On Mon, Aug 13, 2018 at 04:08:37PM -0400, Sergio Durigan Junior wrote: > Package: pbuilder > Version: 0.229.3 > Severity: normal > > Hi there, > > While building the cvc4 package for upload, I tried setting > SOURCE_ONLY_CHANGES=yes in order to generate a *_source.changes file. > Everything was apparently fine, but when I tried to upload to changes > file, I got the following error: > > $ dput ftp-master cvc4_1.6-2_source.changes > Uploading cvc4 using ftp to ftp-master (host: ftp.upload.debian.org; > directory: /pub/UploadQueue/) > running allowed-distribution: check whether a local profile permits uploads > to the target distribution > running protected-distribution: warn before uploading to distributions > where a special policy applies > running checksum: verify checksums before uploading > Bad checksums on cvc4_1.6-2_source.changes: Checksum mismatch for file > cvc4_1.6-2.dsc: b65d2b868fd05a6aeb7606e5f03a05f3 != > f83d68e6a9f76c3a887d3ff6e7b498f9 > > Comparing the cvc4_1.6-2_source.changes file against the > cvc4_1.6-2_amd64.changes file, one can see that the checksum for the > cvc4_1.6-2.dsc file is indeed different between them. In the end, I had > to do a normal upload. > > I'm using gbp buildpackage with pbuilder behind the curtains, and my > config files are: > > $ cat .pbuilderrc > # Automatically sign builds. > AUTO_DEBSIGN=yes > PDEBUILD_PBUILDER=cowbuilder > BUILDRESULT=$PWD/../ > SOURCE_ONLY_CHANGES=yes
Hi, Sergio Currently, when both arch.changes and source.changes files are present and --auto-debsign is enabled, pdebuild will only sign the arch.changes file. See https://bugs.debian.org/932743. It may be that when signing arch.changes file it also signs .dsc and .buildinfo files, thus modifying them. This makes checksums into source.changes file no longer match those of the signed files. If that is the case, that source.changes file would have been useless anyway since it is not signed. In #932743 Mattia Rizzolo has proposed a patch to sign both .changes files, you may want to try it. Hope this helps. -- Agustin
