Hi! On Fri, 2018-11-09 at 11:48:27 +0100, Guillem Jover wrote: > On Thu, 2018-11-08 at 20:28:57 +0000, Holger Levsen wrote: > > On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote: > > > We were again biten by this issue for some security-updates (most > > > recent one nginx). Do any involved parties know, was there any > > > progress in adressing this problem? > > Sorry, had your earlier mail from July marked for reply, but it seems > I missed that. :/ > > > in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869184#40 Guillem > > wrote: > > > > Perhaps the simplest and more correct might be to name it using > > something like source+amd64 as the arch name, which seems like a > > dubious arch, but at least is accurate and might be trivial to > > implement, taking care of not ending up with such fake arch in > > unexpected places… > > > > and I cannot find anything wrong with this simple solution and have > > already asked Guillem in August to implement this ;) > > So, as I mentioned at the time this would require modifing the internal > filtering of the debian/files entries to cover this case in several of > the tools. It also modifies the documented filename pattern in > deb-buildinfo(5). This is all solvable and I should probably just do it. > But this breaks previous public filename "interfaces", seems rather > intrusive, and entirely inappropriate for a stable update, which means > it would not fix your immediate problems anyway, only starting with > Buster. :/
Actually, I guess the other option that might be an option for stable is to make dpkg-buildpackage generate the buildinfo file itself, and on source-only uploads force the name to be _source.buildinfo regardless of the options passed down to dpkg-genbuildinfo (even if the contents will end up not matching the name). This would seem rather less intrusive, as that only changes the behavior in a "corner-case" (even though documented and recommended one), when using «dpkg-buildpackage --changes-option=-S». And while it could be considered to produce confusing filenames, it sticks to the current pattern. It would also fix the other bug where running dpkg-genbuildinfo leaves debian/files around, even on source only builds. So, I might go with that instead. Thanks, Guillem
