Re: autoreconf --force not forcing (was Re: Validating tarballs against git repositories)
On Tue, Apr 02, 2024 at 08:20:31PM +0300, Adrian Bunk wrote: > On Tue, Apr 02, 2024 at 06:05:22PM +0100, Colin Watson wrote: > > On Tue, Apr 02, 2024 at 06:57:20PM +0300, Adrian Bunk wrote: > > > Does gnulib upstream support upgrading/downgrading the gnulib m4 files > > > (like the one used in the xz backdoor) without upgrading/downgrading > > > the corresponding gnulib C files? > > > > Yes, although it takes a bit of effort. You can use the --local-dir > > option of gnulib-tool, which allows overriding individual Gnulib files > > or modules or applying patches to Gnulib files; or you can define a > > bootstrap_post_import_hook function in bootstrap.conf and do whatever > > you want there. > > I had the impression that what Guillem has in mind is more towards > adding dependencies on packages like gnulib and autoconf-archive > to dh-autoreconf, which would then blindly overwrite all m4 files > where a copy (same or older or newer) exists on the build system. Oh, I see what you mean now. IMO it would be a mistake to attempt to do this in such a way that it upgraded only the m4 files and not the C files. Changes made to gnulib modules (which typically consist of some m4, some C, and some metadata) often touch both m4 and C at once; it seems unwise to try to arbitrarily split those up. -- Colin Watson (he/him) [cjwat...@debian.org]
Re: autoreconf --force not forcing (was Re: Validating tarballs against git repositories)
On Tue, Apr 02, 2024 at 06:05:22PM +0100, Colin Watson wrote: > On Tue, Apr 02, 2024 at 06:57:20PM +0300, Adrian Bunk wrote: > > On Mon, Apr 01, 2024 at 08:07:27PM +0200, Guillem Jover wrote: > > > On Sat, 2024-03-30 at 14:16:21 +0100, Guillem Jover wrote: > > > > This seems like a serious bug in autoreconf, but I've not checked if > > > > this has been brought up upstream, and whether they consider it's > > > > working as intended. I expect the serial to be used only when not > > > > in --force mode though. :/ > > >... > > > We might have to perform a mass rebuild to check if there could be > > > fallout out of a true --force behavior change I guess. > > > > Does gnulib upstream support upgrading/downgrading the gnulib m4 files > > (like the one used in the xz backdoor) without upgrading/downgrading > > the corresponding gnulib C files? > > Yes, although it takes a bit of effort. You can use the --local-dir > option of gnulib-tool, which allows overriding individual Gnulib files > or modules or applying patches to Gnulib files; or you can define a > bootstrap_post_import_hook function in bootstrap.conf and do whatever > you want there. I had the impression that what Guillem has in mind is more towards adding dependencies on packages like gnulib and autoconf-archive to dh-autoreconf, which would then blindly overwrite all m4 files where a copy (same or older or newer) exists on the build system. cu Adrian
Re: autoreconf --force not forcing (was Re: Validating tarballs against git repositories)
On Tue, Apr 02, 2024 at 06:57:20PM +0300, Adrian Bunk wrote: > On Mon, Apr 01, 2024 at 08:07:27PM +0200, Guillem Jover wrote: > > On Sat, 2024-03-30 at 14:16:21 +0100, Guillem Jover wrote: > > > This seems like a serious bug in autoreconf, but I've not checked if > > > this has been brought up upstream, and whether they consider it's > > > working as intended. I expect the serial to be used only when not > > > in --force mode though. :/ > >... > > We might have to perform a mass rebuild to check if there could be > > fallout out of a true --force behavior change I guess. > > Does gnulib upstream support upgrading/downgrading the gnulib m4 files > (like the one used in the xz backdoor) without upgrading/downgrading > the corresponding gnulib C files? Yes, although it takes a bit of effort. You can use the --local-dir option of gnulib-tool, which allows overriding individual Gnulib files or modules or applying patches to Gnulib files; or you can define a bootstrap_post_import_hook function in bootstrap.conf and do whatever you want there. -- Colin Watson (he/him) [cjwat...@debian.org]
Re: autoreconf --force not forcing (was Re: Validating tarballs against git repositories)
On Mon, Apr 01, 2024 at 08:07:27PM +0200, Guillem Jover wrote: >... > On Sat, 2024-03-30 at 14:16:21 +0100, Guillem Jover wrote: >... > > This seems like a serious bug in autoreconf, but I've not checked if > > this has been brought up upstream, and whether they consider it's > > working as intended. I expect the serial to be used only when not > > in --force mode though. :/ >... > We might have to perform a mass rebuild to check if there could be > fallout out of a true --force behavior change I guess. Does gnulib upstream support upgrading/downgrading the gnulib m4 files (like the one used in the xz backdoor) without upgrading/downgrading the corresponding gnulib C files? > Thanks, > Guillem cu Adrian