Bug#1032628: please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2

2023-03-10 Thread Holger Levsen 
Package: libapache2-mod-proxy-uwsgi
Version: 2.4.56-1
Severity: normal
user: qa.debian@packages.debian.org
usertags: transitional

Please drop the transitional package libapache2-mod-proxy-uwsgi (from the 
source package apache2) after the release of bookworm, it has been released 
with buster and bullseye already...


Description: transitional package
Package: libapache2-mod-proxy-uwsgi
Version: 2.4.38-3+deb10u8
Version: 2.4.54-1~deb11u1
Version: 2.4.56-1

Thanks for maintaining apache2!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Try to imagine a future where paying for your morning coffee involved smashing
an iPhone and burning enough fossil fuels to run your entire household for 60
days. That's the environmental cost of the "revolutionary" technology behind
Bitcoin in a nutshell. https://twitter.com/smdiehl/status/1350869944888664064


signature.asc
Description: PGP signature

Bug#1032629: please drop transitional package apertium-es-ca from src:apertium-spa-cat

2023-03-10 Thread Holger Levsen 
Package: apertium-es-ca
Version: 2.2.0-3
Severity: normal
user: qa.debian@packages.debian.org
usertags: transitional

Please drop the transitional package apertium-es-ca (from the source package 
apertium-spa-cat) after the release of bookworm, it has been released with 
buster and bullseye already...


Description: Transitional dummy package for apertium-spa-cat
Package: apertium-es-ca
Version: 2.1.0~r79717-2
Version: 2.2.0-2
Version: 2.2.0-3

Thanks for maintaining apertium-spa-cat!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not climate change nor climate crisis, it's climate disaster.


signature.asc
Description: PGP signature

Bug#1032625: please drop transitional package acedb-other-belvu from src:acedb

2023-03-10 Thread Holger Levsen 
Package: acedb-other-belvu
Version: 4.9.39+dfsg.02-7
Severity: normal
user: qa.debian@packages.debian.org
usertags: transitional

Please drop the transitional package acedb-other-belvu (from the source package 
acedb) after the release of bookworm, it has been released with buster and 
bullseye already...


Description: transitional package for belvu
Package: acedb-other-belvu
Version: 4.9.39+dfsg.02-4
Version: 4.9.39+dfsg.02-5
Version: 4.9.39+dfsg.02-7

Thanks for maintaining acedb!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Plastic bottles: made to last forever, designed to throw away.


signature.asc
Description: PGP signature

Bug#1032627: please drop transitional package libapache2-mod-md from src:apache2

2023-03-10 Thread Holger Levsen 
Package: libapache2-mod-md
Version: 2.4.56-1
Severity: normal
user: qa.debian@packages.debian.org
usertags: transitional

Please drop the transitional package libapache2-mod-md (from the source package 
apache2) after the release of bookworm, it has been released with buster and 
bullseye already...


Description: transitional package
Package: libapache2-mod-md
Version: 2.4.38-3+deb10u8
Version: 2.4.54-1~deb11u1
Version: 2.4.56-1

Thanks for maintaining apache2!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Any business accepting Bitcoin is participating in the human race’s suicide.


signature.asc
Description: PGP signature

Bug#1032440: www.d.o: please link to single html page version of developers-reference

2023-03-06 Thread Holger Levsen 
package: www.debian.org
severity: wishlist
x-debbugs-cc: debian-de...@lists.debian.org

hi,

On Mon, Mar 06, 2023 at 07:46:43PM +, Holger Levsen wrote:
> [...], there's a single page HTML version available again, eg on
> https://www.debian.org/doc/manuals/developers-reference/developers-reference.html
> which could be linked from https://www.debian.org/doc/devel-manuals#devref
> again. 

& thank you for maintaining www.debian.org!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The past is over.


signature.asc
Description: PGP signature

Bug#1031780: tracker.debian.org: add information about patches

2023-02-28 Thread Holger Levsen 
On Mon, Feb 27, 2023 at 10:05:46PM +0100, Raphael Hertzog wrote:
> On Sun, 26 Feb 2023, Guillem Jover wrote:
> > The links for diaspora do not seem to be working though, as at least
> > the «+» in the version string is not getting encoded, and UDD gives:
> 
> Duh, I forgot to urlencode the parameters, fixed. (That thought actually
> popped up in my mind during my night... :-))
> 
> On Mon, 27 Feb 2023, Holger Levsen wrote:
> > from #debian-qa a few minutes ago:
> > 
> > < h01ger> buxy: tracker.d.o/debian-edu-config says debian/patches: low
> > < h01ger> Among the None debian patch available in version 2.12.31 of the 
> > package, we noticed the following issues:
> > < h01ger> while the package has no debian/patches/ ...
> 
> Fixed to properly skip packages using other source formats where UDD
> puts "null" values in JSON instead of the 0 that the code expected.

thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

40% of homeless people in the United States have full-time jobs.

Bug#1031780: tracker.debian.org: add information about patches

2023-02-27 Thread Holger Levsen 
On Sun, Feb 26, 2023 at 05:02:24PM +0100, Raphael Hertzog wrote:
> Thank you for working on this. I'm glad someone implemented
> it finally!

yes, the feature is great!
 
> I added the required support in tracker.debian.org, you can see the
> result:
> https://tracker.debian.org/pkg/diaspora
> https://tracker.debian.org/pkg/asciiart

from #debian-qa a few minutes ago:

< h01ger> buxy: tracker.d.o/debian-edu-config says debian/patches: low
< h01ger> Among the None debian patch available in version 2.12.31 of the 
package, we noticed the following issues:
< h01ger> while the package has no debian/patches/ ...
< h01ger> same with debian-security-support... 
< h01ger> buxy: OTOH, when it works, like for src:disorderfs the feature is 
great. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Menschen, die sich um die Klimakatastrophe sorgen, sind keine Klimaaktivisten
und auch nicht woke. Sie haben schlicht die Fähigkeit einen Wissenschaftlichen
Befund zu lesen und zu verstehen. (@DGlatzkopp)


signature.asc
Description: PGP signature

Bug#1030382: encourage Vcs-Git over other Vcs-* headers

2023-02-24 Thread Holger Levsen 
On Mon, Feb 20, 2023 at 01:59:21PM +, Jelmer Vernooij wrote:
> I've created a PR for devref - 
> https://salsa.debian.org/debian/developers-reference/-/merge_requests/41
 
fwiw, merged into developers-reference 12.16 in sid.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

A ship is always safe at shore, but that is not what it's built for.
(Albert Einstein)

Bug#1031393: tracker.debian.org: .dsc links to debian/pool/updates broken

2023-02-16 Thread Holger Levsen 
Package: tracker.debian.org
Severity: normal

Dear Maintainer,

from #debian-qa:

 the links to the .dsc files for (at least) stable-sec and stable-p-u 
on https://tracker.debian.org/pkg/spip are 404
 yeah those paths are broken
 debian/pool/updates isn't a thing
 either debian/pool/{main,etc} or debian-security/pool/updates


with many thanks for tracker.d.o!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

No mas pobres en un pais rico!


signature.asc
Description: PGP signature

Bug#1031122: debhelper: strip trailing white space in d/changelog

2023-02-13 Thread Holger Levsen 
On Sun, Feb 12, 2023 at 07:38:31AM +0100, Axel Beckert wrote:
> No. debhelper does not edit files which are checked by that check
> (namely debian/changelog, debian/control and debian/rules).

yup, I'd recommend to close this bug.
 
> P.S.: If you're an Emacs user, just run "M-x wh-cl" when editing
> debian/changelog and you're done.

also we have the Debian janitor now, which fixes these things for you,
if you let them. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The law, in its majestic equality, forbids the rich as well as the poor to
sleep under bridges, to beg in the streets, and to steal bread. (Anatole France)


signature.asc
Description: PGP signature

Bug#934536: info version shipped, but IMO complete, close this bug?

2023-02-13 Thread Holger Levsen 
On Sun, Feb 12, 2023 at 06:56:28AM +0900, Osamu Aoki wrote:
> Yes, info version is included and it contains appendix, too.
> So closing this bug is right action.

thanks for confirming!

> Thanks for your effort.
 
:) thanks.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Dat gifft in Plattdüütschen keen Woort för „Flüchtlinge”. Dat sünd allens Lüüd, 
Mischen, Kinners, Olle, Froons, Mannslüüd, so as Du un Ick.


signature.asc
Description: PGP signature

Bug#934536: info version shipped, but IMO complete, close this bug?

2023-02-09 Thread Holger Levsen 
hi,

actually I found the info version now, but it seems complete to me:

$ sudo apt install info
$ info developers-reference

# voila. /usr/share/info/developers-reference.info.gz is where the file is.

So I'm still inclined to close this bug.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Das Leben ist schön. Von 'einfach' war nie die Rede. (@lernzyklus)


signature.asc
Description: PGP signature

Bug#934536: info version not shipped, close this bug?

2023-02-09 Thread Holger Levsen 
control: tags -1 +moreinfo
thanks

hi,

(originally sent to the wrong (but archived) bug number...)

we're not shipping the manual in .info format, so I'm wondering whether this
bug should simply be closed, or why not?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Another end of the world is possible.


signature.asc
Description: PGP signature

Bug#934527: update on appendix situation

2023-02-09 Thread Holger Levsen 
hi,

some updates on this bug:

- the issue seems to have nothing to do with the single page html format,
  it's also present in the multi page html version, and the cause seems
  to be https://github.com/sphinx-doc/sphinx/issues/6614
- the issue is visible annoying in the generated package descriptions.
- the issue is less annoying in the HTML and epub versions, because there's
  the word 'appendix' prefacing the numbers.
- the issue is migated in the PDF version, where it's just chapter 9.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Es ist das laute Nein, hinter dem Ausrufezeichen stehen.


signature.asc
Description: PGP signature

Bug#801065: Documenting how to not fail postinst on service fails to starto

2023-02-08 Thread Holger Levsen 
On Wed, Feb 08, 2023 at 06:39:08PM +0100, Bill Allombert wrote:
> Note that the TC declining to rule on an issue does not override the policy 
> group right to make
> a determination on that issue. So we are back to the situation before the 
> referral to the TC.
 
do you think #801065 should be assigned from developers-reference to
debian-policy?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's climate crime, not climate change.


signature.asc
Description: PGP signature

Bug#801065: consent unclear

2023-02-08 Thread Holger Levsen 
On Wed, Feb 08, 2023 at 06:13:32PM +0100, Bill Allombert wrote:
> > not only based on that, but way more importantly that this would change
> > *years* of existing practice.
> Could you clarify which 'existing practices' ?
 
how Debian packages behaved in the last decades.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The wrong Amazon is burning.


signature.asc
Description: PGP signature

Bug#801065: Documenting how to not fail postinst on service fails to start

2023-02-08 Thread Holger Levsen 
retitle -1 turn #904558 into advice - how postinst should deal with failures
thanks

On Wed, Feb 08, 2023 at 09:26:58AM -0700, Sam Hartman wrote:
> The TC bug is 904558.

thank you very much for this pointer, that's a pretty good discussion,
which resulted in

-

So, the TC declines to rule on what should maintscripts do when failing 
to
(re)start a service (or otherwise encountering a similarly serious
problem).

-
(read the full result at 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904558#137 )

so I still think "#801065 discourage failing install or upgrade when service
fails to start" is the wrong recommendation for dev-ref.

That said, I'd still appreciate a patch that conveys the gist of #904558.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The apocalypse is here now, it’s just not equally distributed.


signature.asc
Description: PGP signature

Bug#801065: consent unclear

2023-02-08 Thread Holger Levsen 
hi,

btw, as pointed out on irc: I ment consensus, not consent. :)

On Wed, Feb 08, 2023 at 10:36:02AM -0500, Marvin Renich wrote:
> > I don't think there has been consent on the issue, thus I'm tagging it
> > moreinfo.
> > 
> > I'm also wondering whether to mark this bug as wontfix (until there is
> > consent) or to reassign to debian-policy or simply to close it.
> 
> I disagree.  Re-reading the messages to the bug report, We have
> "strongly support" from Sam Hartman, and "also in favor" from Russ
> Allbery and Bill Allombert.
> 
> The only objection was from Henrique de Moraes Holschuh based on lack of
> risk assessment from the mistaken impression

not only based on that, but way more importantly that this would change
*years* of existing practice.

> What is being proposed in this bug is simply a change to the Developers
> Reference to encourage package maintainers to allow dpkg installation to
> succeed even if the service fails to start, unless the package
> maintainer has a specific reason to do otherwise.

"patches welcome", especially for something which some perceive as simple
change!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Stop saying that we are all in the same boat.
We’re all in the same storm. But we’re not all in the same boat.


signature.asc
Description: PGP signature

Bug#801065: Documenting how to not fail postinst on service fails to start

2023-02-08 Thread Holger Levsen 
On Wed, Feb 08, 2023 at 08:39:36AM -0700, Sam Hartman wrote:
> >>>>> "Holger" == Holger Levsen  writes:
> Holger> I don't think there has been consent on the issue, thus I'm
> Holger> tagging it moreinfo.
> My reading of the TC and debian-devel discussion was that this was at
> least a reasonable thing for maintainers to do,

can you give pointers?

> and whether it should be done depended on the circumstances.

I do agree with that. I'm more against a general recommendation, depending
on the circumstances, it's the right thing to do.

> Holger, would you support adding a comment to 6.4 explaining how to do
> it?

surely.

> I'd write text but I'm honestly baffled how to accomplish this for
> systemd units with dh.
 
:)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Bottled water companies don't produce water, they produce plastic bottles.


signature.asc
Description: PGP signature

Bug#299927: debtags future unclear

2023-02-08 Thread Holger Levsen 
control: tags -1 +moreinfo
control: affects -1 debtags
thanks

hi,

https://lists.debian.org/msgid-search/20221019132043.d4c4liyt6s6qe...@enricozini.org
and
https://lists.debian.org/msgid-search/bb7064071ebd838a9e045a1916bba49a9b960d80.ca...@debian.org
indicate that debtags.debian.org might be shutdown after the release
of bookworm, thus tagging this bug moreinfo for now, as there's not
much point documenting something which is going away.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

figures don't lie, but liars figure.


signature.asc
Description: PGP signature

Bug#829611: updated url

2023-02-08 Thread Holger Levsen 
hi,

annex.debconf.org is gone, the slides are at 
https://salsa.debian.org/debconf-team/public/share/debconf16/-/raw/master/slides/13-we-need-you-to-release-debian.pdf


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Every time you see the word "smart" used to describe a device, replace it with
"surveillance." Surveillance watch. Surveillance streetlights. Surveillance
oven. Surveillance toilet. Surveillance car. Surveillance city. (@mollyali)


signature.asc
Description: PGP signature

Bug#801065: consent unclear

2023-02-08 Thread Holger Levsen 
control: tags -1 +moreinfo
thanks

hi,

I don't think there has been consent on the issue, thus I'm tagging it
moreinfo.

I'm also wondering whether to mark this bug as wontfix (until there is
consent) or to reassign to debian-policy or simply to close it.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Nach wieviel Einzelfällen wird ein Einzelfall zum Normalfall?
(Jan Böhmermann)


signature.asc
Description: PGP signature

Bug#660193: change trigged by this bug

2023-02-06 Thread Holger Levsen 
hi,

the bug got closed, but not in vain:

commit 61a395888206b5ef45beb3d47d5ae81471f85c78
Author: Holger Levsen 
Date:   Mon Feb 6 20:11:22 2023 +0100

tools: add a pointer to https://wiki.debian.org/debian/watch
when watch files are mentioned. Thanks to #660193

Signed-off-by: Holger Levsen 

diff --git a/source/tools.rst b/source/tools.rst
index aabdf6f..18af8e4 100644
--- a/source/tools.rst
+++ b/source/tools.rst
@@ -396,8 +396,9 @@ helpful for maintaining your Debian packages. Example 
scripts include
 is a wrapper around ``dpkg-buildpackage``. The ``bts`` utility is also
 very helpful to update the state of bug reports on the command line.
 ``uscan`` can be used to watch for new upstream versions of your
-packages. ``suspicious-source`` outputs a list of files which are not
-common source files.
+packages (see https://wiki.debian.org/debian/watch for more info on that).
+``suspicious-source`` outputs a list of files which are not common source
+files.
 
 See the devscripts 1 manual page for a complete list of available
 scripts.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Ich bin so alt, ich hab im Kindergarten noch Aschenbecher getöpfert.
(@joanalistin)


signature.asc
Description: PGP signature

Bug#1029211: debian-policy: Add mention of the new non-free-firmware archive area

2023-02-06 Thread Holger Levsen 
On Thu, Jan 19, 2023 at 11:28:41AM -0600, Gunnar Wolf wrote:
> diff --git a/policy/ch-archive.rst b/policy/ch-archive.rst
> index ab04261..15b9343 100644
> --- a/policy/ch-archive.rst
> +++ b/policy/ch-archive.rst
> @@ -24,11 +24,11 @@ The aims of this are:
>  
>  The *main* archive area forms the *Debian distribution*.
>  
> -Packages in the other archive areas (``contrib``, ``non-free``) are not
> -considered to be part of the Debian distribution, although we support
> -their use and provide infrastructure for them (such as our bug-tracking
> -system and mailing lists). This Debian Policy Manual applies to these
> -packages as well.
> +Packages in the other archive areas (``non-free-firmware``,
> +``contrib``, ``non-free``) are not considered to be part of the Debian
> +distribution, although we support their use and provide infrastructure
> +for them (such as our bug-tracking system and mailing lists). This
> +Debian Policy Manual applies to these packages as well.
>  
>  .. _s-dfsg:
>  
> @@ -130,6 +130,27 @@ In addition, the packages in *main*
>  
>  - must meet all policy requirements presented in this manual.
>  
> +.. _s-non-free-firmware:
> +
> +The non-free-firmware archive area
> +~~
> +
> +The *non-free-firmware* archive area contains packages providing
> +firmware needed to initialize, use or keep updated hardware required
> +by our users, typically necessary for important functions to be
> +available (i.e. wireless network connectivity) or for fixing security
> +defects in hardware (i.e. CPU microcode updates). Packages in this
> +archive may not comply with all of the policy requirements in this
> +manual due to lack of source code availability, restrictions on
> +modification or other limitations.
> +
> +Packages in *non-free-firmware*
> +
> +- must not be so buggy that we refuse to support them, and
> +
> +  - must meet all policy requiremens presented in this manual that it
> +is possible for them to meet.
> +
>  .. _s-contrib:
>  
>  The contrib archive area
> @@ -261,8 +282,8 @@ prohibited" and "distribution restricted".
>  Sections
>  
>  
> -The packages in the archive areas *main*, *contrib* and *non-free* are
> -grouped further into *sections* to simplify handling.
> +The packages in the archive areas *main*, *non-free-firmware*, *contrib*
> +and *non-free* are grouped further into *sections* to simplify handling.
>  
>  The archive area and section for each package should be specified in the
>  package's ``Section`` control record (see
> @@ -272,8 +293,8 @@ the Debian distribution. The ``Section`` field should be 
> of the form:
>  
>  -  *section* if the package is in the *main* archive area,
>  
> --  *area/section* if the package is in the *contrib* or *non-free*
> -   archive areas.
> +-  *area/section* if the package is in the *non-free-firmware*, *contrib*
> +   or *non-free* archive areas.
>  
>  The Debian archive maintainers provide the authoritative list of
>  sections. At present, they are: admin, cli-mono, comm, database, debug,

seconded, with or without the minor fixes by James Addison. thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If you upload your address book to "the cloud", I don't want to be in it.


signature.asc
Description: PGP signature

Bug#1030348: debian-edu-config: In gosa.conf use ldaps://ldap.intern in the LDAP-URI.

2023-02-03 Thread Holger Levsen 
Hi Daniel,

thanks for filing this bug report!

On Fri, Feb 03, 2023 at 12:54:04PM +0100, Daniel Teichmann wrote:
> Package: debian-edu-config

which version of d-e-config is affected, bookworm or bullseye?

> in /etc/gosa/gosa.conf please access tjener's LDAP via LDAPS protocol
> instead of using ldap://localhost:389.
> 
>  adminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no"
> adminPassword="***" />
> 
> In some cases GOsa²'s code tries to issue a StartTLS operation which fails
> due to insufficient confidentiality. This can be observed when exporting the
> LDAP tree as a LDIF via the gosa-plugins-ldapmanager.
> 
> Also Tjener's LDAP should be referenced via its internal DNS name (says Mike
> Gabriel).

can you also maybe provide a patch please?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"I know what you're thinking" used to be an idiom but now it's a business model.


signature.asc
Description: PGP signature

Bug#1030116: d-edu-config: drop support for running against main server from Stretch

2023-01-31 Thread Holger Levsen 
Package: debian-edu-config
Version: 2.12.26
Severity: normal

Dear Maintainer,

debian/debian-edu-config.fetch-ldap-cert has this:

### BEGIN INIT INFO
# Provides:  fetch-ldap-cert
###
### FIXME: Legacy init script for Debian Edu clients.
###
###--- Remove for Debian Edu bookworm+1 ---
###
###Warning: Removing this script will drop support for clients running
###against Debian Edu main servers based on Debian Edu stretch and
###earlier.
###

I think we should drop this once Bullseye has been released, as I feel
uncomfortable removing it now just before the freeze...

Filing a bug to remind us to do this.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It ain't no revolution, just because you can dance to it.


signature.asc
Description: PGP signature

Bug#1030056: qa.debian.org: The most recent lintian version known by UDD is 2.115.3

2023-01-30 Thread Holger Levsen 
On Mon, Jan 30, 2023 at 09:14:53PM +0100, Lucas Nussbaum wrote:
> Any reason in particular you need the latest version?
 
because lintian 2.116.x is much better than 2.115.x ;)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

None of us are safe until all of us are safe. Vaccinate the world.


signature.asc
Description: PGP signature

Bug#1029720: [Pkg-nagios-devel] Bug#1029720: monitoring-plugins-contrib: false positive w bookworm kernel: "running kernel does not match on-disk kernel image'

2023-01-30 Thread Holger Levsen 
Hi Jan,

On Mon, Jan 30, 2023 at 11:34:31AM +0100, Jan Wagner wrote:
> can you try the version from unstable
> (https://packages.debian.org/sid/nagios-plugins-contrib) which I uploaded a
> few days ago?

$ scp ./nagios-plugins-contrib-38.20230124/dsa/checks/dsa-check-running-kernel 
osuosl168-amd64.debian.net:

and then there:

holger@osuosl168-amd64:~ $ bash dsa-check-running-kernel 
WARNING: Running kernel does not match on-disk kernel image: [Linux version 
6.1.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-13) 
12.2.0, GNU ld (GNU Binutils for Debian) 2.39.90.20221231) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07) != Linux version 6.1.0-1-amd64 
(debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-13) 12.2.0, GNU ld (GNU 
Binutils for Debian) 2.39.90.20221231) # SMP PREEMPT_DYNAMIC Debian 6.1.4-1 
(2023-01-07)]
holger@osuosl168-amd64:~ $ md5sum dsa-check-running-kernel 
155205740a07f98f13bf6045b317c505  dsa-check-running-kernel

so, no, doesnt help.

(the md5sum is just there to show you which version I tried, 38.20230124.)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

三人成虎- Three men make a tiger.
In other words, if one guy says "there's a tiger over there" you might not 
believe 
them, if three guys in a row all say this- you think there's a tiger there. A 
lie, 
repeated often enough, will be accepted as truth.


signature.asc
Description: PGP signature

Bug#1029827: debian-edu-artwork needs to be updated for Bookworm's Emerald theme

2023-01-28 Thread Holger Levsen 
package: debian-edu-artwork
version: 2.12.0.2-2
severity: important

Hi,

debian-edu-artwork needs to be updated for Bookworm's Emerald theme,
https://wiki.debian.org/DebianArt/Themes/Emerald


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If it feels like we’re breaking climate records every year, it’s because we are.


signature.asc
Description: PGP signature

Bug#1029772: RM: gosa-plugin-pwreset -- ROM; replaced by src:gosa-plugins-pwreset

2023-01-27 Thread Holger Levsen 
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: debian-...@lists.debian.org

hi,

subject says it all & thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's climate crime, not climate change.


signature.asc
Description: PGP signature

Bug#1029771: RM: gosa-plugin-netgroups -- ROM; replaced by src:gosa-plugins-netgroups

2023-01-27 Thread Holger Levsen 
Package: ftp.debian.org
Severity: normal
x-debbugs-cc: debian-...@lists.debian.org

hi,

subject says it all & thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

During 2021 Bitcoin consumed 134 TWh in total, which is comparable to the
electrical energy consumed by a country like Argentina. It's also twice as
much as 2020. Related CO2 emissions were ~64 Megatons; enough to negate the
entire global net savings from deploying electrical vehicles world wide.


signature.asc
Description: PGP signature

Bug#1029770: RM: gosa-plugin-mailaddress -- ROM; replaced by src:gosa-plugins-mailaddress

2023-01-27 Thread Holger Levsen 
Package: ftp.debian.org
Severity: normal

hi,

subject says it all & thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

the US had open borders before 1924. when people say "my grandparents came here
legally" they mean "they bought a boat ticket and showed up" because visas,
green cards and requirements of passports didn't exist. (@OneRadChee)


signature.asc
Description: PGP signature

Bug#1029720: monitoring-plugins-contrib: false positive w bookworm kernel: "running kernel does not match on-disk kernel image'

2023-01-26 Thread Holger Levsen 
Package: monitoring-plugins-contrib
Version: 37.20211217
Severity: normal
x-debbugs-cc: mat...@debian.org

Dear Maintainer,

on a system running bookworm and the latest amd64 kernel 
/usr/lib/nagios/plugins/check_running_kernel warns me that the running kernel 
doesnt
match the on-disk kernel, while it *is* running the latest kernel.
(line breaks added for better readability.)

holger@osuosl168-amd64:~ $ uname -a
Linux osuosl168-amd64 6.1.0-1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.4-1 
(2023-01-07) x86_64 GNU/Linux

holger@osuosl168-amd64:~ $ /usr/lib/nagios/plugins/check_running_kernel 
WARNING: Running kernel does not match on-disk kernel image: [Linux version 
6.1.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-13) 
12.2.0, GNU ld (GNU Binutils for Debian) 2.39.90.20221231) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07) != Linux version 6.1.0-1-amd64 
(debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-13) 12.2.0, GNU ld (GNU 
Binutils for Debian) 2.39.90.20221231) # SMP PREEMPT_DYNAMIC Debian 6.1.4-1 
(2023-01-07)]

holger@osuosl168-amd64:~ 2s 1 $ dpkg -l linux-image*|grep ^ii
ii  linux-image-6.0.0-6-amd646.0.12-1 amd64Linux 6.0 
for 64-bit PCs (signed)
ii  linux-image-6.1.0-1-amd646.1.4-1  amd64Linux 6.1 
for 64-bit PCs (signed)
ii  linux-image-amd646.1.4-1  amd64Linux for 
64-bit PCs (meta-package)

holger@osuosl168-amd64:~ $ dpkg -l monitoring-plugins-contrib
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---
ii  monitoring-plugins-contrib 37.20211217  amd64Plugins for nagios 
compatible monitoring systems

holger@osuosl168-amd64:~ $ 


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

»Sieh, dass du Mensch bleibst. Mensch sein ist von allem die Hauptsache.
Und das heißt fest und klar und heiter sein, ja heiter, trotz alledem.«
(Rosa Luxemburg)


signature.asc
Description: PGP signature

Bug#1029629: wcwidth: please include changes from 0.2.5+dfsg1-1.1 NMU

2023-01-25 Thread Holger Levsen 
Package: wcwidth
Version: 0.2.5+dfsg1-1.1
Severity: normal

Dear Maintainer,

please include the attached changes from my 0.2.5+dfsg1-1.1 NMU.

Thank you for maintaining wcwidth!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Smart things make us dumb.
diff -Nru wcwidth-0.2.5+dfsg1/debian/changelog 
wcwidth-0.2.5+dfsg1/debian/changelog
--- wcwidth-0.2.5+dfsg1/debian/changelog2022-01-27 10:23:10.0 
+0100
+++ wcwidth-0.2.5+dfsg1/debian/changelog2023-01-10 23:40:10.0 
+0100
@@ -1,3 +1,12 @@
+wcwidth (0.2.5+dfsg1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * Apply patch from Vagrant Cascadian to make the package build reproducible
+by removing a comment from bin/update-tables.py which embedded the build
+path and timestamp. Closes: #1005408
+
+ -- Holger Levsen   Tue, 10 Jan 2023 23:40:10 +0100
+
 wcwidth (0.2.5+dfsg1-1) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
--- 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
  1970-01-01 01:00:00.0 +0100
+++ 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
  2023-01-10 23:30:59.0 +0100
@@ -0,0 +1,27 @@
+From 38064c3f0b5412ca4f58d1dc783361dd1ea71156 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian 
+Date: Sat, 12 Feb 2022 21:54:47 +
+Subject: [PATCH] bin/update-tables.py: Remove comment which embeds the build
+ path and timestamp.
+
+https://reproducible-builds.org/docs/timestamps/
+https://reproducible-builds.org/docs/build-path/
+---
+ bin/update-tables.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/bin/update-tables.py b/bin/update-tables.py
+index 674f41f..5a5ef2b 100644
+--- a/bin/update-tables.py
 b/bin/update-tables.py
+@@ -306,7 +306,6 @@ def do_unicode_versions(versions):
+ fp.write(f"""\"\"\"
+ Exports function list_versions() for unicode version level support.
+ 
+-This code generated by {__file__} on {utc_now}.
+ \"\"\"
+ 
+ 
+-- 
+2.34.1
+
diff -Nru wcwidth-0.2.5+dfsg1/debian/patches/series 
wcwidth-0.2.5+dfsg1/debian/patches/series
--- wcwidth-0.2.5+dfsg1/debian/patches/series   2022-01-27 10:23:10.0 
+0100
+++ wcwidth-0.2.5+dfsg1/debian/patches/series   2023-01-10 23:32:36.0 
+0100
@@ -1,2 +1,3 @@
 use-data-from-unicode-data.patch
 remove-looponfailroots-option-from-tox.ini.patch
+0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch


signature.asc
Description: PGP signature

Bug#1026945: bullseye-pu: package guix/1.2.0-4

2023-01-20 Thread Holger Levsen 
Hi Vagrant,

On Fri, Jan 20, 2023 at 02:27:19PM -0800, Vagrant Cascadian wrote:
> On 2022-12-24, Vagrant Cascadian wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bullseye
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > X-Debbugs-Cc: g...@packages.debian.org vagr...@debian.org
> > Control: affects -1 + src:guix
> 
> Should I have intead filed this with the intended version
> (e.g. guix/1.2.0-4+deb11u1) ? Should I just go ahead and upload, as this
> fixes a FTBFS issue in bullseye?
 
yes & yes, you are encouraged to upload if you are certain the upload
will be accepted.

https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions
 

-> third paragraph there:

If you are confident that the upload will be accepted without changes, please 
feel free to upload at the same time as filing the release.debian.org bug. 
However if you are new to the process, we would recommend getting approval 
before uploading so you get a chance to see if your expectations align with 
ours.


disclaimer: I'm not a stable release manager, but you know that. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Every time you see the word "smart" used to describe a device, replace it with
"surveillance." Surveillance watch. Surveillance streetlights. Surveillance
oven. Surveillance toilet. Surveillance car. Surveillance city. (@mollyali)


signature.asc
Description: PGP signature

Bug#1028592: Info received (Bug#1028592: Acknowledgement (tagcoll2 2.0.14-2 fails to build on sid))

2023-01-19 Thread Holger Levsen 
control: reassign -1 src:tagcoll2,src:libwibble
thanks


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The wrong Amazon is burning.

Bug#1014885: lintian wrongly complains about XS-Go-Import-Path

2023-01-18 Thread Holger Levsen 
Hi,

I can confirm this issue for lintian 2.116.0 against src:piuparts
as it is in git or unstable.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

First they came for the journalists, we don't know what happened after that.


signature.asc
Description: PGP signature

Bug#1015732: [Piuparts-devel] Bug#1015732: piuparts: scripts/pre_install_database-server doesn't work when piuparts is fed a .changes or .deb

2023-01-18 Thread Holger Levsen 
hi, 

Andreas, Nicolas, what do you think about the PoC proposed by Guilhem?

On Tue, Jul 19, 2022 at 11:42:47PM +0200, Guilhem Moulin wrote:
> Package: piuparts
> Version: 1.1.5
> Severity: normal
> File: /etc/piuparts/scripts/pre_install_database-server
> Tags: patch
> 
> Dear Maintainer,
> 
> Piuparts scripts in /etc/piuparts/scripts/* case match over 
> ${PIUPARTS_OBJECTS%%=*}, which
> works on piuparts.d.o (which calls piuparts with `--apt 
> ${PKGNAME}=${VERSION}`) but not on
> salsa ci (since it calls piuparts with 
> `/path/to/${PKGNAME}_${VERSION}_${ARCH}.deb`).  I
> think the script also doesn't work when a .change or when multiple packages 
> are supplied.
> 
> I attach a PoC patch which fixes the problem for me, but I believe other 
> scripts are
> affected as well.  I can submit a file for other scripts too but but I'm 
> unsure the
> proposed the logic is the way to go.
> 
> Thanks for maintaining piuparts!
> -- 
> Guilhem.

> --- a/piuparts/scripts/pre_install_database-server
> +++ b/piuparts/scripts/pre_install_database-server
> @@ -12,204 +12,207 @@ FUSIONFORGE=
>  CLIENT=
>  INSTALL=
>  
> -case ${PIUPARTS_OBJECTS%%=*} in
> - acidbase)   MYSQL=yes ;;
> - auth2db)MYSQL=yes ; CLIENT=yes ;;
> - auth2db-common) MYSQL=yes ; CLIENT=yes ;;
[...]
> -esac
> +for arg in $PIUPARTS_OBJECTS; do
> +arg="${arg##*/}"
> + case "${arg%%[=_]*}" in
> + acidbase)   MYSQL=yes ;;
> + auth2db)MYSQL=yes ; CLIENT=yes 
> ;;
> + auth2db-common) MYSQL=yes ; CLIENT=yes 
> ;;
> + auth2db-frontend)   MYSQL=yes ; CLIENT=yes 
> ;;
[...]
> + esac
> +done

?

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Because things are the way they are, things will not stay the way they are.
(Bertolt Brecht)


signature.asc
Description: PGP signature

Bug#1028592: Acknowledgement (tagcoll2 2.0.14-2 fails to build on sid)

2023-01-15 Thread Holger Levsen 
control retitle -1 tagcoll2 2.0.14-2 fails to build on sid and bookworm
# as shown on 
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/tagcoll2.html
thanks


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

First they came for the journalists, we don't know what happened after that.


signature.asc
Description: PGP signature

Bug#1028660: piuparts needs to learn about non-free-firmware too

2023-01-14 Thread Holger Levsen 
control: clone 1028660 -1
control: reassign -1 src:piuparts
control: retitle -1 piuparts.py, doc and tests need to learn about 
non-free-firmware too
thanks


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Es ist das laute Nein, hinter dem Ausrufezeichen stehen.


signature.asc
Description: PGP signature

Bug#1028660: piuparts.debian.org: piuparts.d.o should test new non-free-firmware sections

2023-01-14 Thread Holger Levsen 
Package: piuparts.debian.org
Severity: normal

Dear Maintainer,

piuparts.d.o should test new non-free-firmware sections for the suites that
got that section added in 2022.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"It' easier to fool people than to convince them they have been fooled."
 (Mark Twain)


signature.asc
Description: PGP signature

Bug#1028615: tracker.debian.org: tracker.d.o should display results of reproducible rebuilds, not just reproducible CI results

2023-01-13 Thread Holger Levsen 
On Fri, Jan 13, 2023 at 06:49:48PM +0100, Holger Levsen wrote:
> But there is a new service, which rebuilds packages and compares the results
> against the binaries we publish at ftp.d.o, which is 
> https://rebuild.notset.fr/debian

 pollo: hmpf, i ment https://rebuild.notset.fr/

thanks, pollo.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The devel is in the details.


signature.asc
Description: PGP signature

Bug#1028615: tracker.debian.org: tracker.d.o should display results of reproducible rebuilds, not just reproducible CI results

2023-01-13 Thread Holger Levsen 
Package: tracker.debian.org
Severity: normal
X-Debbugs-Cc: frederic.pier...@qubes-os.org, 
reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

since some years, tracker.d.o is thankfully showing results from
https://tests.reproducible-builds.org/debian - which was and is awesome!
However, these are just continious integration test results and
not based on the binaries we publish on ftp.debian.org

But there is a new service, which rebuilds packages and compares the results
against the binaries we publish at ftp.d.o, which is 
https://rebuild.notset.fr/debian

The data is available in json format here:

- https://rebuild.notset.fr/debian/results/debian_unstable.json
- https://rebuild.notset.fr/debian/results/debian_bookworm.json
- https://rebuild.notset.fr/debian/results/debian_bullseye.json

It would be great, if tracker.d.o could display both kind of results, CI *and*
rebuild results.


Thank you for maintaining tracker.d.o!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

First they ignore you, then they laugh at you, and then it's too late.
Don't look up!


signature.asc
Description: PGP signature

Bug#1028435: apr-util: please include changes from 1.6.1-5.1 NMU

2023-01-13 Thread Holger Levsen 
control: retitle -1 apr-util: please include changes from 1.6.1-5.2 NMU
thanks

On Tue, Jan 10, 2023 at 10:53:26PM +, Holger Levsen wrote:
> please include the attached changes from my 1.6.1-5.1 NMU.

I had to fixup that NMU, so I'm attaching the new diff against 1.6.1-5.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Dat gifft in Plattdüütschen keen Woort för „Flüchtlinge”. Dat sünd allens Lüüd, 
Mischen, Kinners, Olle, Froons, Mannslüüd, so as Du un Ick.
diff -Nru apr-util-1.6.1/debian/changelog apr-util-1.6.1/debian/changelog
--- apr-util-1.6.1/debian/changelog 2020-08-29 11:51:07.0 +0200
+++ apr-util-1.6.1/debian/changelog 2023-01-12 20:28:37.0 +0100
@@ -1,3 +1,19 @@
+apr-util (1.6.1-5.2) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * debian/rules: Remove the build path from apt-1-config, using exactly the
+patch from Vagrant Cascadian in #1006865.
+
+ -- Holger Levsen   Thu, 12 Jan 2023 20:28:37 +0100
+
+apr-util (1.6.1-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * debian/rules: Remove the build path from apt-1-config, based on a patch by
+Vagrant Cascadian. Closes: #1006865.
+
+ -- Holger Levsen   Thu, 29 Dec 2022 19:37:54 +0100
+
 apr-util (1.6.1-5) unstable; urgency=medium
 
   [ Jelmer Vernooij ]
diff -Nru apr-util-1.6.1/debian/rules apr-util-1.6.1/debian/rules
--- apr-util-1.6.1/debian/rules 2020-08-29 11:24:55.0 +0200
+++ apr-util-1.6.1/debian/rules 2023-01-12 20:24:11.0 +0100
@@ -105,6 +105,8 @@
 override_dh_auto_install:
dh_auto_install --destdir=debian/tmp
perl -p -i -e "s,^dependency_libs=.*,dependency_libs=''," 
debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libaprutil-1.la
+   # Remove the buildpath: https://reproducible-builds.org/docs/build-path/
+   perl -p -i -e "s,$(CURDIR),BUILDPATH," debian/tmp/usr/bin/apu-1-config
 
 override_dh_strip:
dh_strip --dbgsym-migration='libaprutil1-dbg (<= 1.6.1-3)'


signature.asc
Description: PGP signature

Bug#1028592: tagcoll2 2.0.14-2 fails to build on sid

2023-01-13 Thread Holger Levsen 
Package: tagcoll2
Version: 2.0.14-2
Severity: serious
Justification: FTBFS

tagcoll2 migrated to bookworm today but fails to build from source in current 
sid:

I: Building the package
I: Running cd /build/tagcoll2-2.0.14/ && env 
PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us 
-uc  && env PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" 
dpkg-genchanges -S  > ../tagcoll2_2.0.14-2_source.changes
dpkg-buildpackage: info: source package tagcoll2
dpkg-buildpackage: info: source version 2.0.14-2
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Andrey Rahmatullin 
dpkg-buildpackage: info: host architecture amd64
 dpkg-source --before-build .
 fakeroot debian/rules clean
dh clean
dh: warning: Compatibility levels before 10 are deprecated (level 9 in use)
   dh_clean
dh_clean: warning: Compatibility levels before 10 are deprecated (level 9 in 
use)
 dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building tagcoll2 using existing 
./tagcoll2_2.0.14.orig.tar.gz
dpkg-source: info: building tagcoll2 in tagcoll2_2.0.14-2.debian.tar.xz
dpkg-source: info: building tagcoll2 in tagcoll2_2.0.14-2.dsc
 debian/rules build
dh build
dh: warning: Compatibility levels before 10 are deprecated (level 9 in use)
   dh_update_autotools_config
   debian/rules override_dh_auto_configure
make[1]: Entering directory '/build/tagcoll2-2.0.14'
dh_auto_configure -- --disable-shared --with-pic --disable-docs
dh_auto_configure: warning: Compatibility levels before 10 are deprecated 
(level 9 in use)
./configure --build=x86_64-linux-gnu --prefix=/usr 
--includedir=\${prefix}/include --mandir=\${prefix}/share/man 
--infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var 
--disable-option-checking --disable-silent-rules 
--libdir=\${prefix}/lib/x86_64-linux-gnu 
--libexecdir=\${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode 
--disable-dependency-tracking --disable-shared --with-pic --disable-docs
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make sets $(MAKE)... (cached) yes
checking for style of include used by make... GNU
checking for g++... g++
checking whether the C++ compiler works... yes
checking for C++ compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... none
checking for library containing strerror... none required
checking whether we are using the GNU C++ compiler... (cached) yes
checking whether g++ accepts -g... (cached) yes
checking dependency style of g++... (cached) none
checking how to run the C++ preprocessor... g++ -E
checking for gcc... gcc
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... none needed
checking whether yytext is a pointer... no
checking for bison... bison -y
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu 
format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... 
func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib...

Bug#1028435: apr-util: please include changes from 1.6.1-5.1 NMU

2023-01-10 Thread Holger Levsen 
Package: apr-util
Version: 1.6.1-5.1
Severity: normal

Dear Maintainer,

please include the attached changes from my 1.6.1-5.1 NMU.

Thank you for maintaining apr-util!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Smart things make us dumb.
diff -Nru apr-util-1.6.1/debian/changelog apr-util-1.6.1/debian/changelog
--- apr-util-1.6.1/debian/changelog 2020-08-29 11:51:07.0 +0200
+++ apr-util-1.6.1/debian/changelog 2022-12-29 19:37:54.0 +0100
@@ -1,3 +1,11 @@
+apr-util (1.6.1-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * debian/rules: Remove the build path from apt-1-config, based on a patch by
+Vagrant Cascadian. Closes: #1006865.
+
+ -- Holger Levsen   Thu, 29 Dec 2022 19:37:54 +0100
+
 apr-util (1.6.1-5) unstable; urgency=medium
 
   [ Jelmer Vernooij ]
diff -Nru apr-util-1.6.1/debian/rules apr-util-1.6.1/debian/rules
--- apr-util-1.6.1/debian/rules 2020-08-29 11:24:55.0 +0200
+++ apr-util-1.6.1/debian/rules 2022-12-29 19:29:07.0 +0100
@@ -105,6 +105,8 @@
 override_dh_auto_install:
dh_auto_install --destdir=debian/tmp
perl -p -i -e "s,^dependency_libs=.*,dependency_libs=''," 
debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libaprutil-1.la
+   # Remove the buildpath: https://reproducible-builds.org/docs/build-path/
+   perl -p -i -e "s,$(CURDIR),$(shell basename $(CURDIR))," 
debian/tmp/usr/bin/apu-1-config
 
 override_dh_strip:
dh_strip --dbgsym-migration='libaprutil1-dbg (<= 1.6.1-3)'


signature.asc
Description: PGP signature

Bug#1005408: wcwidth 0.2.5+dfsg1-1.1 uploaded to DELAYED/10 fixing #1005408

2023-01-10 Thread Holger Levsen 
hi,

I've uploaded wcwidth 0.2.5+dfsg1-1.1 to DELAYED/10 fixing
#1005408: wcwidth: reproducible-builds: build path and timestamp embedded in 
unicode_versions.py - https://bugs.debian.org/1005408

The debdiff is attached.

I'm happy to cancel the upload or remove the delay.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

figures don't lie, but liars figure.
diff -Nru wcwidth-0.2.5+dfsg1/debian/changelog 
wcwidth-0.2.5+dfsg1/debian/changelog
--- wcwidth-0.2.5+dfsg1/debian/changelog2022-01-27 10:23:10.0 
+0100
+++ wcwidth-0.2.5+dfsg1/debian/changelog2023-01-10 23:40:10.0 
+0100
@@ -1,3 +1,12 @@
+wcwidth (0.2.5+dfsg1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * Apply patch from Vagrant Cascadian to make the package build reproducible
+by removing a comment from bin/update-tables.py which embedded the build
+path and timestamp. Closes: #1005408
+
+ -- Holger Levsen   Tue, 10 Jan 2023 23:40:10 +0100
+
 wcwidth (0.2.5+dfsg1-1) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
--- 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
  1970-01-01 01:00:00.0 +0100
+++ 
wcwidth-0.2.5+dfsg1/debian/patches/0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch
  2023-01-10 23:30:59.0 +0100
@@ -0,0 +1,27 @@
+From 38064c3f0b5412ca4f58d1dc783361dd1ea71156 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian 
+Date: Sat, 12 Feb 2022 21:54:47 +
+Subject: [PATCH] bin/update-tables.py: Remove comment which embeds the build
+ path and timestamp.
+
+https://reproducible-builds.org/docs/timestamps/
+https://reproducible-builds.org/docs/build-path/
+---
+ bin/update-tables.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/bin/update-tables.py b/bin/update-tables.py
+index 674f41f..5a5ef2b 100644
+--- a/bin/update-tables.py
 b/bin/update-tables.py
+@@ -306,7 +306,6 @@ def do_unicode_versions(versions):
+ fp.write(f"""\"\"\"
+ Exports function list_versions() for unicode version level support.
+ 
+-This code generated by {__file__} on {utc_now}.
+ \"\"\"
+ 
+ 
+-- 
+2.34.1
+
diff -Nru wcwidth-0.2.5+dfsg1/debian/patches/series 
wcwidth-0.2.5+dfsg1/debian/patches/series
--- wcwidth-0.2.5+dfsg1/debian/patches/series   2022-01-27 10:23:10.0 
+0100
+++ wcwidth-0.2.5+dfsg1/debian/patches/series   2023-01-10 23:32:36.0 
+0100
@@ -1,2 +1,3 @@
 use-data-from-unicode-data.patch
 remove-looponfailroots-option-from-tox.ini.patch
+0003-bin-update-tables.py-Remove-comment-which-embeds-the.patch


signature.asc
Description: PGP signature

Bug#1028023: marked as done (librepo FTBFS on MIPS)

2023-01-09 Thread Holger Levsen 
On Mon, Jan 09, 2023 at 08:17:14PM +0200, Adrian Bunk wrote:
> I "improved" it by also breaking the build on all other architectures...
> :-(
> The things that happen when trying to fix a problem you cannot reproduce.

only those who do, do mistakes :)
 
> Patch with the missing import added is attached.

thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not climate change nor climate crisis, it's climate disaster.


signature.asc
Description: PGP signature

Bug#1028023: marked as done (librepo FTBFS on MIPS)

2023-01-09 Thread Holger Levsen 
control: reopen -1
thanks

librepo 1.14.5-2 still fails to build as 1.14.5-1 did, see
https://buildd.debian.org/status/package.php?p=librepo


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If we'd ban all cars from cities tomorrow, next week we will wonder why we
waited for so long.


signature.asc
Description: PGP signature

Bug#1027866: reportbug should not cc: debian-boot@ on section (only) override requests against ftp.debian.org

2023-01-08 Thread Holger Levsen 
On Sat, Jan 07, 2023 at 09:30:15PM +0100, Nis Martensen wrote:
> There was another bug where reportbug often did not find the information
> on package section and priority. Due to this, reportbug then detected a
> priority change when that was not actually intended.
> 
> This was fixed in October 2021 in reportbug 11.1.0
> in commit 2ea0c93fedf2b719e4d63d1eb743028be041ff81.

I see, thanks.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

I’ve said it once, and I’ll say it a thousand times: If the penalty for
breaking a law is a fine, then that law only exists for the poor.


signature.asc
Description: PGP signature

Bug#1027866: reportbug should not cc: debian-boot@ on section (only) override requests against ftp.debian.org

2023-01-07 Thread Holger Levsen 
hi Nis,

On Fri, Jan 06, 2023 at 11:04:03PM +0100, Nis Martensen wrote:
> Version: 7.9.0
[...]
> This was fixed in November 2020 in commit
> a951d0129f4f4e6649aa455c992722c00e87715a

then why did I experience this bug in 7.10.3+deb11u1 when you claim
it has been fixed in 7.9.0?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

There are no jobs on a dead planet.


signature.asc
Description: PGP signature

Bug#1027866: reportbug should not cc: debian-boot@ on section (only) override requests against ftp.debian.org

2023-01-04 Thread Holger Levsen 
Package: reportbug
Version: 7.10.3+deb11u1
Severity: normal

Dear Maintainer,

so I filed a bug against ftp.debian.org to change the section of the vrms binary
package and wondered about the x-debbugs-cc: debian-boot@ being set, so I asked
on #debian-ftp :

< h01ger> .oO( why oh why does reportbug add a x-debbugs-cc: debian-boot@ here? 
)
< ansgar> | h01ger: The Cc: d-boot@ is for priority changes as d-boot@ is 
interested in those. I don't think it should Cc them if only the 
section changes.
< h01ger> ansgar: ah, ic. so i dropped that cc: rightfully when submitting 
#1027818
< zwiebelbot> (#debian-ftp) Debian#1027818: override: vrms:oldlibs/optional - 
< pabs>  h01ger: could you reportbug reportbug about the 
 no-cc-debian-boot-on-section-changes thing?
< pabs> and maybe xcc debian-boot on that bug :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

These heat waves aren’t tragedies, they’re crimes. The fossil fuel industry
knew decades ago that this is what their pollution was causing, so they
spent billions to lie to the public and block climate action.


signature.asc
Description: PGP signature

Bug#1027818: override: vrms:oldlibs/optional

2023-01-03 Thread Holger Levsen 
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: override
X-Debbugs-Cc: 1027...@bugs.debian.org

Hi,

I've turned vrms into a binary-transitional package for/from check-dfsg-status. 
d/control says its should be in the oldlibs sections but today #1027792 was 
filed 
and now that i checked i can also the vrms binary package still in the admin
section.

Debian#1027792: vrms: not a transitional package - 
https://bugs.debian.org/1027792

tl;dr: please move the vrms binary package to the oldlibs section.

thanks for maintaining ftp.debian.org!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

These heat waves aren’t tragedies, they’re crimes. The fossil fuel industry
knew decades ago that this is what their pollution was causing, so they
spent billions to lie to the public and block climate action.


signature.asc
Description: PGP signature

Bug#979019: fixed upstream

2022-12-29 Thread Holger Levsen 
hi,

the fix for https://sourceforge.net/p/lirc/git/merge-requests/36/ has been
merged upstream.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

People call vaccine mandates "Orwellian" even though Orwell died at 46 of
tuberculosis, which is now preventable with a vaccine.


signature.asc
Description: PGP signature

Bug#1026287: check-dfsg-status: use systemd .timer unit instead of /etc/cron.monthly

2022-12-17 Thread Holger Levsen 
Package: check-dfsg-status
Version: 1.32
Severity: normal

hi,

W: check-dfsg-status: missing-systemd-timer-for-cron-script 
[etc/cron.monthly/check-dfsg-status]
N: 
N:   This package ships the specified cron script but does not ship a 
equivalent systemd .timer unit.
N:   
N:   The "desktop" and "laptop" tasks no longer pull in anacron(8), the usual 
solution for desktop installations that are not running all the time.
N:   
N:   Please consider shipping an equivalent .timer file for this script.
N: 
N:   Please refer to the systemd.timer(5) manual page, the anacron(8) manual 
page, and Bug#1007257 for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: systemd

let to the following conversation on #debian-devel:

 is there some tool to use systemd.timer files with cron (for systems 
without systemd)
 i'm asking because https://paste.debian.net/1264393/
<  zeha> | h01ger: your idea being 'lets ship a .timer unit instead of the 
current cron job, and wrap that for non-systemd systems'?
 | h01ger: I think there is only "run the ExecStart= commands via 
cron, guarded by a `if` condition"
 would still be useful if that was in a package
 or ship both and ignore the cron file when running systemd
 or stop supporting sysv
 -d /run/systemd && exit 0 seems to be the common solution i've seen so 
far
 i'm mostly genuinly wondering what "we want" or do.
 that seems like a loaded question :-(
 not having all that compat glue seems like it would be a lot nicer/easier
 maybe the lintian msg needs adjusting too
 having a separate .timer unit instead of being about to throw stuff into 
a cron.monthly directly seems like a regression
 perhaps a monthly.timer would make sense?
 it could still be separate .service entries for each thingy
 Myon: how would that work? and what would it solve?
 i don't see the difference of writing one or two files files
 you could use monthly@bla.service, just to avoid providing that one 
file but have the automation that enables the timer unit now fail
 might be nicer to see all 'monthly' jobs in one go
 moi  U
 so you want to have cron.monthly, which ties everything into one blob, 
looses error reporting and all?
 does not look useful
 the .service units still have their own error reporting?
 hmm, monthly.timer -> monthly.target and bla.service 
WantedBy=monthly.target
 might work
 or not.
 something like that, yeah
 sounds fragile. as one failure to stop will make sure nothing will run 
ever again
 based on the discussion, i think i'd go with just the timer file. and 
if^wwhen someone complains they/we can figure something out.
 though maybe for trixie. still got a bit time to decide that.
 zeha: ansgar: Myon: waldi: may i put this conversation in a bug 
report? (if wanted i could also replace $nick with $anon-alias123 but i'd 
rather not do that. however if you prefer..)
 sure
< waldi> | h01ger: i'm also going to ask them to work on a generic unit to 
init.d converter. we are so good into individualizing costs
 | h01ger: Dine with me.
<  zeha> | h01ger: go ahead
<  Myon> | h01ger: go ahead
 zeha: ansgar: Myon: waldi: thank you! :)


tl;dr:

 based on the discussion, i think i'd go with just the timer file. and 
if^wwhen someone complains they/we can figure something out.
 though maybe for trixie. still got a bit time to decide that.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Make earth cool again.


signature.asc
Description: PGP signature

Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm

2022-12-17 Thread Holger Levsen 
Hi Paul,

On Sat, Dec 17, 2022 at 04:42:43PM +0100, Paul Gevers wrote:
> Well, the key package set is something else than the set we consider for the
> first freeze. 

doh (obviously), sorry for the noise.

> The key package set is a set based on source, so indeed it
> doesn't differ per suite.

right.

> > So now I wonder: how to get this from UDD?
> I think you had the right query.

thanks for confirming! :) and the whole reply despite my error.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

June 2021 was the hottest on record for the Northern Hemisphere. In fact, 2019,
2020 and 2021 are the three hottest Junes on record for the Northern Hemisphere.
(@ScottDuncanWX)


signature.asc
Description: PGP signature

Bug#1021053: check-dfsg-status: doubled report

2022-12-17 Thread Holger Levsen 
Hi Adam,

sorry for the late reply and thanks for the bug report in the first place!

On Sat, Oct 01, 2022 at 10:54:20AM +0200, Adam Borowski wrote:
> When you renamed the package from vrms to check-dfsg-status, you forgot to
> migrate the cron job.  As a result, its now sends it monthly reports twice.
> 
> /etc/cron.monthly/vrms
> /etc/cron.monthly/check-dfsg-status
 
on don't see this here on a fresh install (of both packages from current sid),
so am I correct to assume this happened on upgrade from non-transitional package
vrms?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Stop saying that we are all in the same boat.
We’re all in the same storm. But we’re not all in the same boat.


signature.asc
Description: PGP signature

Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm

2022-12-17 Thread Holger Levsen 
On Sat, Dec 17, 2022 at 08:42:18AM +0100, Paul Gevers wrote:
> I just refreshed the list, it's still there. I used a script on udd,
> essentially this:
[...]
> query = "SELECT DISTINCT package FROM packages WHERE release = 'bookworm'
> and essential = 'yes'"
[...]

this made me check what we're using to calculate the set for
https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_key_packages.html
and it turned out to be this:

# key packages (same for all suites)
SQL_QUERY="SELECT source FROM key_packages;"
psql "postgresql://udd-mirror:udd-mir...@udd-mirror.debian.net/udd" -t -c 
"${SQL_QUERY}" > $TMPFILE

which based on this thread seems to be wrong, as the key packages differ
per suite.

So now I wonder: how to get this from UDD?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Be careful when you follow the masses. Sometimes the "m" is silent.


signature.asc
Description: PGP signature

Bug#1024500: libdnf: Loses gpgme integration when rebuilt against gpgme 1.18.0-2

2022-12-12 Thread Holger Levsen 
hi Andreas,

On Sat, Dec 10, 2022 at 01:55:33PM +0100, Andreas Metzler wrote:
> Control: tags -1 patch

thanks for the bug report and patch. An upload is being prepared and should
land in unstable soon.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

A ship is always safe at shore, but that is not what it's built for.
(Albert Einstein)


signature.asc
Description: PGP signature

Bug#1025460: ITP: mock -- Build rpm packages inside a chroot

2022-12-05 Thread Holger Levsen 
Hi Tzafrir,

On Mon, Dec 05, 2022 at 10:35:11AM +0200, Tzafrir Cohen wrote:
> * Package name: mock
>   Version : 3.5
>   Upstream Author : Pavel Raiskup 
> * URL : https://github.com/rpm-software-management/mock
> * License : GPL-2+
>   Programming Lang: Python
>   Description : Build rpm packages inside a chroot
> 
>  Mock creates chroots and builds rpms in them. Its only task is to
>  reliably populate a chroot and attempt to build a package in that
>  chroot. It is used be the Fedora Extras project to build their
>  packages cleanly.
> 
> Mock was previously included in Debian and was removed due to python2
> removal. It was repackaged by Juri Grabowski and should probably be
> maintained by the pkg-rpm-team.
> 
> See current packaging in https://salsa.debian.org/gratuxri/mock

I'm glad to see this ITP and am adding Frédéric Pierret into the loop.
Frédéric is already (co)maintaining dnf and related libs and told me he
wanted to work on getting mock back into Debian too.

(I'm sponsoring his uploads currently.)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not climate change nor climate crisis, it's climate disaster.


signature.asc
Description: PGP signature

Bug#1024650: gmp: please include changes from 6.2.1+dfsg1-1.1 NMU

2022-11-22 Thread Holger Levsen 
Package: gmp
Version: 6.2.1+dfsg1-1.1
Severity: normal

Dear Maintainer,

please include the attached changes from my 6.2.1+dfsg1-1 NMU.

Thank you for maintaining gmp!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Be careful when you follow the masses. Sometimes the "m" is silent.
diff -Nru gmp-6.2.1+dfsg1/debian/changelog gmp-6.2.1+dfsg1/debian/changelog
--- gmp-6.2.1+dfsg1/debian/changelog	2022-06-12 22:56:17.0 +0200
+++ gmp-6.2.1+dfsg1/debian/changelog	2022-09-22 20:43:57.0 +0200
@@ -1,3 +1,13 @@
+gmp (2:6.2.1+dfsg1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * debian/rules changes by Vagrant Cascadian:
+- pass ASMFLAGS with debug-prefix-map to configure.
+- replace embedded build path in gmp.h with a placeholder string.
+Closes: #1009931
+
+ -- Holger Levsen   Thu, 22 Sep 2022 20:43:57 +0200
+
 gmp (2:6.2.1+dfsg1-1) unstable; urgency=medium
 
   [ Bastian Germann ]
diff -Nru gmp-6.2.1+dfsg1/debian/rules gmp-6.2.1+dfsg1/debian/rules
--- gmp-6.2.1+dfsg1/debian/rules	2022-06-12 22:55:58.0 +0200
+++ gmp-6.2.1+dfsg1/debian/rules	2022-09-22 20:31:51.0 +0200
@@ -72,7 +72,7 @@
 	mkdir -p build
 	cd build && ../configure $(confflags_ma) \
 	AR=$(AR) CC="$(CC)" CFLAGS="$(CFLAGS)" \
-	CXX="$(CXX)" CXXFLAGS="$(CXXFLAGS)"
+	CXX="$(CXX)" CXXFLAGS="$(CXXFLAGS)" ASMFLAGS="--debug-prefix-map=$(CURDIR)=."
 	touch $@
 
 build: build-stamp
@@ -100,6 +100,9 @@
 	# so override it at install.
 	$(MAKE) DESTDIR=`pwd`/debian/tmp includeexecdir=/usr/include/$(DEB_HOST_MULTIARCH) -C build install
 
+	# Replace embedded build path with a placeholder string
+	sed -i -e "s,$(CURDIR),BUILDPATH,g" debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/gmp.h
+
 	dh_install -plibgmp10 usr/lib/*/libgmp.so.*
 	dh_install -plibgmpxx4ldbl usr/lib/*/libgmpxx.so.*
 


signature.asc
Description: PGP signature

Bug#1024649: libtheora: please include changes from 1.1.1+dfsg.1-16.1 NMU

2022-11-22 Thread Holger Levsen 
Package: libtheora
Version: 1.1.1+dfsg.1-16.1
Severity: normal

Dear Maintainer,

please include the attached changes from my 1.1.1+dfsg.1-16.1 NMU.

Thank you for maintaining libtheora!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Be careful when you follow the masses. Sometimes the "m" is silent.
diff -Nru libtheora-1.1.1+dfsg.1/debian/changelog libtheora-1.1.1+dfsg.1/debian/changelog
--- libtheora-1.1.1+dfsg.1/debian/changelog	2022-06-01 15:41:32.0 +0200
+++ libtheora-1.1.1+dfsg.1/debian/changelog	2022-10-06 19:18:29.0 +0200
@@ -1,3 +1,14 @@
+libtheora (1.1.1+dfsg.1-16.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * debian/libtheora-doc.examples: do not install example Makefile as it leaks
+the build path. Closes: #990843 - thanks to Vagrant Cascadian for the
+patch.
+  * debian/rules: ensure texlive respects SOURCE_DATE_EPOCH, thanks again to
+Vagrant for the patch. Closes: #990844
+
+ -- Holger Levsen   Thu, 06 Oct 2022 19:18:29 +0200
+
 libtheora (1.1.1+dfsg.1-16) unstable; urgency=medium
 
   * Team upload.
diff -Nru libtheora-1.1.1+dfsg.1/debian/libtheora-doc.examples libtheora-1.1.1+dfsg.1/debian/libtheora-doc.examples
--- libtheora-1.1.1+dfsg.1/debian/libtheora-doc.examples	2022-06-01 15:28:52.0 +0200
+++ libtheora-1.1.1+dfsg.1/debian/libtheora-doc.examples	2022-10-06 18:33:01.0 +0200
@@ -1,4 +1,3 @@
 examples/*.am
 examples/*.c
 examples/*.h
-examples/Makefile
diff -Nru libtheora-1.1.1+dfsg.1/debian/rules libtheora-1.1.1+dfsg.1/debian/rules
--- libtheora-1.1.1+dfsg.1/debian/rules	2022-06-01 15:26:36.0 +0200
+++ libtheora-1.1.1+dfsg.1/debian/rules	2022-10-06 18:32:42.0 +0200
@@ -4,6 +4,9 @@
 export CONFIG_SHELL
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+# Ensure texlive respects SOURCE_DATE_EPOCH
+export FORCE_SOURCE_DATE=1
+
 %:
 	dh $@
 


signature.asc
Description: PGP signature

Bug#1015784: source-only upload requirement not documented

2022-11-14 Thread Holger Levsen 
hi Simon,

On Sun, Nov 13, 2022 at 03:49:13PM +, Simon McVittie wrote:
> I've had the attached sitting in my outbox for a while and I think it's at
> least a good start towards what Marc requests?

yes, thanks a lot!

> I have deliberately not documented the precise meaning of needing to
> include binary packages for NEW, on the basis that the conservative thing
> to do is to include a complete set (debuild --full). My understanding is
> that *technically*, the upload does not need to include *every* binary
> package, but that the ftp team would prefer uploads to NEW to include
> everything from debuild --full, except in rare special cases such as
> the kernel, whose maintainers already know what all the tradeoffs are.

this could also change very easily, there's already an option in dak
which allows throwing away binaries after the package passed NEW.
(=this would mean one needs to upload a binary build to NEW still, 
however the binaries would be thrown away when the packages moves
to unstable, thus automatically triggering a build on the buildds,
allowing testing migration later.)
this option has not been enabled yet however.

> Similarly, I have deliberately been a bit vague about whether uploads
> that will add a package to a suite other than unstable/experimental
> need binaries, because I don't know whether they do or
> not. unstable/experimental NEW definitely needs binaries, I *think*
> backports-NEW also needs binaries but I'm not sure,

I think so too.

> but I think new
> additions to -security can/should be source-only?

no idea :)

> I have also not attempted to improve §5.10 "Porting and being ported",
> which seems to have been written from a circa 1998 perspective where all
> maintainers uploaded source+i386, binaries for other architectures were
> often hand-built by porting teams, and the ability for a package to be
> autobuilt successfully was somewhere between "optional but recommended"
> and "newly required". It could probably benefit from restructuring or a
> rewrite, but I don't think I'm the right writer for that.

*nods*

> > I THINK that arch any packages get an automatic binNMU to avoid that.
> My understanding is that the release team often schedule a binNMU to
> be helpful, but it is not automatic. 

yes, it's scripted but needs to be triggered manually. also this doesnt
work for arch:all packages.

> We can give simpler advice if we
> ignore these binNMUs, which seems better to me anyway - maintainers of
> source packages with at least one "Architecture: all" binary package
> have to do a sourceful upload regardless, and I'd prefer to encourage
> maintainers to be responsible for their packages' migration to testing
> rather than centralising that responsibility into the release team.

same here.

thanks again, will merge and upload now! :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Punk ist nicht tot.
Punk trägt Maske, ist solidarisch und schützt sich und andere.
(@Kreuzpirat)


signature.asc
Description: PGP signature

Bug#1023282: wnpp/debrebuild-fepitre: reassign to devscripts

2022-11-03 Thread Holger Levsen 
control: reassign -1 descripts
thanks

Hi,

as discussed during the r-b summit in Venice this should rather be included
in src:devscripts, reassigning accordingly.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Never waste a crisis.


signature.asc
Description: PGP signature

Bug#1023282: RFP: debrebuild-fepitre -- yet another package rebuilder tool

2022-11-01 Thread Holger Levsen 
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: frederic.pier...@qubes-os.org

* Package name: debrebuild-fepitre
  Upstream Author : Frédéric Pierret 
* URL : https://github.com/fepitre/debrebuild
* License : unclear ;) (author has been notified)
  Programming Lang: Python3
  Description : yet another package rebuilder tool

Given a buildinfo file from a Debian package, generate instructions for
attempting to reproduce the binary packages built from the associated
source and build information.

This package is currently used to create 
https://beta.tests.reproducible-builds.org/
and should be used for creating many more Debian rebuilder instances in future 
to
verify the reproducibility of packages distributed by Debian via ftp.debian.org


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The moon landing 50 years ago was paid by taxes, while Bezos space trip was
paid by not paying taxes.


signature.asc
Description: PGP signature

Bug#1023281: RFP: package-rebuilder -- package-rebuilder: orchestration tool for rebuilding packages

2022-11-01 Thread Holger Levsen 
Package: wnpp
Severity: wishlist
X-Debbugs-Cc: frederic.pier...@qubes-os.org

* Package name: package-rebuilder
  Upstream Author : Frédéric Pierret 
* URL : https://github.com/fepitre/package-rebuilder
* License : unclear ;) (author has been notified)
  Programming Lang: Python3
  Description : package-rebuilder: orchestration tool for rebuilding 
packages

Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in
order to generate `in-toto` metadata which can be used with
`apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible 
status. 

This package is currently used to create 
https://beta.tests.reproducible-builds.org/
and should be used for creating many more Debian rebuilder instances in future 
to
verify the reproducibility of packages distributed by Debian via ftp.debian.org


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

During 2021 Bitcoin consumed 134 TWh in total, which is comparable to the
electrical energy consumed by a country like Argentina. It's also twice as
much as 2020. Related CO2 emissions were ~64 Megatons; enough to negate the
entire global net savings from deploying electrical vehicles world wide.


signature.asc
Description: PGP signature

Bug#1023100: ITP: cancelreader -- A cancelable reader for Go

2022-11-01 Thread Holger Levsen 
On Tue, Nov 01, 2022 at 05:30:16PM +0100, Martin Dosch wrote:
> It is: 
> https://salsa.debian.org/go-team/packages/golang-github-muesli-cancelreader/-/blob/debian/sid/debian/control#L28
> :)

coolio!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

we'll all die. make a difference while you can. disobey. smile.


signature.asc
Description: PGP signature

Bug#1023100: ITP: cancelreader -- A cancelable reader for Go

2022-11-01 Thread Holger Levsen 
On Tue, Nov 01, 2022 at 03:10:37PM +, Martin Dosch wrote:
> https://github.com/muesli/cancelreader#usage says 'the cancel function can be 
> used to interrupt a blocking Read call'.

thanks! I think something like this should be included in the (long and/or
short) description...


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Money is worth nothing on a dead planet.


signature.asc
Description: PGP signature

Bug#1023100: ITP: cancelreader -- A cancelable reader for Go

2022-10-31 Thread Holger Levsen 
On Sun, Oct 30, 2022 at 09:23:52AM +0100, Martin Dosch wrote:
>   Description : A cancelable reader for Go
> 
>  CancelReader
>  .
>  Latest Release (https://github.com/muesli/cancelreader/releases) Go Doc
>  (https://pkg.go.dev/github.com/muesli/cancelreader) Software License
>  (/LICENSE) Build Status (https://github.com/muesli/cancelreader/actions)
>  Go ReportCard (https://goreportcard.com/report/muesli/cancelreader)
>  .
>  A cancelable reader for Go
>  .
>  This package is based on the fantastic work of Erik Geiser
>  (https://github.com/erikgeiser) in Charm's Bubble Tea
>  (https://github.com/charmbracelet/bubbletea) framework.
> 
>  This is a build-depend for newer versions of
> golang-github-charmbracelet-bubbletea.

what's a cancelable reader?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The vision of self driving cars is nothing compared to the vision of no cars at 
all.


signature.asc
Description: PGP signature

Bug#1021402: reproducible: Please force merged-/usr for build2

2022-10-12 Thread Holger Levsen 
On Wed, Oct 12, 2022 at 12:05:18PM +0100, Luca Boccassi wrote:
> As per CTTE decision, buildds are still unmerged and will stay
> unmerged till at least after Bookworm as shipped.

ah right, thanks.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Where will your kids go when they become climate refugees?


signature.asc
Description: PGP signature

Bug#1021402: reproducible: Please force merged-/usr for build2

2022-10-12 Thread Holger Levsen 
hi,

On Mon, Oct 10, 2022 at 08:38:42PM +0100, Simon McVittie wrote:
> With TC-member hat on: for at least bookworm, sid and experimental,
> yes we would like reproducible-builds to test the non-merged-/usr
> configuration (which will become unsupported) in one build, and the
> merged-/usr configuration (which will become mandatory) in the other.
> This is so that if a package is misbuilt in a merged-/usr chroot (or in
> theory if it's misbuilt in a non-merged-/usr chroot), it will show up
> as a non-reproducibility.
[...]

thanks for this verbose explaination. I'm still not fully convinced
as (AIUI) by now everthing that ends up in bookworm will be build on
Debian autobuilders, which (again, AIUI) all have usrmerged layout.

But fine, it doesn't really cost us anything/much to continue to test this
variation, so let's keep doing this.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The past is over.


signature.asc
Description: PGP signature

Bug#1021402: reproducible: Please force merged-/usr for build2

2022-10-10 Thread Holger Levsen 
On Mon, Oct 10, 2022 at 12:45:24PM +0100, Luca Boccassi wrote:
> Given we want one build as merged and one as unmerged, [...]

do we really want that? I understand this is supposed to be(come)
an unsupported configuration?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Der Mensch is' gut, aber die Leut' san a G'sindel!


signature.asc
Description: PGP signature

Bug#1021402: reproducible: Please force merged-/usr for build2

2022-10-10 Thread Holger Levsen 
hi,

thanks for the bug report and the patch, but wouldn't it be better
to simple create the testing and unstable pbuilder base.tgzs *with*
usrmerge and that's it?

which means adopting bin/reproducible_setup_pbuilder.sh as needed
too. (and bin/reproducible_common.sh too, because that's where we
document the variations we're doing.)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If you turn on the AC because it's too hot, you are making it worse.


signature.asc
Description: PGP signature

Bug#1010957: status update? Re: Bug#1010957: man-db: unreproducible index.db: contents depend on directory read order

2022-10-03 Thread Holger Levsen 
On Sun, Oct 02, 2022 at 04:00:58PM +0100, Colin Watson wrote:
> Control: tag -1 fixed-upstream
> Success!
>   https://gitlab.com/cjwatson/man-db/-/compare/5d2594d0a0...866c3571d3

awesome!

On Sun, Oct 02, 2022 at 05:56:19PM +0100, Colin Watson wrote:
> I thought I'd set SOURCE_DATE_EPOCH, but I'd failed to pass it through
> sudo.  After fixing that, I indeed get cmp-identical tarballs.

very nice! much cheers!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Plastic bottles: made to last forever, designed to throw away.


signature.asc
Description: PGP signature

Bug#1020783: init-system-helpers 1.65.2 broke cdebootstrap

2022-09-26 Thread Holger Levsen 
Package: init-system-helpers, cdebootstrap
Version: 1.65.2
Severity: important
Justification: completely breaks cdebootstrap

Dear Maintainers,

I've set up some daily jobs to test bootstrapping Debian bullseye, bookworm
and unstable using cdebootstrap (and debootstrap and mmdebstrap).

This worked nicely in early September. Then I noticed this failed for
cdebootstrap/unstable on September 18th, as you can see in the "Build history"
on the left side on 
https://jenkins.debian.net/job/reproducible_cdebootstrap_unstable/
and then it failed for cdebootstrap/bookworm on September 23rd as seen on
https://jenkins.debian.net/job/reproducible_cdebootstrap_bookworm/

(Those dates match the init-system-helpers 1.65.2 upload date as well as it's
testing migration date.)

For cdebootstrap/bullseye and debootstrap/* and mmdebstrap/* this continued and
continues to work.

Sadly I've only enabled verbose bootstrapping today, but at least I did that now
so you can look at 
https://jenkins.debian.net/job/reproducible_cdebootstrap_unstable/40/consoleFull
and maybe actually understand the problem:

(https://jenkins.debian.net/job/reproducible_cdebootstrap_bullseye/30/console
is a verbose build too.)

So I *guess* this is the place it breaks:

/var/lib/dpkg/info/dpkg.postinst: 115: deb-systemd-helper: not found
/var/lib/dpkg/info/dpkg.postinst: 118: deb-systemd-helper: not found
/var/lib/dpkg/info/dpkg.postinst: 125: deb-systemd-helper: not found
P: Configuring package dpkg


Thanks for your work on init-system-helpers and cdebootstrap!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not about saving the climate or the planet, it's about saving us, the
children and grandchildren. The planet will survive anyway.


signature.asc
Description: PGP signature

Bug#1017372: #1017372 plymouth: reproducible builds: year and week embedded in .pc files

2022-09-26 Thread Holger Levsen 
Hi Laurent, 

many thanks for uploading fix plymouth! 
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/plymouth.html
looks good now!

On Sun, Sep 25, 2022 at 10:04:40AM +0200, Laurent Bigonville wrote:
> Thanks for the patch.

Actually it was Vagrant's patch, I've just repeated it to make things easier and
more obvious.
 
> I've modified the command line to 'dpkg-parsechangelog --show-field Version
> | sed -e 's/-[^-]*$//' |  sed -e 's/^[0-9]*://'' to drop the epoch and
> debian revision from the version, and only keep the upstream one. (inspired
> from /usr/share/dpkg/pkg-info.mk)

cool!

> I also opened a bug upstream:
> https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/188

very cool!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The way we build software is at an inflection point. Development itself is 
moving to the cloud. AI is revolutionizing the way we code. Software security 
is global security. Open source permeates nearly every product – digital or 
physical. 
https://github.blog/2021-11-03-thank-you-github/ - Nat Friedman


signature.asc
Description: PGP signature

Bug#1010957: status update? Re: Bug#1010957: man-db: unreproducible index.db: contents depend on directory read order

2022-09-26 Thread Holger Levsen 
Hi Colin,

On Sun, Sep 25, 2022 at 11:18:19PM +0100, Colin Watson wrote:
> This weekend's work has been:
>   https://gitlab.com/cjwatson/man-db/-/compare/bb0f7086ba...5d2594d0a0

wow, impressive!

(and thank you for taking care of man-db for so many years now! :)

[...]
> I'll need a bit more concentrated hacking time here, but I'll continue
> to work on these; this has been a great opportunity to clean up some
> truly unpleasant bits of code.  Once I have the accessdb diff down to
> zero, we'll see whether there's any further instability in the on-disk
> GDBM representation, and also whether there are any other issues that
> don't show up in the set of pages I have installed.

sounds great! also thank you for keeping us updated here, i'm looking
forward to hear more good news eventually! :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

I'm looking forward to Corona being a beer again and Donald a duck.


signature.asc
Description: PGP signature

Bug#968226: Move documentation of Build-Depends alternative selection out of footnote

2022-09-26 Thread Holger Levsen 
On Mon, Sep 26, 2022 at 10:15:07AM +0200, Wouter Verhelst wrote:
> Experimental is different because it is an incomplete distribution,
> which needs to default to using packages from unstable except if
> build-depends explicitly lists versions that are only available in
> experimental.
[...]

Thanks, Wouter. I guess backports is rather similar. 


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Money is worth nothing on a dead planet.


signature.asc
Description: PGP signature

Bug#1020630: diffoscope: cbfstool is finally available in Debian

2022-09-24 Thread Holger Levsen 
Package: diffoscope
Version: 222
Severity: wishlist

Dear diffoscope maintainers,

since this Thursday src:coreboot is finally (*) in unstable and thus cbfstool
is finally there too (via binary:coreboot-utils), see
https://tracker.debian.org/news/1364252/accepted-coreboot-415dfsg-2-source-into-unstable/

I believe this needs some minor changes to diffoscope which already can
make use of cbfstool if installed, just it needs to learn to recommend
coreboot-utils.

Thanks for your work on diffoscope!

(*) just 16 years after it's ITP bug :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

In Europe there are people prosecuted by courts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.


signature.asc
Description: PGP signature

Bug#968226: Move documentation of Build-Depends alternative selection out of footnote

2022-09-24 Thread Holger Levsen 
On Fri, Sep 23, 2022 at 04:17:04PM +0100, Simon McVittie wrote:
> On Thu, 22 Sep 2022 at 19:11:38 -0700, Russ Allbery wrote:
> > I also reworded the paragraph about backports to hopefully address
> > Holger's reading.  It's just trying to say that backports uses aptitude in
> > the normal way and doesn't do anything special to transform the
> > alternative.
 
yup, it's better, thanks.

> It's perhaps worth mentioning that experimental does something similar
> (it has used the aptitude and aspcud resolvers at various times, but
> I'm not sure which one is currently in use).

I see.

I think my biggest concern is actually not how it's described but rather
why/that it is different at all (and then wondering whether it will stay
that way...)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes... (Greta Thunberg)


signature.asc
Description: PGP signature

Bug#983202: time_1.9-0.2.diff

2022-09-22 Thread Holger Levsen 
hi,

i've uploaded time_1.9-0.2 with the attached diff to DELAYED/15.

time (1.9-0.2) unstable; urgency=medium

  * Non-maintainer upload by the Reproducible Builds team.
  * Add debian/patches/0001-doc-time.texi.patch to remove timestamp from
documentation. Closes: 983202. Patch by Vagrant Cascadian.

 -- Holger Levsen   Thu, 22 Sep 2022 21:35:24 +0200


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Just 100 companies are responsible for 71% of global emissions.
https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change
diff -Nru time-1.9/debian/changelog time-1.9/debian/changelog
--- time-1.9/debian/changelog	2021-01-10 20:28:43.0 +0100
+++ time-1.9/debian/changelog	2022-09-22 21:35:24.0 +0200
@@ -1,3 +1,11 @@
+time (1.9-0.2) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * Add debian/patches/0001-doc-time.texi.patch to remove timestamp from
+documentation. Closes: 983202. Patch by Vagrant Cascadian.
+
+ -- Holger Levsen   Thu, 22 Sep 2022 21:35:24 +0200
+
 time (1.9-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru time-1.9/debian/patches/0001-doc-time.texi.patch time-1.9/debian/patches/0001-doc-time.texi.patch
--- time-1.9/debian/patches/0001-doc-time.texi.patch	1970-01-01 01:00:00.0 +0100
+++ time-1.9/debian/patches/0001-doc-time.texi.patch	2022-09-22 21:34:52.0 +0200
@@ -0,0 +1,45 @@
+From 2048be16fa0418c231bc953e2d4350b117672ce0 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian 
+Date: Sat, 20 Feb 2021 22:28:30 +
+Subject: [PATCH] doc/time.texi: Remove timestamp from documentation.
+
+The date the package was built is misleading about when the
+documentation was last updated.
+
+https://reproducible-builds.org/docs/timestamps/
+---
+ doc/time.texi | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/doc/time.texi b/doc/time.texi
+index dfc0aa4..c660a66 100644
+--- a/doc/time.texi
 b/doc/time.texi
+@@ -11,7 +11,6 @@
+ This manual is for GNU @code{time} command for running programs
+ and summarizing the system resources they use.
+ version @value{VERSION}
+-updated @value{UPDATED}
+ 
+ Copyright @copyright{} 1991-2018 Free Software Foundation, Inc.
+ 
+@@ -37,7 +36,6 @@ Texts.  A copy of the license is included in the section entitled
+ @title Measuring Program Resource Use
+ @subtitle The GNU @code{time} Command
+ @subtitle version @value{VERSION}
+-@subtitle updated @value{UPDATED}
+ @author David MacKenzie
+ @page
+ @vskip 0pt plus 1filll
+@@ -54,7 +52,7 @@ Texts.  A copy of the license is included in the section entitled
+ 
+ This file documents the the GNU @code{time} command for running programs
+ and summarizing the system resources they use.
+-Version @value{VERSION}, updated @value{UPDATED}
++Version @value{VERSION}
+ @end ifnottex
+ 
+ 
+-- 
+2.30.1
+
diff -Nru time-1.9/debian/patches/series time-1.9/debian/patches/series
--- time-1.9/debian/patches/series	2021-01-10 13:47:40.0 +0100
+++ time-1.9/debian/patches/series	2022-09-22 21:35:24.0 +0200
@@ -1,2 +1,3 @@
 time-include-time_h.patch
 option-p-texi.patch
+0001-doc-time.texi.patch


signature.asc
Description: PGP signature

Bug#1009931: gmp_6.2.1+dfsg1-1.1.diff

2022-09-22 Thread Holger Levsen 
hi,

i've uploaded gmp_6.2.1+dfsg1-1.1 with the attached diff to DELAYED/15.

gmp (2:6.2.1+dfsg1-1.1) unstable; urgency=medium

  * Non-maintainer upload by the Reproducible Builds team.
  * debian/rules changes by Vagrant Cascadian:
- pass ASMFLAGS with debug-prefix-map to configure.
- replace embedded build path in gmp.h with a placeholder string.
Closes: #1009931


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Just 100 companies are responsible for 71% of global emissions.
https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change
diff -Nru gmp-6.2.1+dfsg1/debian/changelog gmp-6.2.1+dfsg1/debian/changelog
--- gmp-6.2.1+dfsg1/debian/changelog	2022-06-12 22:56:17.0 +0200
+++ gmp-6.2.1+dfsg1/debian/changelog	2022-09-22 20:43:57.0 +0200
@@ -1,3 +1,13 @@
+gmp (2:6.2.1+dfsg1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Reproducible Builds team.
+  * debian/rules changes by Vagrant Cascadian:
+- pass ASMFLAGS with debug-prefix-map to configure.
+- replace embedded build path in gmp.h with a placeholder string.
+Closes: #1009931
+
+ -- Holger Levsen   Thu, 22 Sep 2022 20:43:57 +0200
+
 gmp (2:6.2.1+dfsg1-1) unstable; urgency=medium
 
   [ Bastian Germann ]
diff -Nru gmp-6.2.1+dfsg1/debian/rules gmp-6.2.1+dfsg1/debian/rules
--- gmp-6.2.1+dfsg1/debian/rules	2022-06-12 22:55:58.0 +0200
+++ gmp-6.2.1+dfsg1/debian/rules	2022-09-22 20:31:51.0 +0200
@@ -72,7 +72,7 @@
 	mkdir -p build
 	cd build && ../configure $(confflags_ma) \
 	AR=$(AR) CC="$(CC)" CFLAGS="$(CFLAGS)" \
-	CXX="$(CXX)" CXXFLAGS="$(CXXFLAGS)"
+	CXX="$(CXX)" CXXFLAGS="$(CXXFLAGS)" ASMFLAGS="--debug-prefix-map=$(CURDIR)=."
 	touch $@
 
 build: build-stamp
@@ -100,6 +100,9 @@
 	# so override it at install.
 	$(MAKE) DESTDIR=`pwd`/debian/tmp includeexecdir=/usr/include/$(DEB_HOST_MULTIARCH) -C build install
 
+	# Replace embedded build path with a placeholder string
+	sed -i -e "s,$(CURDIR),BUILDPATH,g" debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/gmp.h
+
 	dh_install -plibgmp10 usr/lib/*/libgmp.so.*
 	dh_install -plibgmpxx4ldbl usr/lib/*/libgmpxx.so.*
 


signature.asc
Description: PGP signature

Bug#1010957: status update? Re: Bug#1010957: man-db: unreproducible index.db: contents depend on directory read order

2022-09-22 Thread Holger Levsen 
Hi Colin,

On Thu, Sep 22, 2022 at 08:53:07PM +0100, Colin Watson wrote:
> Yeah, this has taken me a bit longer than expected, but I have in fact
> been making some progress.  josch's patch has been very useful in that
> it provides an easy way to see differences between unsorted and sorted
> traversal, and I've taken my goal as being to drive those differences to
> zero.  The only bit I've committed so far has been:
> 
>   
> https://gitlab.com/cjwatson/man-db/-/commit/bb0f7086ba4ce4503761737bf612088c03b6c495

cool, thanks for the update and all your man-db work!

> I'll update this bug as I make further progress.

great, thanks again! 


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Imagine god created trillions of galaxies but freaks out because some dude
kisses another.


signature.asc
Description: PGP signature

Bug#1017372: #1017372 plymouth: reproducible builds: year and week embedded in .pc files

2022-09-22 Thread Holger Levsen 
hi Laurent,

what do you think of the proposed patch?

for your convinience: (see https://bugs.debian.org/1017372
for more explainations but this is the diff)

Subject: [PATCH] configure.ac: Avoid embedding the date in the version.

Use the version from the last debian/changelog entry, otherwise the
build will differ if built on a different year and week and from git
builds vs. builds from source tarball.
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 6e00c0c..0de1856 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_INIT([plymouth],
-m4_esyscmd_s([date +%y.%V.$(git rev-list $(git describe 
--abbrev=0)..HEAD --count) || echo 0]),
+m4_esyscmd_s([dpkg-parsechangelog --show-field Version]),


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Some people say that the climate crisis  is something that we all have created,
but  that is not true,  because if everyone is guilty  then no one is to blame.
And someone is to blame.  Some people, some companies,  some decision-makers in
particular, have known exactly what priceless values they have been sacrificing
to continue making unimaginable amounts of money. (Greta Thunberg)


signature.asc
Description: PGP signature

Bug#1010957: status update? Re: Bug#1010957: man-db: unreproducible index.db: contents depend on directory read order

2022-09-22 Thread Holger Levsen 
hi!

Colin, what's the status of this bug? You said you were working on improving
josch' patch in May 2022...?! :)

Also, the bug is currently tagged 'patch', I guess it's appropriate to remove
that tag?

josch: btw you said you you submitted other patches missing freeing of memory,
have you updated those other patches?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

We live in a world where teenagers get more and more desperate trying to
convince adults to behave like grown ups.


signature.asc
Description: PGP signature

Bug#968226: Move documentation of Build-Depends alternative selection out of footnote

2022-09-21 Thread Holger Levsen 
On Tue, Sep 20, 2022 at 07:17:17PM -0700, Russ Allbery wrote:
> +The autobuilders for the Debian backports suite do not perform this
> +transformation and instead use the full alternatives list to resolve
> +dependencies.
 
this sounds like they install all build depends, incl alternative ones?!
is that really the case? (and why?)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Make facts great again.


signature.asc
Description: PGP signature

Bug#992136: Don't require Standards-Version field when only udebs Standards-Version for udeb packages

2022-09-21 Thread Holger Levsen 
On Tue, Sep 20, 2022 at 06:39:11PM -0700, Russ Allbery wrote:
> Here is proposed wording that I think is ready for seconds.
> 
> From: Russ Allbery 
> Date: Tue, 20 Sep 2022 18:35:55 -0700
> Subject: [PATCH] Clarify udeb-only source packages are out of scope
> 
> Note that source packages that only produce udebs are, like udebs,
> out of scope and may not follow all of the requirements of Policy.
> 
> Say explicitly in the Standards-Version description that udebs and
> source packages that only produce udebs do not use Standards-Version.
> ---
>  policy/ch-controlfields.rst |  3 +++
>  policy/ch-scope.rst | 10 +-
>  2 files changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/policy/ch-controlfields.rst b/policy/ch-controlfields.rst
> index 428b8a7..ea8f4a3 100644
> --- a/policy/ch-controlfields.rst
> +++ b/policy/ch-controlfields.rst
> @@ -540,6 +540,9 @@ Thus only the first three components of the policy 
> version are
>  significant in the *Standards-Version* control field, and so either
>  these three components or all four components may be specified. [#]_
>  
> +udebs and source packages that only produce udebs do not use
> +``Standards-Version``.
> +
>  .. _s-f-Version:
>  
>  ``Version``
> diff --git a/policy/ch-scope.rst b/policy/ch-scope.rst
> index 289c9a9..a279c26 100644
> --- a/policy/ch-scope.rst
> +++ b/policy/ch-scope.rst
> @@ -71,11 +71,11 @@ Much of the information presented in this manual will be 
> useful even
>  when building a package which is to be distributed in some other way or
>  is intended for local use only.
>  
> -udebs (stripped-down binary packages used by the Debian Installer) do
> -not comply with all of the requirements discussed here. See the `Debian
> -Installer internals
> -manual `_ for
> -more information about them.
> +udebs (stripped-down binary packages used by the Debian Installer) and
> +source packages that produce only udebs do not comply with all of the
> +requirements discussed here. See the `Debian Installer internals manual
> +`_ for more information
> +about them.

seconded, thanks.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not the lockdown which is unbearable, but the virus.


signature.asc
Description: PGP signature

Bug#992136: Don't require Standards-Version field when only udebs Standards-Version for udeb packages

2022-09-20 Thread Holger Levsen 
On Mon, Sep 19, 2022 at 09:29:36PM -0700, Russ Allbery wrote:
> I'm fine with this change, but as Sam points out, the deeper point here is
> that Policy doesn't apply to udebs.  This is the whole point of udebs.

When you say it like this, it sounds to strong to me, if it were written in
-policy.

.udebs are allowed to break some rules, but not all. it's not ok to put
Microsoft Word in an udeb in main. there are many other rules .debs need to
comply to.

> udebs (stripped-down binary packages used by the Debian Installer) do
> not comply with all of the requirements discussed here. See the Debian
> Installer internals manual for more information about them.
 
this sounds good to me.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Where will your kids go when they become climate refugees?


signature.asc
Description: PGP signature

Bug#1019920: openqa-client should probably depend on libcpanel-json-xs-perl

2022-09-16 Thread Holger Levsen 
Package: openqa-client
Version: 4.6.1653336570.10bff0d-1
Severity: important

Dear Phil,

openqa-client should probably depend on libcpanel-json-xs-perl. Filing this
with severity 'important' as I'm not sure if there are situations where parts
of it are working without it.

https://jenkins.debian.net/view/live/job/reproducible_debian_live_build_smallest-build_sid/267/console

didn't have it  installed and failed with

Can't locate Cpanel/JSON/XS.pm in @INC (you may need to install the 
Cpanel::JSON::XS module) (@INC contains: /usr/share/openqa/script/../lib 
/etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 
/usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 
/usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base 
/usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 
/usr/local/lib/site_perl) at /usr/share/openqa/script/../lib/OpenQA/Command.pm 
line 7.
BEGIN failed--compilation aborted at 
/usr/share/openqa/script/../lib/OpenQA/Command.pm line 7.
Compilation failed in require at /usr/share/perl5/Mojo/Base.pm line 134.
BEGIN failed--compilation aborted at 
/usr/share/openqa/script/../lib/OpenQA/CLI/api.pm line 5.
Compilation failed in require at (eval 35) line 1.

openqa-cli there has been called like this:

openqa-cli api -X POST isos ISO=${DESKTOP}_${SUITE}_${TIMESTAMP}.iso 
DISTRI=debian VERSION=${SUITE}_${DESKTOP} FLAVOR=live-build ARCH=x86_64 
BUILD=:${SNAPSHOT_TIMESTAMP}_${SUITE}_${DESKTOP} CHECKSUM=${CHECKSUM} 
TIMESTAMP=${SNAPSHOT_TIMESTAMP} 
ISO_URL=https://tests.reproducible-builds.org/debian_live_build/${ISONAME} 
--odn --apikey ${OPENQA_APIKEY} --apisecret ${OPENQA_APISECRET} 
LIVE_INSTALLER=no

After installing libcpanel-json-xs-perl things work as they should.

Thanks for maintaining openqa in and for Debian!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Die Faktenlage bzgl. Klimakatastrophe ist so eindeutig und die Folgen sind so
schwerwiegend, dass Parteien und Organisationen, die immer noch wirksame Maß-
nahmen dagegen behindern, als verbrecherisch einzustufen sind.


signature.asc
Description: PGP signature

Bug#1019742: reprotest: add a variation that sets DEB_BUILD_OPTIONS=nocheck

2022-09-14 Thread Holger Levsen 
Hi Phil,

On Wed, Sep 14, 2022 at 04:00:04PM +0200, Philip Hands wrote:
> I suggest adding a 'nocheck' variation, that sets DEB_BUILD_OPTIONS=nocheck
> during the build, and enabling it by default.
[...]
> Option 2) is what I'm suggesting making into a default variation.
[...]
> If nothing else it will speed up testing of packages with extensive test 
> suits.

as discussed in RL, /me likes. :) Please provide a MR including documenation
updates as needed. And thank you very much for using and improving reprotest!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Nach wieviel Einzelfällen wird ein Einzelfall zum Normalfall?
(Jan Böhmermann)


signature.asc
Description: PGP signature

Bug#1019697: debootstrap: aid reproducible boostrapping by providing a --cleanup-logs option

2022-09-14 Thread Holger Levsen 
Hi Chris,

On Wed, Sep 14, 2022 at 10:00:32AM +0100, Chris Lamb wrote:
> > This bug is about the first step. It would be really nice if debootstrap
> > had an option called --cleanup-logs which would delete those logs.
> Would it be sensible to suggest that, instead of an explicit
> command-line flag, that debootstrap would do this cleanup if
> SOURCE_DATE_EPOCH is present?

I think that's an excellent idea! :)
 
> If it helps, the idea of using the presence (or non-presence) of
> SOURCE_DATE_EPOCH to slightly adjust the behaviour of a program is
> already being used as a flag in other places.
> 
> (If it helps, the parallel bug for cdebootstrap is #1019698.)

Leaving the rest of your reply as I've cc:ed #1019698.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"Climate change" is an euphenism. "Global warming" as well.


signature.asc
Description: PGP signature

Bug#1019697: debootstrap: aid reproducible boostrapping by providing a --cleanup-logs option

2022-09-13 Thread Holger Levsen 
Package: debootstrap
Version: 1.0.127
Severity: wishlist
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

using debootstrap 1.0.127 it's possible to reproducible bootstrap Debian,
provided one does three extra steps:

1. rm /var/log/dpkg.log /var/log/alternatives.log /var/log/bootstrap.log
2. rm /etc/machine-id /var/cache/ldconfig/aux-cache
3. SOURCE_DATE_EPOCH=$some_sane_value ; sudo tar --mtime="@$SOURCE_DATE_EPOCH" 
--clamp-mtime $SUITE -cf $SUITE.tar

This bug is about the first step. It would be really nice if debootstrap
had an option called --cleanup-logs which would delete those logs.

Step 2 (or rather it's first part) is tracked via #1018740: "debootstrap:
better initialisation of /etc/machine-id".
Step 3 would be another new feature for debootstrap, namely to create tar 
archives.

Thanks for maintaining debootstrap!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"I know what you're thinking" used to be an idiom but now it's a business model.


signature.asc
Description: PGP signature

Bug#1019698: cdebootstrap: aid reproducible boostrapping by providing a --cleanup-logs option

2022-09-13 Thread Holger Levsen 
Package: cdebootstrap
Version: 0.7.8
Severity: wishlist
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Dear Maintainer,

using cdebootstrap 0.7.8 it's possible to reproducible bootstrap Debian,
provided one does three extra steps:

1. rm /var/log/dpkg.log /var/log/alternatives.log /var/log/bootstrap.log 
/var/log/apt/history.log /var/log/apt/term.log
2. rm /etc/machine-id /var/cache/ldconfig/aux-cache
3. SOURCE_DATE_EPOCH=$some_sane_value ; sudo tar --mtime="@$SOURCE_DATE_EPOCH" 
--clamp-mtime $SUITE -cf $SUITE.tar

This bug is about the first step. It would be really nice if cdebootstrap
had an option called --cleanup-logs which would delete those logs.

Step 2 (or rather it's first part) is tracked via #1018741: "cdebootstrap:
better initialisation of /etc/machine-id".
Step 3 would be another new feature for cdebootstrap, namely to create tar 
archives.

Thanks for maintaining cdebootstrap!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Homelessness exists not because the housing systemn is not working, but because
this is the way it works. - Peter Marcuse.


signature.asc
Description: PGP signature

Bug#877414: systemd: please include a /var/log/README like Fedora has

2022-09-13 Thread Holger Levsen 
On Mon, Sep 12, 2022 at 05:29:08PM +0200, Michael Biebl wrote:
> A "rm -f /var/log/README" in postrm is simple enough, or at least not more
> complicated then creating the symlink (manually) via debian/systemd.links.

right.
 
> Question is, what's conceptually more desired. Marco mentioned on IRC that
> shipping a static symlink in the package conflicts with the goal, that /var
> should be empty by default (see factory-reset [1]).

I don't understand, however /var/log/README is provided, it always
means /var isn't empty?

> Seems piuparts is happy with the status quo, so maybe we don't actually need
> an explicit cleanup of /var/log/README and we can just close this bug
> report?

usually piuparts is rightfully unhappy, though exceptions exist. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

That morning, the young barista woman told me that a customer came in with a
mask, but not wearing it. When she asked the customer to put on her mask
please, the woman said: "Why? There's no-one in here."


signature.asc
Description: PGP signature

Bug#877414: systemd: please include a /var/log/README like Fedora has

2022-09-12 Thread Holger Levsen 
On Mon, Sep 12, 2022 at 11:07:06AM +0200, Michael Biebl wrote:
> We could either ship this symlink directly in the package as well (so dpkg
> will remove it if the package is uninstalled), or add an explicit cleanup to
> systemd.postrm.

sounds like shipping the symlink is easier and thus better, isn't it?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Change is coming whether you like it or not.


signature.asc
Description: PGP signature

Bug#1019343: Remove Date::Manip entirely? PATCH [1/1]

2022-09-08 Thread Holger Levsen 
control: severity -1 important
# getting mail every 5mins is really not acceptable
thanks

On Wed, Sep 07, 2022 at 04:59:17PM -0700, Nye Liu wrote:
> munin-graph does not seem to use Date::Manip at all, unless there is a
> hidden dependency that isn't obvious.

thank you for your bug report! have you tried your patch?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

No mas pobres en un pais rico!


signature.asc
Description: PGP signature

Bug#1018740: debootstrap: better initialisisation of /etc/machine-id

2022-08-30 Thread Holger Levsen 
On Tue, Aug 30, 2022 at 11:14:54AM +0200, Cyril Brulebois wrote:
> Holger Levsen  (2022-08-29):
> > So probably it would be better to either remove the file or write
> > "uninitialized" into it... or support both via commandline flags :)
> For anyone wanting to look into this, it doesn't seem worth it to add a
> command line flag for this…

why do you think so?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄




signature.asc
Description: PGP signature

Bug#1018740: debootstrap: better initialisisation of /etc/machine-id

2022-08-29 Thread Holger Levsen 
Package: debootstrap
Version: 1.0.123+deb11u1
Severity: normal

Dear Maintainer,

after debootstrapping, /etc/machine-id has a regular machine-id as contents
which seems suboptimal as its unreproducible and also, and foremost, this
can have nasty side-effects...

So probably it would be better to either remove the file or write 
"uninitialized"
into it... or support both via commandline flags :)

from #debian-devel today:

< bluca> for an image builder program, you can do two things with machine-id
< bluca> if you want the first boot logic to apply, you can initialize it to 
"uninitialized"
< bluca> if you don't want the first boot logic, have it as an empty file
< kibi> I think the behaviour changed between buster and bullseye; not sure 
what happened since
< kibi> (based on my recollection of 

https://salsa.debian.org/raspi-team/image-specs/-/commit/26a7de63b0bb3de1b5d0c4d0529240721c322dbb
 for pi images)
< Md> | h01ger: when creating an image it is better to have an empty 
/etc/machine-id than just deleting it, because 
  this way something can bind-mount a writeable file over it in 
early boot
<  josch> | h01ger: in case it helps, mmdebstrap writes "uninitialized" to 
/etc/machine-id
< bluca> empty -> no first boot semantics, uninitialized -> first boot semantics
< bluca> doc ref for the bug: 
https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

I'll believe in climate change when Texas freezes over. (Ted Cruz)


signature.asc
Description: PGP signature

Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23

2022-08-23 Thread Holger Levsen 
hi,

I've just uploaded this to buster for the coming point release:

$ debdiff debian-security-support_2020.06.21~deb10u1.dsc 
debian-security-support_10+2022.08.23.dsc|diffstat
 Makefile.PL  |1 +
 debian/changelog |   26 ++
 security-support-ended.deb10 |8 +++-
 security-support-limited |   12 ++--
 4 files changed, 36 insertions(+), 11 deletions(-)

$ debdiff debian-security-support_2020.06.21~deb10u1.dsc 
debian-security-support_10+2022.08.23.dsc
diff -Nru debian-security-support-2020.06.21~deb10u1/debian/changelog 
debian-security-support-10+2022.08.23/debian/changelog
--- debian-security-support-2020.06.21~deb10u1/debian/changelog 2020-07-10 
19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/debian/changelog  2022-08-23 
18:57:12.0 +0200
@@ -1,3 +1,29 @@
+debian-security-support (1:10+2022.08.23) buster; urgency=medium
+
+  * Introduce release based versioning and add an epoch to achieve that.
+See https://lists.debian.org/20200817100153.ga...@layer-acht.org and
+follow-ups. Closes: #988321
+  * Makefile.PL: strip epoch from internal version just like ~deb10u1 etc are
+also dropped.
+  * Update security-support-ended.deb10 from 1:12+2022.08.12 from unstable,
+thus adding these packages to it:
+- chromium
+- ckeditor3
+- gpac
+- libspring-java
+- slurm-llnl
+- xen
+  * Update security-support-limited from 1:12+2022.08.12 from unstable,
+thus adding:
+- golang
+- khtml
+  * Drop libv8-3.14, mosjz, mosjz24, swftools and webkitgtk from
+security-support-limited as they were only present in stretch and earlier.
+  * Also drop glpi, ltp and wine-gecko-2.(21|24) from security-support-limited
+as they were only present in jessie or earlier.
+
+ -- Holger Levsen   Tue, 23 Aug 2022 18:57:12 +0200
+
 debian-security-support (2020.06.21~deb10u1) buster; urgency=medium
 
   * Rebuild for buster.
diff -Nru debian-security-support-2020.06.21~deb10u1/Makefile.PL 
debian-security-support-10+2022.08.23/Makefile.PL
--- debian-security-support-2020.06.21~deb10u1/Makefile.PL  2018-03-16 
15:39:59.0 +0100
+++ debian-security-support-10+2022.08.23/Makefile.PL   2022-08-19 
16:25:59.0 +0200
@@ -12,6 +12,7 @@
 my $VERSION=$changelog->{Version};
 
 $VERSION =~ s/~deb(.*)//;
+$VERSION =~ s/^[0-9]+://;
 
 WriteMakefile (
 'NAME' =>   'debian-security-support',
diff -Nru 
debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10 
debian-security-support-10+2022.08.23/security-support-ended.deb10
--- debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10 
2020-07-10 19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/security-support-ended.deb10  
2022-08-23 18:57:08.0 +0200
@@ -11,4 +11,10 @@
 #In the program's output, this is prefixed with "Details:"
 
 # none yet (please remove this line once this is not true anymore)
-libperlspeak-perl2.01-2  2020-04-16  
https://bugs.debian.org/954238 (CVE-2020-10674) and 
https://bugs.debian.org/954297 and 954298
+libperlspeak-perl2.01-2  2020-04-16  
https://bugs.debian.org/954238 (CVE-2020-10674) and 
https://bugs.debian.org/954297 and 954298
+xen  4.11.4+107-gef32c7afa2-12021-08-28  
https://xenbits.xen.org/docs/4.11-testing/SUPPORT.html#release-support
+chromium 90.0.4430.212-1~deb10u1 2022-01-14  
https://lists.debian.org/debian-security-announce/2022/msg00012.html
+slurm-llnl   18.08.5.2-1+deb10u2 2022-08-01  
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/39
+gpac 0.5.2-426-gc5ad4e4+dfsg5-5  2022-08-03  
https://lists.debian.org/debian-lts/2022/05/msg00043.html
+libspring-java   4.3.5-1+deb9u1  2022-08-09  
https://lists.debian.org/debian-lts/2022/08/msg1.html
+ckeditor33.6.6.1+dfsg-1  2022-08-09  
https://lists.debian.org/debian-lts/2022/08/msg1.html
diff -Nru debian-security-support-2020.06.21~deb10u1/security-support-limited 
debian-security-support-10+2022.08.23/security-support-limited
--- debian-security-support-2020.06.21~deb10u1/security-support-limited 
2020-07-10 19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/security-support-limited  
2022-08-23 18:57:08.0 +0200
@@ -10,13 +10,9 @@
 binutilsOnly suitable for trusted content; see 
https://lists.debian.org/msgid-search/87lfqsomtg@mid.deneb.enyo.de
 ganglia See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702775
 ganglia-web See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702776
-glpiOnly supported behind an authenticated HTTP zone for trusted 
users
-golang*See 
https://www.debian.org/releases/buster/amd64/

Bug#1017987: bullseye-pu: package debian-security-support/1:11+2022.08.23

2022-08-23 Thread Holger Levsen 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

I've uploaded this now for the next bullseye point release:

$ debdiff debian-security-support_11+2021.03.19.dsc 
debian-security-support_11+2022.08.23.dsc|diffstat
 debian/changelog |   13 +
 security-support-limited |   11 +++
 2 files changed, 16 insertions(+), 8 deletions(-)

$ debdiff debian-security-support_11+2021.03.19.dsc 
debian-security-support_11+2022.08.23.dsc
diff -Nru debian-security-support-11+2021.03.19/debian/changelog 
debian-security-support-11+2022.08.23/debian/changelog
--- debian-security-support-11+2021.03.19/debian/changelog  2021-03-19 
21:58:42.0 +0100
+++ debian-security-support-11+2022.08.23/debian/changelog  2022-08-23 
18:26:34.0 +0200
@@ -1,3 +1,16 @@
+debian-security-support (1:11+2022.08.23) bullseye; urgency=medium
+
+  * Update security-support-limited from 1:12+2022.08.19 from unstable,
+- add khtml. Closes: #1004293.
+- add openjdk-17 and point to the bullseye release notes (as discussed in
+  #975016).
+- for golang, point to the bullseye manual instead the buster one.
+- drop mozjs52 and mozjs60 as they were only present in buster.
+- drop libv8-3.14, mozjs, mozjs24, swftools and webkitgtk as they were
+  only present in stretch and earlier.
+
+ -- Holger Levsen   Tue, 23 Aug 2022 18:26:34 +0200
+
 debian-security-support (1:11+2021.03.19) unstable; urgency=medium
 
   [ Utkarsh Gupta ]
diff -Nru debian-security-support-11+2021.03.19/security-support-limited 
debian-security-support-11+2022.08.23/security-support-limited
--- debian-security-support-11+2021.03.19/security-support-limited  
2021-01-25 13:28:55.0 +0100
+++ debian-security-support-11+2022.08.23/security-support-limited  
2022-08-23 18:24:26.0 +0200
@@ -11,22 +11,17 @@
 cython  Only included for building packages, not running them, #975058
 ganglia See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702775
 ganglia-web See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702776
-golang*See 
https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking
+golang*See 
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking
 kde4libskhtml has no security support upstream, only for use on 
trusted content
-libv8-3.14  Not covered by security support, only suitable for trusted 
content
-mozjs   Not covered by security support, only suitable for trusted 
content
-mozjs24 Not covered by security support, only suitable for trusted 
content
-mozjs52 Not covered by security support, only suitable for trusted 
content
-mozjs60 Not covered by security support, only suitable for trusted 
content
+khtml   khtml has no security support upstream, only for use on 
trusted content, see #1004293
 mozjs68 Not covered by security support, only suitable for trusted 
content, see #959804
 mozjs78 Not covered by security support, only suitable for trusted 
content, see #959804
 ocsinventory-server Only supported behind an authenticated HTTP zone
+openjdk-17 See 
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#openjdk-17
 python2.7   Only included for building packages, not running them, #975058
 python-stdlib-extensions Only included for building packages, not running 
them, #975058
 qtwebengine-opensource-src No security support upstream and backports not 
feasible, only for use on trusted content
 qtwebkitNo security support upstream and backports not feasible, only 
for use on trusted content
 qtwebkit-opensource-src No security support upstream and backports not 
feasible, only for use on trusted content
 sql-ledger  Only supported behind an authenticated HTTP zone
-swftoolsNot covered by security support, only suitable for trusted 
content
-webkitgtk   No security support upstream and backports not feasible, only 
for use on trusted content
 zoneminder  See README.Debian.security, only supported behind an 
authenticated HTTP zone, #922724

Thanks for all your SRM work!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The system isn't broken. It was built this way.


signature.asc
Description: PGP signature

<    1   2   3   4   5   6   7   8   9   10   >