkg version: 1.14.31 Hi, I'm sponsoring the typo3-src packages into Debian and when a new request for sponsoring arrives I usually compare the new version with the old version with either debdiff or meld. Recently the package switched it source format to 3.0 and now some files have

Bug#523745: please log sha1sum of installed debs

package: dpkg severity: wishlist tags: security version: 1.14.25 Hi, during a discussion about how to compromise the security of a Debian system I noticed that /var/log/dpkg.log just logs the version number of the packages installed, thus one can inject a on-the-fly-modified .deb with the same

Bug#523745: please log sha1sum of installed debs

Hi, On Sonntag, 12. April 2009, Raphael Hertzog wrote: How can you tag this security while saying provided that the user doesn't care of the security. I was waking up (finishing my mental backlog from yesterday) and thought of a different meaning of security: affecting security, not causing