Re: Growing file lists after python2.7 rebuild
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This bug is still present on Debian Wheezy when upgrading from 2.7.3-6 to 2.7.3-6+deb7u2. Cheers, On 16/03/14 12:22, Moritz Mühlenhoff wrote: > On Thu, Mar 13, 2014 at 09:42:04PM +0100, Moritz Mühlenhoff wrote: >> Thanks a lot for your analysis. I'll make a test build tomorrow >> and follow up. > > Seems to have worked. python2.7 DSA will be released tomorrow. > > Cheers, Moritz > > - -- Luis Alejandro Martínez Faneyth Blog: http://huntingbears.com.ve Github: http://github.com/LuisAlejandro Twitter: http://twitter.com/LuisAlejandro CODE IS POETRY -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJTYQoZAAoJEPYUWpXnjaouVOgP/3yVnWt6gjTxFnQVxW+ItN21 ddwfS6/D352Ce6+YMPhCnu2/+HbRSSKbtW9l+R/6NBOxldoM0kzjt38w3fWQrJ/P LQo76uyjxDtvE0IDtc3fLX78+qroUdae3ipYy9XDTfFkfW4c1LdDM1gd4wWqazL4 rsiF5AoVT97vdGMlb0A290o+G9Xi+8O2YvvXPkebpgNxPwTUZIhDFSUlXMcak2nZ 23TTZxpjQGRrlkWWx5iisAmXcHzEw5IJCPL/yi8vkxiE5H/gd3aXBlaEr3MpgPuX XH2zqB4r0r/pLlKSyECnlOZ0L6QA9XnBcck54ZBec+6HvzDSboaNF1wbGv2SDuHN XL7wVzPNO7vzc6DNoag4ZB7Nz+bBI5hAWfDtrkMiGQeAVCXx82HW9VmIw5ZPKsgD OuoNBrdPoQ3kbBJ6DQwkPkgHlxMt3ZB074ry0IVHn4PqLUgMKeUPAZ2mDF6GYuV6 m8KU2e1dRPhwh5xF0gWU6N9Gr2JWoy9iiyg4oNZY7/xONrcg8tOBatGVcqDtu3zq OvZcRUjQwCRfPEIZ+LqdmCPQmjGHAg7M2j7kQ7Px3qOxDb7qEoX3S/11GLyB+ZAW fWjEegJIsR+80JjK5nRpdNhoBpNBnY5dRiuu9V9Mfw81al2ILL5X5WJjwZaULFdx vOHTW34IsFN5JKCePGMs =bTvl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/blu0-smtp2066bd43965147b4bde088c8b...@phx.gbl
Re: Growing file lists after python2.7 rebuild
On Thu, Mar 13, 2014 at 09:42:04PM +0100, Moritz Mühlenhoff wrote: > Thanks a lot for your analysis. I'll make a test build tomorrow and follow up. Seems to have worked. python2.7 DSA will be released tomorrow. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140316165248.GB4736@pisco.westfalen.local
Re: Growing file lists after python2.7 rebuild
On Wed, Mar 12, 2014 at 12:47:18AM +0100, Jakub Wilk wrote: > [This is a copy of what I sent to #702005 (after unarchiving it), which > didn't show up on bugs.d.o yet.] > > According to python2.7-minimal's README.Debian, the _ssl and _hashlib are > supposed to be included in the -minimal package. > python2.7-minimal_2.7.3-6_amd64.deb indeed includes them both, but on every > other architecture they are shipped in python2.7. > > Worse, if you rebuild wheezy's src:python2.7 in a clean environment, the > modules move to python2.7, likely leading to upgrade problem similar to that > reported a while ago: Urgs. I'll contact the people doing archive rebuilds; file lists could be compared for successful builds. There are several Java packages in Wheezy which have broken file lists after a rebuild. > * Vincent Lefevre , 2013-03-01, 17:00: > >Unpacking replacement python2.7 ... > >dpkg: error processing /var/cache/apt/archives/python2.7_2.7.3-7_amd64.deb > >(--unpack): > >trying to overwrite '/usr/lib/python2.7/lib-dynload/_hashlib.so', which is > >also in package python2.7-minimal 2.7.3-6 > >dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) > > > I believe the bug lies in the following part of debian/rules: > > DH_COMPAT=2 dh_movefiles -p$(p_min) --sourcedir=$(d) \ > usr/bin/python$(VER) \ > usr/share/man/man1/python$(VER).1 \ > $(foreach i,$(MIN_MODS),$(scriptdir)/$(i).py) \ > $(foreach i,$(MIN_PACKAGES),$(scriptdir)/$(i)) \ > $(foreach i,$(MIN_ENCODINGS),$(scriptdir)/$(i)) \ > $(scriptdir)/config/Makefile \ > usr/include/$(PVER)/pyconfig.h \ > $(scriptdir)/site.py \ > $(shell cd $(d); for i in $(MIN_EXTS); do \ > test -e $(scriptdir)/lib-dynload/$$i.so \ > && echo $(scriptdir)/lib-dynload/$$i.so; \ > done; true) > > The culprit appears to be that make expands $(shell ... ) too early, when no > *.so files exist yet. > > Replacing $(shell ... ) with $$( ... ), and then adding appropriate > Breaks+Replaces should fix this bug. (I haven't tested the proposed fix in > practice yet.) Thanks a lot for your analysis. I'll make a test build tomorrow and follow up. > It still don't understand why this bug didn't trigger for the amd64 package. > Perhaps the build log could shed some light on it. Unfortunately I don't have the build log for the deb7u1 upload, the amd64 version was the one I uploaded and I didn't save the log. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140313204204.GA3222@pisco.westfalen.local
Re: Growing file lists after python2.7 rebuild
[This is a copy of what I sent to #702005 (after unarchiving it), which didn't show up on bugs.d.o yet.] According to python2.7-minimal's README.Debian, the _ssl and _hashlib are supposed to be included in the -minimal package. python2.7-minimal_2.7.3-6_amd64.deb indeed includes them both, but on every other architecture they are shipped in python2.7. Worse, if you rebuild wheezy's src:python2.7 in a clean environment, the modules move to python2.7, likely leading to upgrade problem similar to that reported a while ago: * Vincent Lefevre , 2013-03-01, 17:00: Unpacking replacement python2.7 ... dpkg: error processing /var/cache/apt/archives/python2.7_2.7.3-7_amd64.deb (--unpack): trying to overwrite '/usr/lib/python2.7/lib-dynload/_hashlib.so', which is also in package python2.7-minimal 2.7.3-6 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) I believe the bug lies in the following part of debian/rules: DH_COMPAT=2 dh_movefiles -p$(p_min) --sourcedir=$(d) \ usr/bin/python$(VER) \ usr/share/man/man1/python$(VER).1 \ $(foreach i,$(MIN_MODS),$(scriptdir)/$(i).py) \ $(foreach i,$(MIN_PACKAGES),$(scriptdir)/$(i)) \ $(foreach i,$(MIN_ENCODINGS),$(scriptdir)/$(i)) \ $(scriptdir)/config/Makefile \ usr/include/$(PVER)/pyconfig.h \ $(scriptdir)/site.py \ $(shell cd $(d); for i in $(MIN_EXTS); do \ test -e $(scriptdir)/lib-dynload/$$i.so \ && echo $(scriptdir)/lib-dynload/$$i.so; \ done; true) The culprit appears to be that make expands $(shell ... ) too early, when no *.so files exist yet. Replacing $(shell ... ) with $$( ... ), and then adding appropriate Breaks+Replaces should fix this bug. (I haven't tested the proposed fix in practice yet.) It still don't understand why this bug didn't trigger for the amd64 package. Perhaps the build log could shed some light on it. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140311234718.ga6...@jwilk.net
Re: Growing file lists after python2.7 rebuild
On Tue, Mar 11, 2014 at 07:26:55PM +0100, Jakub Wilk wrote: > * Moritz Muehlenhoff , 2014-03-11, 18:30: > >I prepared a security update for python2.7 in stable-security fixing > >CVE-2013-4238 and CVE-2014-1912. But rebuilding the package caused changes > >in the file list which are not obvious to me: > > > >In python2.7-minimal: > >+/usr/lib/python2.7/lib-dynload/_hashlib.so > >+/usr/lib/python2.7/lib-dynload/_ssl.so > > > >In python2.7: > >+/usr/lib/python2.7/lib-dynload/_hashlib.so > >+/usr/lib/python2.7/lib-dynload/_ssl.so > > Unexpected migrations of these modules between python2.7 and > python2.7-minimal have been observed in the past: #702005. Turns out that > sweeping the problem under the carpet, instead of fixing it properly, wasn't > the best strategy… > > >Does anyone have an idea what's going wrong? debian/rules has some > >commented entries for lib-dynload/_bsddb.so, so this seems to be a generic > >problem? > > No idea yet, but I will look into it. Thanks! > >This happened both for my local build and on the buildd. Source package > >and build log are on http://people.debian.org/~jmm/ > > “You don't have permission to access > /~jmm/python2.7_2.7.3-6+deb7u1_i386-20140305-1206.gz on this server.” Doh, fixed. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140311190907.GA2960@pisco.westfalen.local
Re: Growing file lists after python2.7 rebuild
* Moritz Muehlenhoff , 2014-03-11, 18:30: I prepared a security update for python2.7 in stable-security fixing CVE-2013-4238 and CVE-2014-1912. But rebuilding the package caused changes in the file list which are not obvious to me: In python2.7-minimal: +/usr/lib/python2.7/lib-dynload/_hashlib.so +/usr/lib/python2.7/lib-dynload/_ssl.so In python2.7: +/usr/lib/python2.7/lib-dynload/_hashlib.so +/usr/lib/python2.7/lib-dynload/_ssl.so Unexpected migrations of these modules between python2.7 and python2.7-minimal have been observed in the past: #702005. Turns out that sweeping the problem under the carpet, instead of fixing it properly, wasn't the best strategy… Does anyone have an idea what's going wrong? debian/rules has some commented entries for lib-dynload/_bsddb.so, so this seems to be a generic problem? No idea yet, but I will look into it. This happened both for my local build and on the buildd. Source package and build log are on http://people.debian.org/~jmm/ “You don't have permission to access /~jmm/python2.7_2.7.3-6+deb7u1_i386-20140305-1206.gz on this server.” -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140311182655.gb8...@jwilk.net
Growing file lists after python2.7 rebuild
i, (I realise this list is primarily on packaging Python modules, but since I got no response from the Python maintainer, I'm trying it here) I prepared a security update for python2.7 in stable-security fixing CVE-2013-4238 and CVE-2014-1912. But rebuilding the package caused changes in the file list which are not obvious to me: In python2.7-minimal: +/usr/lib/python2.7/lib-dynload/_hashlib.so +/usr/lib/python2.7/lib-dynload/_ssl.so In python2.7: +/usr/lib/python2.7/lib-dynload/_hashlib.so +/usr/lib/python2.7/lib-dynload/_ssl.so Does anyone have an idea what's going wrong? debian/rules has some commented entries for lib-dynload/_bsddb.so, so this seems to be a generic problem? This happened both for my local build and on the buildd. Source package and build log are on http://people.debian.org/~jmm/ Cheers, Moritz -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140311173017.ga17...@inutil.org