Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
BTW, Daniel, please re-tag 1.7.1-3 - this is what's at the tip of master now. I hope anyway :) Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Fixed my branch on the ldns repo, rebasing it on top of now-okay master. If we ever need one more 1.7 release it will be easier to rebase now with the conflicts resolved. I have to review my branch again, I think something might not be right there after the rebase on top of dkg's changes. I will do this tomorrow. Please don't rush it the next time. People were discussing things for quite some days already, and you aren't even an uploader. Just don't do that again. There's no harm done, we are all people and we all do mistakes. I did it too, by doing an NMU without the 2 commits which were pending in master. Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Okay guys. I thought about this a bit more. One wrong action by one developer does not make the environment unhealthy. I fixed the mess done to the master branch. I think - provided this wont happen again - it's okay to work on this to fix the rest of the mess done. I'm doing this right now. Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
13.04.2022 21:19, Daniel Kahn Gillmor wrote: .. reviewed and i'll push that to salsa as a "debian/experimental" branch later today, if either of you want to take a look at what i'm considering for release. The whole thing was ready, polished, everything addressed. If you wanted another 1.7.1 upload that's fine, just add one more commit after my nmu. It was not done in the master branch for a very good reason. Please feel free to use any of my changes you like. Please don't add me to uploaders. This is not how I think package maintenance should be done. I don't want to work in such an unhealthy environment. Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
13.04.2022 21:29, Michael Tokarev wrote: The only prob is that the master branch on the ldns repository is seriously messed up. Also you've made similar commits as I did, but in an incomplete way (like the watch file update). Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
13.04.2022 21:19, Daniel Kahn Gillmor wrote: Hi Michael and Santiago-- I've now uploaded ldns 1.7.1-3 with the associated fix for 1009385. I'm reviewing Michael's changes for 1.8.1, and they're looking good to me. Thank you for all that work, Michael! I think we should consider uploading 1.8.1 into experimental while we wait for 1.7.1-3 to propagate to testing. I don't see a reason to use experimental here, since ldns is not a very popular package, it wont do much good in experimental. The only prob is that the master branch on the ldns repository is seriously messed up. It was for a reason I asked how to resolve this situation. You made it significantly worse. /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Hi Michael and Santiago-- I've now uploaded ldns 1.7.1-3 with the associated fix for 1009385. I'm reviewing Michael's changes for 1.8.1, and they're looking good to me. Thank you for all that work, Michael! I think we should consider uploading 1.8.1 into experimental while we wait for 1.7.1-3 to propagate to testing. I'm assembling a git branch that includes your changes that i've reviewed and i'll push that to salsa as a "debian/experimental" branch later today, if either of you want to take a look at what i'm considering for release. --dkg signature.asc Description: PGP signature
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Thanks both Michael and Santiago for sorting this out! I agree that backporting https://github.com/NLnetLabs/ldns/commit/4d2057f0b5220487882be1b19c302833b84cffe3 to 1.7.1 is the most reasonable/conservative fix. We want that to propagate into testing as soon as possible without risking being blocked by any other surprising regressions. I'll take care of that as part of the debian DNS team right now, which should take care of the NMU as well. --dkg signature.asc Description: PGP signature
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
On 13.04.2022 16:44, Santiago Ruano Rincón wrote: .. So what do we do now? I think the best is to include this fix as 1.7.1-3 (provided it actually fixes the issue) for now, instead of uploading 1.8. Why just don't uploading 1.8.1? Well, we know 1.7 (sort of) works while 1.8 might cause surprizes. What else is missing, other than the now fixed autodep8-python3? I don't know anything else what's missing (besides adding another Closes: by 1.8 for this new bug) And rewrite the history for this one too ;) No if we go for your 1.8.1 upload :-) Am I wrong? It's still the same rewrite really, no matter which way to go: either add one commit before the 2 commits in there or one, it's exactly the same thing now. No, you aren't wrong. I can handle that later today (hopefully). Thanks! /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
El 13/04/22 a las 16:25, Michael Tokarev escribió: > [Just a quick follow-up] > > On 13.04.2022 15:52, Santiago Ruano Rincón wrote: > [...] > > It seems it was fixed on 1.8.0. > > https://github.com/NLnetLabs/ldns/commit/4d2057f0b5220487882be1b19c302833b84cffe3 > > Wonderful.. :) Thank you Santiago! > So, the prob should've be there after just any > recompile of ldns, including the bin-NMU upload > to rebuild it with python3.10. *sigh*. > > So what do we do now? I think the best is to include > this fix as 1.7.1-3 (provided it actually fixes the > issue) for now, instead of uploading 1.8. Why just don't uploading 1.8.1? What else is missing, other than the now fixed autodep8-python3? > And rewrite the history for this one too ;) No if we go for your 1.8.1 upload :-) Am I wrong? Cheers, -- S signature.asc Description: PGP signature
Processed: Re: Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Processing control commands: > forwarded -1 https://github.com/NLnetLabs/ldns/issues/142 Bug #1009385 [libldns3] libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data Set Bug forwarded-to-address to 'https://github.com/NLnetLabs/ldns/issues/142'. > tags -1 + pending Bug #1009385 [libldns3] libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data Added tag(s) pending. -- 1009385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009385 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Control: forwarded -1 https://github.com/NLnetLabs/ldns/issues/142 Control: tags -1 + pending On Wed, 13 Apr 2022 14:52:58 +0200 Santiago Ruano =?iso-8859-1?Q?Rinc=F3n?= wrote: > Control: tags -1 + upstream > Control: tags -1 + forwarded https://github.com/NLnetLabs/ldns/issues/142 > El 13/04/22 a las 10:37, Michael Tokarev escribió: > > 13.04.2022 10:09, Michael Tokarev wrote: ... > > It seems it was fixed on 1.8.0. > https://github.com/NLnetLabs/ldns/commit/4d2057f0b5220487882be1b19c302833b84cffe3 mjt is preparing the 1.8.1 upload that should fix this.
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
[Just a quick follow-up] On 13.04.2022 15:52, Santiago Ruano Rincón wrote: [...] It seems it was fixed on 1.8.0. https://github.com/NLnetLabs/ldns/commit/4d2057f0b5220487882be1b19c302833b84cffe3 Wonderful.. :) Thank you Santiago! So, the prob should've be there after just any recompile of ldns, including the bin-NMU upload to rebuild it with python3.10. *sigh*. So what do we do now? I think the best is to include this fix as 1.7.1-3 (provided it actually fixes the issue) for now, instead of uploading 1.8. And rewrite the history for this one too ;) Thanks, /mjt
Processed (with 1 error): Re: Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Processing control commands: > tags -1 + upstream Bug #1009385 [libldns3] libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data Added tag(s) upstream. > tags -1 + forwarded https://github.com/NLnetLabs/ldns/issues/142 Unknown tag/s: forwarded, https://github.com/NLnetLabs/ldns/issues/142. Recognized are: patch wontfix moreinfo unreproducible help security upstream pending confirmed ipv6 lfs d-i l10n newcomer a11y ftbfs fixed-upstream fixed fixed-in-experimental sid experimental potato woody sarge sarge-ignore etch etch-ignore lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie jessie-ignore stretch stretch-ignore buster buster-ignore bullseye bullseye-ignore bookworm bookworm-ignore trixie trixie-ignore. Bug #1009385 [libldns3] libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data Requested to add no tags; doing nothing. -- 1009385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009385 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Control: tags -1 + upstream Control: tags -1 + forwarded https://github.com/NLnetLabs/ldns/issues/142 El 13/04/22 a las 10:37, Michael Tokarev escribió: > 13.04.2022 10:09, Michael Tokarev wrote: > .. > > But let's try. > > > > How this utility is used in building of dns-root-data? Lemme take a look > > at this package. If you can provide me some minimal testcase to produce > > just the DS record which differs, it will be nice. > > I don't have time for this today. > > Thinking about this further, since there was absolutely no code changes > in ldns itself, - how about building dns-root-data with ldns 1.7.1-2 > and 1.7.1-2.1 WITHOUT ANYTHING ELSE CHANGING, and comparing the results? > > The thing is that it just can not be this change. Yes it can be a change > in some other tool. Like libssl I already wrote about, or maybe gcc > generating different code, or something different. Like wrong SHA256 on GCC11: https://github.com/NLnetLabs/ldns/issues/142 > > And since I don't have any idea about how ldns works, and don't even > know what a DS record is, that would be difficult and definitely time- > consuming for me to understand all this. > > If it's an issue with gcc code generation, we'll have to address this > upstream most likely. Or maybe it's fixed in 1.8 already. It seems it was fixed on 1.8.0. https://github.com/NLnetLabs/ldns/commit/4d2057f0b5220487882be1b19c302833b84cffe3 Cheers, -- Santiago signature.asc Description: PGP signature
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
13.04.2022 10:09, Michael Tokarev wrote: .. But let's try. How this utility is used in building of dns-root-data? Lemme take a look at this package. If you can provide me some minimal testcase to produce just the DS record which differs, it will be nice. I don't have time for this today. Thinking about this further, since there was absolutely no code changes in ldns itself, - how about building dns-root-data with ldns 1.7.1-2 and 1.7.1-2.1 WITHOUT ANYTHING ELSE CHANGING, and comparing the results? The thing is that it just can not be this change. Yes it can be a change in some other tool. Like libssl I already wrote about, or maybe gcc generating different code, or something different. And since I don't have any idea about how ldns works, and don't even know what a DS record is, that would be difficult and definitely time- consuming for me to understand all this. If it's an issue with gcc code generation, we'll have to address this upstream most likely. Or maybe it's fixed in 1.8 already. Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
13.04.2022 09:50, Daniel Kahn Gillmor wrote: Control: reassign 1009385 libldns3 1.7.1-2.1 Control: retitle 1009385 libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data Control: affects 1009385 + dns-root-data X-Debbugs-Cc: Michael Tokarev Control: tags 1009385 + help Lucas, thanks for flagging this! The build failure below appears to happen when libldns3 1.7.1-2.1 is installed. It does not fail with libldns3 1.7.1-2+b1. The output of ldns-key2ds has changed between these two versions. yikes! Michael, it looks like it was this particular upload for ldns: That's lovely indeed :) Yes, the fix itself does not change anything in the code, it merely allows the package to be configured --with-python when python version is 3.19. More, it does not change anything in the C-language code of ldns, at all, and neither the python version nor even the python presence changes this part. Now, I know right to nothing about ldns internals, including the crypto part. I'm just a happy user of ldnsutils, and I've choosen this package just because it was holding my other packages transition with this python3 thing. This is also the reason why I come with a really minimal, non- intrusive change here. But let's try. How this utility is used in building of dns-root-data? Lemme take a look at this package. If you can provide me some minimal testcase to produce just the DS record which differs, it will be nice. Might it be due to some other changes in the related packages, - like, openssl/libssl change which now produces (slightly?) different output? There's also an 1.8.1 version of ldns ready for the upload - I'm waiting for the other maintainers to acknowlege it and for the python3 transition to actually happen before breaking other toys :) Thanks, /mjt
Bug#1009385: libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data [was: Re: Bug#1009385: dns-root-data: FTBFS: root-anchors.ds root.ds differ]
Control: reassign 1009385 libldns3 1.7.1-2.1 Control: retitle 1009385 libldns3 1.7.1-2.1 changes output of ldns-key2ds, causing FTBFS on dns-root-data Control: affects 1009385 + dns-root-data X-Debbugs-Cc: Michael Tokarev Control: tags 1009385 + help Lucas, thanks for flagging this! The build failure below appears to happen when libldns3 1.7.1-2.1 is installed. It does not fail with libldns3 1.7.1-2+b1. The output of ldns-key2ds has changed between these two versions. yikes! Michael, it looks like it was this particular upload for ldns: - ldns (1.7.1-2.1) unstable; urgency=medium * Non-maintainer upload. * add fix-wrong-python-distutils-configure-check.diff to fix the incorrect distutils package check (it should be checking the return code not the emptiness of the output). This fixes FTBFS with new python (3.10) and allows the python3.10 transition to happen, but it is not fixing the actual issiue with ldns using distutils which should be addressed later. Closes: #1008638 -- Michael Tokarev Thu, 07 Apr 2022 16:03:29 +0300 - This doesn't seem like it should be a relevant change to adjust the output of /usr/bin/ldns-key2ds, but it does: here's a narrow transcript that shows what should be a deterministic result varying depending on the version: 0 dkg@alice:~/src/pkg-dns/dns-root-data$ dpkg -l libldns3 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---= ii libldns3:amd64 1.7.1-2+b1 amd64ldns library for DNS programming 0 dkg@alice:~/src/pkg-dns/dns-root-data$ /usr/bin/ldns-key2ds -n -2 root.key . 86400 IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d 0 dkg@alice:~/src/pkg-dns/dns-root-data$ dpkg -l libldns3 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---= ii libldns3:amd64 1.7.1-2.1amd64ldns library for DNS programming 0 dkg@alice:~/src/pkg-dns/dns-root-data$ /usr/bin/ldns-key2ds -n -2 root.key . 86400 IN DS 20326 8 2 0ae721f59a19244008217c3d2a646183acef2f17cf4c30929a3f29d09311c05e 0 dkg@alice:~/src/pkg-dns/dns-root-data$ Any idea what's happened here? --dkg On Tue 2022-04-12 20:38:47 +0200, Lucas Nussbaum wrote: > Source: dns-root-data > Version: 2021011101 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20220412 ftbfs-bookworm > > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. > > > Relevant part (hopefully): >> make[1]: Entering directory '/<>' >> # Verify root-anchors.xml using OpenSSL >> openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content >> root-anchors.xml >> Verification successful >> >> > source="http://data.iana.org/root-anchors/root-anchors.xml;> >> . >> > validUntil="2019-01-11T00:00:00+00:00"> >> 19036 >> 8 >> 2 >> 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 >> >> >> 20326 >> 8 >> 2 >> E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D >> >> >> # Verify root.hints >> gpgv --keyring /<>/registry-admin.key >> /<>/root.hints.sig /<>/root.hints >> gpgv: Signature made Mon Jan 11 15:55:50 2021 UTC >> gpgv:using DSA key 937BB869E3A238C5 >> gpgv: Good signature from "Registry Administrator " >> # Create key from validated root-anchors.xml >> ./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds >> Digest 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 >> expired on 2019-01-11T00:00:00+00:00 >> # Create key from downloaded root.key >> /usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' >> ' | sort -k 4 -n > root.ds >> # Compare the DS from root.key and from root-anchors.xml >> diff -u root-anchors.ds root.ds >> --- root-anchors.ds 2022-04-12 16:59:11.126351522 + >> +++ root.ds 2022-04-12 16:59:11.130351536 + >> @@ -1 +1 @@ >> -. IN DS 20326 8 2 >> e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d >> +. IN DS 20326 8 2 >> 0ae721f59a19244008217c3d2a646183acef2f17cf4c30929a3f29d09311c05e >> make[1]: *** [debian/rules:23: override_dh_auto_build] Error 1 > > > The full build log is available from: > http://qa-logs.debian.net/2022/04/12/dns-root-data_2021011101_unstable.log > > All bugs filed during this archive rebuild are listed at: > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20220412;users=lu...@debian.org > or: >