Package: ftp.debian.org Severity: important [ I pondered to make it RC, feel free to adjust... ]
Hi, $ grep buildinfo libreoffice_4.3.3-2+deb8u7_source+amd64+all.changes bcc561d0ccdcbada26809bae7ee9d8e0d3bb23c8 15696 libreoffice_4.3.3-2+deb8u7_source.buildinfo 0ec1d03f1d6b789c8a1d6d374185892dba2008d6b8398b3394d607c0ddef7809 15696 libreoffice_4.3.3-2+deb8u7_source.buildinfo 8701eadc28010054360951434f9be8c1 15696 editors optional libreoffice_4.3.3-2+deb8u7_source.buildinfo Yes, this is not really expected for a _jessie_ update but I built the source package in stretch and fed it to sbuild without thinking of .buildinfo. This resulted in the packages never appearing in s-p-u (or well, being REJECTED). >From my IRC logs (2017-04-30): 08:25 < jcristau> adsb: i didn't want to re-sign the dsc since it's already published on security... 08:54 < jcristau> adsb: reuploading rene's .changes including the buildinfo 08:55 < jcristau> let's see what happens 08:55 < jcristau> maybe it'll complain about .dsc replay 09:28 < jcristau> libreoffice | 1:4.3.3-2+deb8u7 | stable-new | source, amd64 [...] 09:53 < _rene_> jcristau: did I broke something? (yes, admittedly I did debuild -S -i on my host stretch and then fed it to sbuild for jessie..) 09:53 < _rene_> s/broke/break/ 09:54 < _rene_> jcristau: (and then mergechanges) 09:56 -!- Guest1495 [~p...@pabs.user.oftc.net] has quit [Ping timeout: 480 seconds] 10:00 < jcristau> _rene_: the sync from security to ftp-master doesn't know about buildinfo, so it tried to upload without it, and queued choked 10:00 < _rene_> ah 10:01 < jcristau> so last night i removed buildinfo from .changes and re-signed, but that got rejected as different key from the .dsc; this morning i just uploaded your .changes including the buildinfo which was kept on security-master 10:02 < jcristau> we should be ok now, other than getting the other archs back from reject, i think 10:02 < _rene_> yeah, saw the reject and wondered, then saw parts of the discussion here, and wondered more ;) 10:02 * _rene_ would have assumed security did a dput which wouldn't have breaked, would it? 10:02 < _rene_> does it do manual stuff? 10:03 < jcristau> find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + 10:03 < jcristau> and then queued uploads from /srv/queued/ftpmaster to usper 10:03 < _rene_> ugh 10:03 < jcristau> but i'm guessing buildinfo isn't in /accepted 10:04 < _rene_> ok, but that means any stretch-security thing will have that problem? 10:04 < _rene_> built on stretch with .buildinfo... 10:05 < _rene_> probably needs to be fixed before stretch gets DSAs ;) So if I get this right any package having .buildinfo will fail at this stage. Which will get problematic in stretch security updates since anything built inside stretch will not only have the source but also the binary .buildinfo's. I think this must be (somehow) fixed before stretch releases to be able to do security updates (well, sync them into s-p-u and not get lost and needing manual recovery). Regards, Rene