Re: Growing file lists after python2.7 rebuild

2014-04-30 Thread Luis Alejandro Martínez Faneyth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This bug is still present on Debian Wheezy when upgrading from 2.7.3-6
to 2.7.3-6+deb7u2.

Cheers,

On 16/03/14 12:22, Moritz Mühlenhoff wrote:
 On Thu, Mar 13, 2014 at 09:42:04PM +0100, Moritz Mühlenhoff wrote:
 Thanks a lot for your analysis. I'll make a test build tomorrow
 and follow up.
 
 Seems to have worked. python2.7 DSA will be released tomorrow.
 
 Cheers, Moritz
 
 

- -- 
Luis Alejandro Martínez Faneyth
Blog: http://huntingbears.com.ve
Github: http://github.com/LuisAlejandro
Twitter: http://twitter.com/LuisAlejandro

CODE IS POETRY
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJTYQoZAAoJEPYUWpXnjaouVOgP/3yVnWt6gjTxFnQVxW+ItN21
ddwfS6/D352Ce6+YMPhCnu2/+HbRSSKbtW9l+R/6NBOxldoM0kzjt38w3fWQrJ/P
LQo76uyjxDtvE0IDtc3fLX78+qroUdae3ipYy9XDTfFkfW4c1LdDM1gd4wWqazL4
rsiF5AoVT97vdGMlb0A290o+G9Xi+8O2YvvXPkebpgNxPwTUZIhDFSUlXMcak2nZ
23TTZxpjQGRrlkWWx5iisAmXcHzEw5IJCPL/yi8vkxiE5H/gd3aXBlaEr3MpgPuX
XH2zqB4r0r/pLlKSyECnlOZ0L6QA9XnBcck54ZBec+6HvzDSboaNF1wbGv2SDuHN
XL7wVzPNO7vzc6DNoag4ZB7Nz+bBI5hAWfDtrkMiGQeAVCXx82HW9VmIw5ZPKsgD
OuoNBrdPoQ3kbBJ6DQwkPkgHlxMt3ZB074ry0IVHn4PqLUgMKeUPAZ2mDF6GYuV6
m8KU2e1dRPhwh5xF0gWU6N9Gr2JWoy9iiyg4oNZY7/xONrcg8tOBatGVcqDtu3zq
OvZcRUjQwCRfPEIZ+LqdmCPQmjGHAg7M2j7kQ7Px3qOxDb7qEoX3S/11GLyB+ZAW
fWjEegJIsR+80JjK5nRpdNhoBpNBnY5dRiuu9V9Mfw81al2ILL5X5WJjwZaULFdx
vOHTW34IsFN5JKCePGMs
=bTvl
-END PGP SIGNATURE-


--
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/blu0-smtp2066bd43965147b4bde088c8b...@phx.gbl



Re: Growing file lists after python2.7 rebuild

2014-03-16 Thread Moritz Mühlenhoff
On Thu, Mar 13, 2014 at 09:42:04PM +0100, Moritz Mühlenhoff wrote:
 Thanks a lot for your analysis. I'll make a test build tomorrow and follow up.

Seems to have worked. python2.7 DSA will be released tomorrow.

Cheers,
 Moritz


-- 
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140316165248.GB4736@pisco.westfalen.local



Re: Growing file lists after python2.7 rebuild

2014-03-13 Thread Moritz Mühlenhoff
On Wed, Mar 12, 2014 at 12:47:18AM +0100, Jakub Wilk wrote:
 [This is a copy of what I sent to #702005 (after unarchiving it), which
 didn't show up on bugs.d.o yet.]
 
 According to python2.7-minimal's README.Debian, the _ssl and _hashlib are
 supposed to be included in the -minimal package.
 python2.7-minimal_2.7.3-6_amd64.deb indeed includes them both, but on every
 other architecture they are shipped in python2.7.
 
 Worse, if you rebuild wheezy's src:python2.7 in a clean environment, the
 modules move to python2.7, likely leading to upgrade problem similar to that
 reported a while ago:

Urgs. 

I'll contact the people doing archive rebuilds; file lists could be compared
for successful builds. 

There are several Java packages in Wheezy which have broken file lists after
a rebuild.

 * Vincent Lefevre vinc...@vinc17.net, 2013-03-01, 17:00:
 Unpacking replacement python2.7 ...
 dpkg: error processing /var/cache/apt/archives/python2.7_2.7.3-7_amd64.deb 
 (--unpack):
 trying to overwrite '/usr/lib/python2.7/lib-dynload/_hashlib.so', which is 
 also in package python2.7-minimal 2.7.3-6
 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
 
 
 I believe the bug lies in the following part of debian/rules:
 
   DH_COMPAT=2 dh_movefiles -p$(p_min) --sourcedir=$(d) \
   usr/bin/python$(VER) \
   usr/share/man/man1/python$(VER).1 \
   $(foreach i,$(MIN_MODS),$(scriptdir)/$(i).py) \
   $(foreach i,$(MIN_PACKAGES),$(scriptdir)/$(i)) \
   $(foreach i,$(MIN_ENCODINGS),$(scriptdir)/$(i)) \
   $(scriptdir)/config/Makefile \
   usr/include/$(PVER)/pyconfig.h \
   $(scriptdir)/site.py \
   $(shell cd $(d); for i in $(MIN_EXTS); do \
   test -e $(scriptdir)/lib-dynload/$$i.so \
  echo $(scriptdir)/lib-dynload/$$i.so; \
 done; true)
 
 The culprit appears to be that make expands $(shell ... ) too early, when no
 *.so files exist yet.
 
 Replacing $(shell ... ) with $$( ... ), and then adding appropriate
 Breaks+Replaces should fix this bug. (I haven't tested the proposed fix in
 practice yet.)

Thanks a lot for your analysis. I'll make a test build tomorrow and follow up.
 
 It still don't understand why this bug didn't trigger for the amd64 package.
 Perhaps the build log could shed some light on it.

Unfortunately I don't have the build log for the deb7u1 upload, the amd64
version was the one I uploaded and I didn't save the log.

Cheers,
Moritz





-- 
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140313204204.GA3222@pisco.westfalen.local



Re: Growing file lists after python2.7 rebuild

2014-03-11 Thread Jakub Wilk

* Moritz Muehlenhoff j...@debian.org, 2014-03-11, 18:30:
I prepared a security update for python2.7 in stable-security fixing 
CVE-2013-4238 and CVE-2014-1912. But rebuilding the package caused 
changes in the file list which are not obvious to me:


In python2.7-minimal:
+/usr/lib/python2.7/lib-dynload/_hashlib.so
+/usr/lib/python2.7/lib-dynload/_ssl.so

In python2.7:
+/usr/lib/python2.7/lib-dynload/_hashlib.so
+/usr/lib/python2.7/lib-dynload/_ssl.so


Unexpected migrations of these modules between python2.7 and 
python2.7-minimal have been observed in the past: #702005. Turns out 
that sweeping the problem under the carpet, instead of fixing it 
properly, wasn't the best strategy…


Does anyone have an idea what's going wrong? debian/rules has some 
commented entries for lib-dynload/_bsddb.so, so this seems to be a 
generic problem?


No idea yet, but I will look into it.

This happened both for my local build and on the buildd. Source package 
and build log are on http://people.debian.org/~jmm/


“You don't have permission to access 
/~jmm/python2.7_2.7.3-6+deb7u1_i386-20140305-1206.gz on this server.”


--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140311182655.gb8...@jwilk.net



Re: Growing file lists after python2.7 rebuild

2014-03-11 Thread Moritz Mühlenhoff
On Tue, Mar 11, 2014 at 07:26:55PM +0100, Jakub Wilk wrote:
 * Moritz Muehlenhoff j...@debian.org, 2014-03-11, 18:30:
 I prepared a security update for python2.7 in stable-security fixing
 CVE-2013-4238 and CVE-2014-1912. But rebuilding the package caused changes
 in the file list which are not obvious to me:
 
 In python2.7-minimal:
 +/usr/lib/python2.7/lib-dynload/_hashlib.so
 +/usr/lib/python2.7/lib-dynload/_ssl.so
 
 In python2.7:
 +/usr/lib/python2.7/lib-dynload/_hashlib.so
 +/usr/lib/python2.7/lib-dynload/_ssl.so
 
 Unexpected migrations of these modules between python2.7 and
 python2.7-minimal have been observed in the past: #702005. Turns out that
 sweeping the problem under the carpet, instead of fixing it properly, wasn't
 the best strategy…
 
 Does anyone have an idea what's going wrong? debian/rules has some
 commented entries for lib-dynload/_bsddb.so, so this seems to be a generic
 problem?
 
 No idea yet, but I will look into it.

Thanks!
 
 This happened both for my local build and on the buildd. Source package
 and build log are on http://people.debian.org/~jmm/
 
 “You don't have permission to access
 /~jmm/python2.7_2.7.3-6+deb7u1_i386-20140305-1206.gz on this server.”

Doh, fixed.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140311190907.GA2960@pisco.westfalen.local



Re: Growing file lists after python2.7 rebuild

2014-03-11 Thread Jakub Wilk
[This is a copy of what I sent to #702005 (after unarchiving it), which 
didn't show up on bugs.d.o yet.]


According to python2.7-minimal's README.Debian, the _ssl and _hashlib 
are supposed to be included in the -minimal package. 
python2.7-minimal_2.7.3-6_amd64.deb indeed includes them both, but on 
every other architecture they are shipped in python2.7.


Worse, if you rebuild wheezy's src:python2.7 in a clean environment, the 
modules move to python2.7, likely leading to upgrade problem similar to 
that reported a while ago:


* Vincent Lefevre vinc...@vinc17.net, 2013-03-01, 17:00:

Unpacking replacement python2.7 ...
dpkg: error processing /var/cache/apt/archives/python2.7_2.7.3-7_amd64.deb 
(--unpack):
trying to overwrite '/usr/lib/python2.7/lib-dynload/_hashlib.so', which is also 
in package python2.7-minimal 2.7.3-6
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)



I believe the bug lies in the following part of debian/rules:

DH_COMPAT=2 dh_movefiles -p$(p_min) --sourcedir=$(d) \
usr/bin/python$(VER) \
usr/share/man/man1/python$(VER).1 \
$(foreach i,$(MIN_MODS),$(scriptdir)/$(i).py) \
$(foreach i,$(MIN_PACKAGES),$(scriptdir)/$(i)) \
$(foreach i,$(MIN_ENCODINGS),$(scriptdir)/$(i)) \
$(scriptdir)/config/Makefile \
usr/include/$(PVER)/pyconfig.h \
$(scriptdir)/site.py \
$(shell cd $(d); for i in $(MIN_EXTS); do \
test -e $(scriptdir)/lib-dynload/$$i.so \
   echo $(scriptdir)/lib-dynload/$$i.so; \
  done; true)

The culprit appears to be that make expands $(shell ... ) too early, 
when no *.so files exist yet.


Replacing $(shell ... ) with $$( ... ), and then adding appropriate 
Breaks+Replaces should fix this bug. (I haven't tested the proposed fix 
in  practice yet.)


It still don't understand why this bug didn't trigger for the amd64 
package. Perhaps the build log could shed some light on it.


--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140311234718.ga6...@jwilk.net