Bug#863626: unblock: dns-root-data/2017041101
Hi Jonathan, my mistake. Somehow I thought the 2017020200 has been already unblocked for testing. I did the 2017041101 build and unblock bug in parallel, and I have just uploaded the package to unstable. So for the 2015052300+h+1 -> 2017020200 changes: * This fixes FTBFS because: a) ICANN/IANA doesn't provide OpenPGP signatures anymore b) The parsing was broken with introduction of second key This includes changes in d/rules + new parse-root-anchors.sh script. * Several dead-upstream ICANN files were removed from the package: - draft-icann-dnssec-trust-anchor.html - draft-icann-dnssec-trust-anchor.txt - icannbundle.p12 - icann.pgp - root-anchors.p7s (e.g. in fact it was a removal of ICANN-copyright document) The licensing on ICANN files was acked by ftp-masters as OK. $ diffstat dns-root-data_2017020200.debdiff /home/ondrej/tmp/wrtzCZn7bu/dns-root-data-2017020200/icann.pgp |binary /home/ondrej/tmp/wrtzCZn7bu/dns-root-data-2017020200/icannbundle.p12 |binary /home/ondrej/tmp/wrtzCZn7bu/dns-root-data-2017020200/root-anchors.p7s |binary dns-root-data-2017020200/debian/changelog | 14 dns-root-data-2017020200/debian/control | 5 dns-root-data-2017020200/debian/dns-root-data.docs| 2 dns-root-data-2017020200/debian/rules | 18 dns-root-data-2017020200/draft-icann-dnssec-trust-anchor.html | 555 - dns-root-data-2017020200/draft-icann-dnssec-trust-anchor.txt | 560 -- dns-root-data-2017020200/icannbundle.pem | 200 +-- dns-root-data-2017020200/parse-root-anchors.sh| 25 dns-root-data-2017020200/root-anchors.asc | 7 dns-root-data-2017020200/root-anchors.xml | 8 dns-root-data-2017020200/root.hints | 8 dns-root-data-2017020200/root.key | 3 15 files changed, 117 insertions(+), 1288 deletions(-) Cheers, -- Ondřej SurýKnot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver On Mon, May 29, 2017, at 14:47, Jonathan Wiltshire wrote: > Control: tag -1 moreinfo > > On Mon, May 29, 2017 at 02:17:30PM +0200, Ondřej Surý wrote: > > the 2017041101 update of dns-root-data package contains: > > > > - fixes to parse_root_data.sh script to unfail the non-dash > > shells - closes RC bug #862252 (use printf instead of echo command) > > - update root.hints to 2017041101 version (no other change then version > > though) > > - update root.key and d/rules to strip any timestamp, so the build is > > more or less reproducible (the get_orig_source still depends on > > upstream data at the time of the build, but it should be more > > reliable) > > - little fixes to parse_root_data.sh script, as suggested by shellcheck: > > + use read -r instead of read on xml2 output data > > + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument > > + use [ a ] || [ b ] syntax instead of [ a -o b ] > > This does not seem to reflect unstable right now; you have: > > dns-root-data | 2015052300+h+1 | testing | source, all > dns-root-data | 2017020200 | unstable| source, all > > The delta therefore includes many more changes, including addition of an > ICANN-copyright document with no (obvious) distribution license. > > The RC bug that your request fixes is also still open, which will block > migration anyway. > > Thanks, > > -- > Jonathan Wiltshire j...@debian.org > Debian Developer http://people.debian.org/~jmw > > 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 > dns-root-data_2017020200.dsc Description: Binary data dns-root-data_2017020200.debdiff Description: Binary data
Bug#863626: unblock: dns-root-data/2017041101
Control: tag -1 moreinfo On Mon, May 29, 2017 at 02:17:30PM +0200, Ondřej Surý wrote: > the 2017041101 update of dns-root-data package contains: > > - fixes to parse_root_data.sh script to unfail the non-dash > shells - closes RC bug #862252 (use printf instead of echo command) > - update root.hints to 2017041101 version (no other change then version > though) > - update root.key and d/rules to strip any timestamp, so the build is > more or less reproducible (the get_orig_source still depends on > upstream data at the time of the build, but it should be more > reliable) > - little fixes to parse_root_data.sh script, as suggested by shellcheck: > + use read -r instead of read on xml2 output data > + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument > + use [ a ] || [ b ] syntax instead of [ a -o b ] This does not seem to reflect unstable right now; you have: dns-root-data | 2015052300+h+1 | testing | source, all dns-root-data | 2017020200 | unstable| source, all The delta therefore includes many more changes, including addition of an ICANN-copyright document with no (obvious) distribution license. The RC bug that your request fixes is also still open, which will block migration anyway. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug#863626: unblock: dns-root-data/2017041101
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package dns-root-data Dear release team, the 2017041101 update of dns-root-data package contains: - fixes to parse_root_data.sh script to unfail the non-dash shells - closes RC bug #862252 (use printf instead of echo command) - update root.hints to 2017041101 version (no other change then version though) - update root.key and d/rules to strip any timestamp, so the build is more or less reproducible (the get_orig_source still depends on upstream data at the time of the build, but it should be more reliable) - little fixes to parse_root_data.sh script, as suggested by shellcheck: + use read -r instead of read on xml2 output data + use [:upper:]/[:lower:] instead of [A-Z]/[a-z] as tr argument + use [ a ] || [ b ] syntax instead of [ a -o b ] unblock dns-root-data/2017041101 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-67-generic (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 3.0 (native) Source: dns-root-data Binary: dns-root-data Architecture: all Version: 2017041101 Maintainer: Debian DNS MaintainersUploaders: Ondřej Surý , Robert Edmonds Homepage: https://data.iana.org/root-anchors/ Standards-Version: 3.9.6 Vcs-Browser: http://git.debian.org/?p=pkg-dns/dns-root-data.git;a=summary Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git Build-Depends: debhelper (>= 8.0.0), unbound-anchor, openssl, ldnsutils, xml2 Package-List: dns-root-data deb misc optional arch=all Checksums-Sha1: 36bfc25763062a4ccc784ced1d821faf8a3f442e 14316 dns-root-data_2017041101.tar.xz Checksums-Sha256: c88bb15f1e16dba1a525928e190999fdc70b16d06e40f2aa9c7b81c4740c30d5 14316 dns-root-data_2017041101.tar.xz Files: 4982844cb0e3b0223fdc93bf9671adc3 14316 dns-root-data_2017041101.tar.xz -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlksENtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8 uwf1vA/9HNXfzN7Z8tUuDm40HsXrCR6vK1KfGpcsoYkqZtyqEnkCSwCjzBCpuXzd IO9bVVzQaUkzvxVK8Gq0hJaKri7BUKmgRTg9v8MmcIoqmmyi3TIxU5NFUbTgFwaj qy47bq/gNVJUrYGQJssSE70fHv1iCwWT3Y3xHNdNJfkjiOqIgqgJwB7RzXcPZjgF ZqzUWelV6vDUE1OsOCo2a8hLRGZa11qK/mbZ8eBhYOwVzf6S/z/tZ7L2y2oUEC3J u2et1PweqCmQPNC2Xs9KRya9XdFBuMRt4x3EPHygG0u8sziioVaHeNgfNP66gU2g FlADNfrgS7KLTwXlfHkJ1JLW5/9Zbce3HFdfNGBwESxWSPLJRhCVcycN3N/71T/h aycV57+hG+rHGOsCdNa9c79KrriikrokBilA31NDmOH77wk6g88EhYtvG7TRbd3S sCAYPdk06aIAz2V8nMOXATag5iLRrtdlcJaqvmpfB2NyrXWXOlgb0mTc912ACY6B seDPD3OAmVG5ubOUkBSMyQj7tabjOKkHu+ioYOs3AEYVyIlFxfvle4GwPb6XLaze gaf5ECU4UdZb/7ARKcX3PEL/UQXxIH3F7CExliqQZ/kqqXD0nWcS16I/BuW+YkwP 86k6ofr1/oxiHbdkFEQvSAocbv2GN74jO2R1Q6p7ptv7K4Ey8Og= =pbH7 -END PGP SIGNATURE- diff -Nru dns-root-data-2017020200/debian/changelog dns-root-data-2017041101/debian/changelog --- dns-root-data-2017020200/debian/changelog 2017-03-22 09:06:08.0 +0100 +++ dns-root-data-2017041101/debian/changelog 2017-05-29 14:05:37.0 +0200 @@ -1,3 +1,12 @@ +dns-root-data (2017041101) unstable; urgency=medium + + * Fix parse-root-anchors.sh in non-dash shells (Closes: #862252) + * Update to 2017041101 version of root zone + * Remove timestamps from root.key to make the build reproducible + * Shell syntax cleanup + + -- Ondřej Surý Mon, 29 May 2017 14:05:37 +0200 + dns-root-data (2017020200) unstable; urgency=medium * Update to 2016102001 version of the root.zone diff -Nru dns-root-data-2017020200/debian/rules dns-root-data-2017041101/debian/rules --- dns-root-data-2017020200/debian/rules 2017-03-22 09:06:08.0 +0100 +++ dns-root-data-2017041101/debian/rules 2017-05-29 14:05:37.0 +0200 @@ -32,6 +32,6 @@ /usr/sbin/unbound-anchor \ -a $(CURDIR)/root-auto.key \ -c $(CURDIR)/icannbundle.pem || echo "Check the root-auto.key" - < root-auto.key grep -Ev "^($$|;)" > root.key + < root-auto.key grep -Ev "^($$|;)" | sed -e 's/ ;;count=.*//' > root.key rm root-auto.key wget -O $(CURDIR)/root.hints "http://www.internic.net/domain/named.root; diff -Nru dns-root-data-2017020200/parse-root-anchors.sh dns-root-data-2017041101/parse-root-anchors.sh --- dns-root-data-2017020200/parse-root-anchors.sh 2017-03-22 09:06:08.0 +0100 +++ dns-root-data-2017041101/parse-root-anchors.sh 2017-05-29 14:05:37.0 +0200 @@ -5,19 +5,19 @@ TTL=172800 export