Re: /usr-move: Do we support upgrades without apt?

[Antonio Terceiro]

On Thu, Dec 21, 2023 at 10:41:57AM +0100, Helmut Grohne wrote:
> ## Upgrading using dpkg directly?
> 
> We already have quite a number of packages that use Conflicts to prevent
> file loss in upgrades in a very similar way to #1058937 (Ben's
> libnfsidmap1 bug) even in released versions of Debian. For instance,
> dhcpcd-base's Replaces were upgraded to Conflicts, see #1053657. If you
> employ dpkg, you can still experience the problem there.
> 
> Is it ok to call upgrade scenarios failures that cannot be reproduced
> using apt unsupported until we no longer deal with aliasing?

I think so, yes. I don't think it's likely that there are people doing
upgrades on running systems not using apt.

If there are, they already need to deal with doing the dpkg calls in the
right order anyway -- basically doing the apt dependency resolution by
hand -- that this is just another corner case that they need to handle;
there could be already Conflicts in there for other reasons than
/usr-merge.


signature.asc
Description: PGP signature

Bug#1051302: bookworm-pu: package jekyll/4.3.1+dfsg-3+deb12u1

[Antonio Terceiro]

On Sat, Sep 23, 2023 at 08:32:43PM +0100, Adam D. Barratt wrote:
> Control: tags -1 confirmed
> 
> This update fixes processing user configuration that used YAML
> > aliases.
> > 
> > [ Impact ]
> > User configuration with YAML aliases will cause jekyll to crash while
> > parsing it, and therefore jekyll will not work at all.
> > 
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#1051302: bookworm-pu: package jekyll/4.3.1+dfsg-3+deb12u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: jek...@packages.debian.org
Control: affects -1 + src:jekyll

[ Reason ]
This update fixes processing user configuration that used YAML aliases.

[ Impact ]
User configuration with YAML aliases will cause jekyll to crash while
parsing it, and therefore jekyll will not work at all.

[ Tests ]
The change is trivial, and is already present in testing.

[ Risks ]
No risks.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The only change is passing an extra parameter to Psych.safe_load,
telling it to allow aliases in the YAML data.

[ Other info ]
n/a
diff --git a/debian/changelog b/debian/changelog
index b91ea6e..7ba5630 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+jekyll (4.3.1+dfsg-3+deb12u1) bookworm; urgency=medium
+
+  [ Sébastien Villemot ]
+  * Allow YAML aliases (Closes: #1050867)
+
+ -- Antonio Terceiro   Tue, 05 Sep 2023 19:37:14 -0300
+
 jekyll (4.3.1+dfsg-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/0016-Drop-usage-of-safe_yaml.patch b/debian/patches/0016-Drop-usage-of-safe_yaml.patch
index 90aa06e..6caae5d 100644
--- a/debian/patches/0016-Drop-usage-of-safe_yaml.patch
+++ b/debian/patches/0016-Drop-usage-of-safe_yaml.patch
@@ -1,6 +1,9 @@
 From: Antonio Terceiro 
 Date: Sat, 21 Jan 2023 23:25:30 -0300
 Subject: Drop usage of safe_yaml
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
 
 Squashed commit of the following:
 
@@ -22,6 +25,12 @@ Date:   Thu Aug 19 13:42:39 2021 -0300
 
 Use Psych as YAML parser
 
+commit 5afe0f5acbc4cb9880bd2c752f45f39ba4f62835
+Author: Sébastien Villemot 
+Date: Wed, 30 Aug 2023 11:35:36 -0300
+
+Enable YAML aliases
+
 Source: https://github.com/jekyll/jekyll/pull/8772
 Additional changes:
   - Also make the replacement of SafeYAML in lib/jekyll/commands/serve.rb
@@ -193,7 +202,7 @@ index d6c5a0b..3757e04 100644
  
Jekyll.logger.info "Theme Config file:", theme_config_file
 diff --git a/lib/jekyll/utils.rb b/lib/jekyll/utils.rb
-index 2a96527..0dfe2ec 100644
+index 2a96527..252541f 100644
 --- a/lib/jekyll/utils.rb
 +++ b/lib/jekyll/utils.rb
 @@ -316,6 +316,20 @@ module Jekyll
@@ -202,7 +211,7 @@ index 2a96527..0dfe2ec 100644
  
 +# Safely load YAML strings
 +def safe_load_yaml(yaml)
-+  Psych.safe_load(yaml, :permitted_classes => [Date, Time])
++  Psych.safe_load(yaml, :permitted_classes => [Date, Time], aliases: true)
 +rescue ArgumentError
 +  # Psych versions < 3.1 had a different safe_load API and used
 +  # problematic language.


signature.asc
Description: PGP signature

Re: Bug#1050256: autopkgtest fails on debci

[Antonio Terceiro]

On Fri, Sep 01, 2023 at 11:13:11PM +, Mathias Gibbens wrote:
> Control: block 1038315 by -1
> Control: block 1042880 by -1
> 
>   I don't think we have a good understanding of the root cause of this
> issue. Initially we thought this was a known upstream issue with all-
> but very recent versions of apparmor and a corresponding lxc profile
> fix [0]. However, it appears this is a different issue that somehow
> depends on the interaction of bookworm's versions of the kernel,
> apparmor, and/or lxc.
> 
>   A minimal reproducer is to install bookworm and create a container
> with a systemd service using a hardening option like
> PrivateNetwork=yes. With the latest bookworm kernel (6.1.38-4), the
> service will fail. But, grab a kernel from testing (6.4.11-1) and then
> things work -- with no other changes required. I tried the "oldest"
> kernel on snapshot.d.o post 6.1 series (6.3.1+1~exp1 [1]) and the
> service works properly with that version as well. So, something changed
> in the kernel (either upstream or in Debian's packaging) between 6.1
> and 6.3 that "unbreaks" services within lxc containers.
> 
>   Given that simply installing a newer kernel fixes things, I am
> hesitant to start making changes to lxc until we actually understand
> what's changed when running the newer kernel and how it's affecting
> lxc's behavior.

Thanks for the investigation. This led to think of something that would
work around this issue, but maybe has bigger consequences.

I'm wondering whether we should, as a policy, run backports kernels on
the ci.debian.net workers. Given the most important use case is testing
testing¹, having a kernel that is closest to the one in testing might
make sense.

¹ pun intended

Of course, this does not prevents having QEMU workers, and I want to
provide that at some point. But since we won't be able to have QEMU for
all architectures, anyway, I still think running backports kernels in
the lxc workers might be a valid strategy.


signature.asc
Description: PGP signature

Bug#1034497: unblock: jekyll/4.3.1+dfsg-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: jek...@packages.debian.org
Control: affects -1 + src:jekyll

Please unblock package jekyll

[ Reason ]
Fix for test failure on some timezones

[ Impact ]
This has no effect on end users

[ Tests ]
All tests pass both during build and under autopkgtest

[ Risks ]
Trivial change

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
n/a

unblock jekyll/4.3.1+dfsg-2
diff --git a/debian/changelog b/debian/changelog
index dbecdf8..b91ea6e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+jekyll (4.3.1+dfsg-2) unstable; urgency=medium
+
+  * Team upload
+  * debian/ruby-tests.rake: always run tests under TZ=UTC (Closes: #1034450)
+
+ -- Antonio Terceiro   Sun, 16 Apr 2023 18:35:56 -0300
+
 jekyll (4.3.1+dfsg-1) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/ruby-tests.rake b/debian/ruby-tests.rake
index e926490..26eeaf2 100644
--- a/debian/ruby-tests.rake
+++ b/debian/ruby-tests.rake
@@ -8,6 +8,8 @@ exclude = %w[
   test/test_win_tz.rb
 ]
 
+ENV["TZ"] = "UTC"
+
 Gem2Deb::Rake::TestTask.new(:test) do |t|
   t.libs << 'lib' << 'test'
   if ENV['AUTOPKGTEST_TEST_NEW_COMMAND']


signature.asc
Description: PGP signature

Bug#1033573: unblock: ruby3.1/3.1.2-7

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby...@packages.debian.org
Control: affects -1 + src:ruby3.1

Please unblock package ruby3.1

[ Reason ]
This release updates the openssl bindings, fixing a few regressions that
have been identified.

[ Impact ]
Without these changes, at least gitlab doesn't work correctly.

[ Tests ]
I had uploaded this to experimental some time ago, and the pseudo
excuses against unstable showed no regressions.

[ Risks ]
The changes are contained to the implementatin of a few openssl methods.
I think the risk is low. I had also tried updating to the new upstream
release 3.1.3, which includes this change, but thought that contained
too many non-critical changes.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I'm also attaching the actual patch included in this upload as it is
easier to read than the diff-in-diff in the debdiff.

unblock ruby3.1/3.1.2-7
diff --git a/debian/changelog b/debian/changelog
index c6bd035fc..54e474d21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+ruby3.1 (3.1.2-7) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Antonio Terceiro   Sat, 25 Mar 2023 14:20:34 -0300
+
+ruby3.1 (3.1.2-7~exp) experimental; urgency=medium
+
+  * Update openssl extension to to 3.0.1 (Closes: #1032070)
+
+ -- Antonio Terceiro   Sun, 05 Mar 2023 17:13:36 -0300
+
 ruby3.1 (3.1.2-6) unstable; urgency=medium
 
   * Add missing dependencies for pkg-config test
diff --git a/debian/patches/openssl-3.0.1.patch b/debian/patches/openssl-3.0.1.patch
new file mode 100644
index 0..0762cb65e
--- /dev/null
+++ b/debian/patches/openssl-3.0.1.patch
@@ -0,0 +1,495 @@
+From: Antonio Terceiro 
+Date: Sun, 5 Mar 2023 17:09:05 -0300
+Subject: openssl 3.0.1
+
+This is a combination of several patches for openssl extension that fix
+bugs in its version 3.0.0.
+
+Forwarded: not-needed
+---
+ ext/openssl/History.md | 40 +
+ ext/openssl/extconf.rb |  5 +++--
+ ext/openssl/lib/openssl/pkey.rb|  8 +++
+ ext/openssl/lib/openssl/version.rb |  2 +-
+ ext/openssl/openssl.gemspec|  2 +-
+ ext/openssl/ossl_hmac.c|  8 +++
+ ext/openssl/ossl_pkey.c| 46 +++---
+ ext/openssl/ossl_pkey_ec.c |  4 
+ ext/openssl/ossl_x509cert.c|  6 ++---
+ ext/openssl/ossl_x509crl.c |  6 ++---
+ ext/openssl/ossl_x509req.c |  6 ++---
+ ext/openssl/ossl_x509revoked.c |  6 ++---
+ test/openssl/test_hmac.rb  |  8 +++
+ test/openssl/test_pkey_dsa.rb  | 19 
+ test/openssl/test_pkey_ec.rb   | 25 +
+ test/openssl/test_pkey_rsa.rb  |  5 +
+ test/openssl/test_ssl.rb   |  6 +
+ 17 files changed, 183 insertions(+), 19 deletions(-)
+
+diff --git a/ext/openssl/History.md b/ext/openssl/History.md
+index 479ec3b..a4f6bd7 100644
+--- a/ext/openssl/History.md
 b/ext/openssl/History.md
+@@ -1,3 +1,27 @@
++Version 3.0.1
++=
++
++Merged changes in 2.1.4 and 2.2.2. Additionally, the following issues are fixed
++by this release.
++
++Bug fixes
++-
++
++* Add missing type check in OpenSSL::PKey::PKey#sign's optional parameters.
++  [[GitHub #531]](https://github.com/ruby/openssl/pull/531)
++* Work around OpenSSL 3.0's HMAC issues with a zero-length key.
++  [[GitHub #538]](https://github.com/ruby/openssl/pull/538)
++* Fix a regression in OpenSSL::PKey::DSA.generate's default of 'q' size.
++  [[GitHub #483]](https://github.com/ruby/openssl/issues/483)
++  [[GitHub #539]](https://github.com/ruby/openssl/pull/539)
++* Restore OpenSSL::PKey.read's ability to decode "openssl ecparam -genkey"
++  output when linked against OpenSSL 3.0.
++  [[GitHub #535]](https://github.com/ruby/openssl/pull/535)
++  [[GitHub #540]](https://github.com/ruby/openssl/pull/540)
++* Restore error checks in OpenSSL::PKey::EC#{to_der,to_pem}.
++  [[GitHub #541]](https://github.com/ruby/openssl/pull/541)
++
++
+ Version 3.0.0
+ =
+ 
+@@ -100,6 +124,12 @@ Notable changes
+ [[GitHub #342]](https://github.com/ruby/openssl/issues/342)
+ 
+ 
++Version 2.2.2
++=
++
++Merged changes in 2.1.4.
++
++
+ Version 2.2.1
+ =
+ 
+@@ -194,6 +224,16 @@ Notable changes
+   [[GitHub #297]](https://github.com/ruby/openssl/pull/297)
+ 
+ 
++Version 2.1.4
++=
++
++Bug fixes
++-
++
++* Do not use pkg-config if --with-openssl-dir option is specified.
++ [[GitHub #486]](https://github.com/ruby/openssl/pull/486)
++
++
+ Version 2.1.3
+ =
+ 
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index fedcb93..d2d7893 100644
+--- a/ext/openssl/extconf.rb
 b/ext/openssl/extconf.rb
+@@ -13,7 +13,7 @@
+ 

Bug#1030987: bullseye-pu: package vagrant/2.2.14+dfsg-2

[Antonio Terceiro]

On Sun, Feb 19, 2023 at 06:54:45PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2023-02-10 at 09:58 +0100, Antonio Terceiro wrote:
> > Since VirtualBox is not in stable, people will install it either from
> > upstream, and from Fasttrack (https://fasttrack.debian.net/). When a
> > new
> > version of VirtualBox comes out, vagrant needs change to work with
> > it.
> > 
> > [ Impact ]
> > stable users can't use vagrant with the latest VirtualBox (7.0).
> > 
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#1030987: bullseye-pu: package vagrant/2.2.14+dfsg-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: vagr...@packages.debian.org
Control: affects -1 + src:vagrant

[ Reason ]
Since VirtualBox is not in stable, people will install it either from
upstream, and from Fasttrack (https://fasttrack.debian.net/). When a new
version of VirtualBox comes out, vagrant needs change to work with it.

[ Impact ]
stable users can't use vagrant with the latest VirtualBox (7.0).

[ Tests ]
The full testsuite passes, plus I got one real user to test on theur
system and confirm it works for them.

[ Risks ]
This is a direct cherry pick, with only 1 line change, from the upstream
patch that added VirtualBox 7.0 support. I don't see significant risk.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

I also attached the actual patch so it's easier to read than the
diff-in-diff in the debdiff.

[ Changes ]
The patch adds a new driver for VirtualBox 7.0, plus unit tests for it.

[ Other info ]
n/a
diff --git a/debian/changelog b/debian/changelog
index fc3cfcf..a28263d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vagrant (2.2.14+dfsg-2) bullseye; urgency=medium
+
+  * Add support for VirtualBox 7.0 (Closes: #1026227)
+
+ -- Antonio Terceiro   Tue, 07 Feb 2023 10:33:52 +0100
+
 vagrant (2.2.14+dfsg-1) unstable; urgency=medium
 
   * New upstream version 2.2.14+dfsg
diff --git a/debian/patches/0007-Add-support-for-VirtualBox-7.0.patch b/debian/patches/0007-Add-support-for-VirtualBox-7.0.patch
new file mode 100644
index 000..431a3b5
--- /dev/null
+++ b/debian/patches/0007-Add-support-for-VirtualBox-7.0.patch
@@ -0,0 +1,264 @@
+From: Chris Roberts 
+Date: Fri, 14 Oct 2022 10:44:49 -0700
+Subject: Add support for VirtualBox 7.0
+
+Signed-off-by: Antonio Terceiro 
+Changes from the original patch:
+
+- replace `require "rexml"` with `require "rexml/document"` to work with with
+  the rexml shipped with Ruby 2.7
+
+---
+ lib/vagrant/errors.rb  |   4 +
+ plugins/providers/virtualbox/driver/meta.rb|   1 +
+ plugins/providers/virtualbox/driver/version_7_0.rb |  67 +
+ plugins/providers/virtualbox/plugin.rb |   1 +
+ templates/locales/en.yml   |   5 +
+ .../virtualbox/driver/version_7_0_test.rb  | 109 +
+ 6 files changed, 187 insertions(+)
+ create mode 100644 plugins/providers/virtualbox/driver/version_7_0.rb
+ create mode 100644 test/unit/plugins/providers/virtualbox/driver/version_7_0_test.rb
+
+diff --git a/lib/vagrant/errors.rb b/lib/vagrant/errors.rb
+index 782615b..4329d29 100644
+--- a/lib/vagrant/errors.rb
 b/lib/vagrant/errors.rb
+@@ -940,6 +940,10 @@ module Vagrant
+   error_key(:virtualbox_broken_version_040214)
+ end
+ 
++class VirtualBoxConfigNotFound < VagrantError
++  error_key(:virtualbox_config_not_found)
++end
++
+ class VirtualBoxDisksDefinedExceedLimit < VagrantError
+   error_key(:virtualbox_disks_defined_exceed_limit)
+ end
+diff --git a/plugins/providers/virtualbox/driver/meta.rb b/plugins/providers/virtualbox/driver/meta.rb
+index c3be8c8..04c130c 100644
+--- a/plugins/providers/virtualbox/driver/meta.rb
 b/plugins/providers/virtualbox/driver/meta.rb
+@@ -65,6 +65,7 @@ module VagrantPlugins
+ "5.2" => Version_5_2,
+ "6.0" => Version_6_0,
+ "6.1" => Version_6_1,
++"7.0" => Version_7_0,
+   }
+ 
+   if @@version.start_with?("4.2.14")
+diff --git a/plugins/providers/virtualbox/driver/version_7_0.rb b/plugins/providers/virtualbox/driver/version_7_0.rb
+new file mode 100644
+index 000..d94e66b
+--- /dev/null
 b/plugins/providers/virtualbox/driver/version_7_0.rb
+@@ -0,0 +1,67 @@
++require "rexml/document"
++require File.expand_path("../version_6_1", __FILE__)
++
++module VagrantPlugins
++  module ProviderVirtualBox
++module Driver
++  # Driver for VirtualBox 7.0.x
++  class Version_7_0 < Version_6_1
++def initialize(uuid)
++  super
++
++  @logger = Log4r::Logger.new("vagrant::provider::virtualbox_7_0")
++end
++
++# The initial VirtualBox 7.0 release has an issue with displaying port
++# forward information. When a single port forward is defined, the forwarding
++# information can be found in the `showvminfo` output. Once more than a
++# single port forward is defined, no forwarding information is provided
++# in the `showvminfo` output. To work around this we grab the VM configuration
++# file from the `showvminfo` output and extract the port forward informa

Bug#1029728: bullseye-pu: package passenger/5.0.30-1.2+deb11u1

[Antonio Terceiro]

On Sat, Feb 04, 2023 at 06:19:57PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2023-01-26 at 16:40 -0300, Antonio Terceiro wrote:
> > This updates makes it possible for users to use NodeJS binaries newer
> > than the ones provided in bullseye.
> > 
> > [ Impact ]
> > Users using a NodeJS version can't get passenger to work because it
> > fails to start due to use of an invalid global variable.
> > 
> 
> For some reason this bug never made it to debian-release.
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Re: Shim and secure boot status, leading up to bookworm

[Antonio Terceiro]

On Wed, Jan 25, 2023 at 06:11:45PM +, Steve McIntyre wrote:
> Hey all!
> 
> Here's a status update and plans for SB and shim. If any of this is
> unclear or you have doubts, please say!
> 
> We currently have *signed* shim *15.4* packages in the archive, for
> all of buster, bullseye, bookworm and sid. That works OK at the
> moment, but is getting old (July 2021) and needs updating soonish.
> 
> I uploaded shim *15.6* in July 2022 and we attempted to get that
> signed too. Reviews were positive, but due to process problems around
> Microsoft uploads and then a long delay on getting a needed EV
> certificate renewed we never managed to get that signed. :-(
> 
> The MS and cert issues are now both resolved, and I'm now working on a
> shim *15.7* upload. There's a little more work and testing to do, but
> I'm not far off. Yay?

Have the issues with arm64 been fixed? Will this release provide a
signed arm64 shim?


signature.asc
Description: PGP signature

Bug#1029632: unblock: ruby3.1/3.1.2-5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby...@packages.debian.org
Control: affects -1 + src:ruby3.1

Please unblock package ruby3.1

This is a trivial bug fix, and even though there is no real block hint
in place, this bug report is to save you the time from wondering about
the changes.

[ Reason ]
3.1.2-4 had a regression. ./configure was being about an explicit
pkg-config binary, but pkg-config was not a build dependency. So
the pkg-config binary was not really there, so ./configure set the
corresponding configuration variable to an empty string making the
pkg-config bindings in mkmf.rb not really work.

[ Impact ]
This makes some packages fail to build from source, namely ruby-augeas
and ruby-libvirt.

[ Tests ]
An autopkgtest to catch similar issues in the future has been added, and
it passes while it failed with 3.1.2.4.

[ Risks ]
None.

[ Checklist ]
  [✓] all changes are documented in the d/changelog
  [✓] I reviewed all changes and I approve them
  [✓] attach debdiff against the package in testing

[ Other info ]
n/a

unblock ruby3.1/3.1.2-5
diff --git a/debian/changelog b/debian/changelog
index 59fe6c8a1..8e43cb693 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+ruby3.1 (3.1.2-5) unstable; urgency=medium
+
+  * Add autopkgtest to test pkg_config
+  * Add build dependency on pkg-config from pkgconf.
+The absence of this build dependency made the check for whether
+pkg-config works fail (because it was not there) at the ./configure
+stage, making RbConfig::CONFIG["PKG_CONFIG"] empty, and therefore broke
+the usage of pkg_config() in extconf.rb scripts.
+This was noticed by Lucas Kanashiro (thanks!) in Ubuntu while rebuilding
+all Ruby packages to add ruby3.1 support, where ruby-augeas and
+ruby-libvirt failed to build.
+
+ -- Antonio Terceiro   Wed, 25 Jan 2023 14:46:18 -0300
+
 ruby3.1 (3.1.2-4) unstable; urgency=medium
 
   * Replace cross pkg-config patch with patches applied upstream
diff --git a/debian/control b/debian/control
index 2d6602a40..9802975c0 100644
--- a/debian/control
+++ b/debian/control
@@ -19,6 +19,7 @@ Build-Depends: bison,
libyaml-dev,
netbase ,
openssl ,
+   pkg-config (>= 1.8.0-7~),
procps ,
ruby3.1:native ,
rubygems-integration (>= 1.6) ,
diff --git a/debian/tests/control b/debian/tests/control
index 2b0bab840..bd3c7127a 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,3 +1,3 @@
-Tests: run-all bundled-gems builtin-extensions rubyconfig
-Depends: @
+Tests: run-all bundled-gems builtin-extensions rubyconfig pkg-config
+Depends: @, libffi-dev
 Restrictions: allow-stderr
diff --git a/debian/tests/pkg-config b/debian/tests/pkg-config
new file mode 100755
index 0..ce2bd6e23
--- /dev/null
+++ b/debian/tests/pkg-config
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -eu
+
+ruby="${1:-ruby3.1}"
+cd "${AUTOPKGTEST_TMP:-/tmp}"
+
+set -x
+$ruby -rmkmf -e 'pkg_config("libffi") or raise "pkg_config does not work"'


signature.asc
Description: PGP signature

Bug#1026890: transition: ruby3.0-rm

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: ruby-defau...@packages.debian.org
Control: affects -1 + src:ruby-defaults

Please create a tracker for removing ruby3.0 as a supported version.

Ben file (based on ruby2.7-rm from the transition-data repository):

title = "ruby3.0-rm";
is_affected = (.depends ~ "ruby3.0" | .depends ~ "libruby3.0") & !.source ~ 
/^(ruby3.0)$/;
is_good = false;
is_bad = .depends ~ "ruby3.0" | .depends ~ "libruby3.0";


signature.asc
Description: PGP signature

Bug#1023495: transition: ruby3.1

[Antonio Terceiro]

On Wed, Nov 23, 2022 at 05:35:18PM +0100, Sebastian Ramacher wrote:
> Hi Antonio
> 
> On 2022-11-23 13:13:37 -0300, Antonio Terceiro wrote:
> > On Tue, Nov 22, 2022 at 11:00:57PM +0100, Sebastian Ramacher wrote:
> > > On 2022-11-22 21:53:31 +0100, Paul Gevers wrote:
> > > > Hi Lucas,
> > > > 
> > > > On 22-11-2022 17:03, Lucas Kanashiro wrote:
> > > > > After discussing with Antonio, since our deadline to finish the
> > > > > transition is approaching, we decided to already enable ruby3.1 as the
> > > > > default and remove ruby3.0 in a single step.
> > > > 
> > > > I may be remembering wrong (it's a bit late), but isn't the change of 
> > > > the
> > > > default a forward rebuild, while removal is a backward rebuild (I mean 
> > > > in
> > > > the dependency tree)? If that's true, I think doing it in two steps is
> > > > easier to manage, as packages can then migrate on their own and don't 
> > > > need a
> > > > lock step migration.
> > > 
> > > That's correct. I'd prefer to handle this with two trackers.
> > 
> > Fair enough. I will update ruby-defaults accordingly. Is it OK for us to
> > start the transition in unstable?
> 
> I'd like protobuf to migrate first which is currently doing its own
> transition. Afer that, we can go ahead with the switch to 3.1 as
> default.

protobuf migrate a few days ago, so I just uploaded ruby-defaults.
Please binNMU these packages:

epic5
graphviz
ignition-math
kamailio
klayout
kross-interpreters
libprelude
marisa
ngraph-gtk
notmuch
obexftp
redland-bindings
subtle
subversion
vim-command-t
weechat
xapian-bindings


signature.asc
Description: PGP signature

Bug#1023495: transition: ruby3.1

[Antonio Terceiro]

On Tue, Nov 22, 2022 at 11:00:57PM +0100, Sebastian Ramacher wrote:
> On 2022-11-22 21:53:31 +0100, Paul Gevers wrote:
> > Hi Lucas,
> > 
> > On 22-11-2022 17:03, Lucas Kanashiro wrote:
> > > After discussing with Antonio, since our deadline to finish the
> > > transition is approaching, we decided to already enable ruby3.1 as the
> > > default and remove ruby3.0 in a single step.
> > 
> > I may be remembering wrong (it's a bit late), but isn't the change of the
> > default a forward rebuild, while removal is a backward rebuild (I mean in
> > the dependency tree)? If that's true, I think doing it in two steps is
> > easier to manage, as packages can then migrate on their own and don't need a
> > lock step migration.
> 
> That's correct. I'd prefer to handle this with two trackers.

Fair enough. I will update ruby-defaults accordingly. Is it OK for us to
start the transition in unstable?


signature.asc
Description: PGP signature

Bug#1023495: transition: ruby3.1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi, I would like to plan the ruby 3.1 transition. As soon as we have the
tracker I will perform all the test rebuilds necessary and report any
bugs.

Ben file:

title = "ruby3.1 as default";
is_affected = (.depends ~ /ruby3.0/ | .depends ~ /ruby3.1/) & !.source ~ 
/^(ruby3.0|ruby3.1|ruby-defaults)$/;
is_good = .depends ~ "ruby3.1" | .depends ~ "libruby3.1" | ! (.depends ~ 
"ruby3.0" | .depends ~ "libruby3.0");
is_bad = ! (.depends ~ "ruby3.1" | .depends ~ "libruby3.1") & (.depends ~ 
"ruby3.0" | .depends ~ "libruby3.0");


signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

Hi,

please binNMU:

puma
thin
ruby-bootsnap

These failed to build before, but that was probably due to something
else down the stack. All three build fine in unstable at the moment.

The only missing piece is ruby-mysql2, which I will work on next.


signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

On Tue, Sep 20, 2022 at 09:04:11AM -0300, Antonio Terceiro wrote:
> On Mon, Sep 19, 2022 at 09:07:50AM +0200, Sebastian Ramacher wrote:
> > Control: tags -1 = confirmed
> > 
> > On 2022-09-12 15:28:38 -0300, Antonio Terceiro wrote:
> > > Hi,
> > > 
> > > On Sun, Jul 17, 2022 at 02:08:14PM -0300, Lucas Kanashiro wrote:
> > > > Package: release.debian.org
> > > > Severity: normal
> > > > User: release.debian@packages.debian.org
> > > > Usertags: transition
> > > > Tags: moreinfo
> > > > 
> > > > Hi,
> > > > 
> > > > We would like to add support for ruby3.1 in ruby-defaults in unstable
> > > > soon. The ben file was already added to the transition tracker as
> > > > planned by elbrus.
> > > 
> > > I would like to start this transition, by uploading ruby-defaults
> > > enabling building against ruby3.1 to unstable. All the packages listed
> > > in the transition page build correctly, except a few ones. They all have
> > > bugs reported, and I just raised their severity to serious:
> > 
> > Please go ahead
> 
> Just uploaded. I have a few notes to the list of binNMUs below.

Thanks for the initial round of binNMUs. I'm going through the failures
and either fixing them or reporting bugs.

Please update the transition tracker with the attached patch.
From 45cd37e15c3e478e979dada18a7a5d8fe2dfeaab Mon Sep 17 00:00:00 2001
From: Antonio Terceiro 
Date: Thu, 22 Sep 2022 18:59:16 -0300
Subject: [PATCH] ruby3.1-add: ignore new package that builds only for the
 default ruby

---
 ongoing/ruby3.1-add.ben | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ongoing/ruby3.1-add.ben b/ongoing/ruby3.1-add.ben
index 5cf29c4..4eeb7a3 100644
--- a/ongoing/ruby3.1-add.ben
+++ b/ongoing/ruby3.1-add.ben
@@ -1,5 +1,5 @@
 title = "ruby3.1-add";
-is_affected = (.depends ~ /ruby3.0/ | .depends ~ /ruby3.1/) & ! .source ~ /^(ruby3\.0|ruby3\.1|ruby-defaults|dislocker|epic5|graphviz|hivex|kamailio|klayout|kross-interpreters|libprelude|marisa|ngraph-gtk|notmuch|obexftp|redland-bindings|rubyluabridge|ruby-standalone|subtle|subversion|uwsgi|vim-command-t|weechat|robot-testing-framework|treil|vim|nbdkit)$/;
+is_affected = (.depends ~ /ruby3.0/ | .depends ~ /ruby3.1/) & ! .source ~ /^(ruby3\.0|ruby3\.1|ruby-defaults|dislocker|epic5|graphviz|hivex|kamailio|klayout|kross-interpreters|libprelude|marisa|ngraph-gtk|notmuch|obexftp|redland-bindings|rubyluabridge|ruby-standalone|subtle|subversion|uwsgi|vim-command-t|weechat|robot-testing-framework|treil|vim|nbdkit|ignition-math|)$/;
 is_good = .depends ~ /ruby3.1/;
 is_bad = .depends ~ /ruby3.0/ & !.depends ~ /ruby3.1/;
 notes = "#1015207 ";
-- 
2.35.1



signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

On Mon, Sep 19, 2022 at 09:07:50AM +0200, Sebastian Ramacher wrote:
> Control: tags -1 = confirmed
> 
> On 2022-09-12 15:28:38 -0300, Antonio Terceiro wrote:
> > Hi,
> > 
> > On Sun, Jul 17, 2022 at 02:08:14PM -0300, Lucas Kanashiro wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > Tags: moreinfo
> > > 
> > > Hi,
> > > 
> > > We would like to add support for ruby3.1 in ruby-defaults in unstable
> > > soon. The ben file was already added to the transition tracker as
> > > planned by elbrus.
> > 
> > I would like to start this transition, by uploading ruby-defaults
> > enabling building against ruby3.1 to unstable. All the packages listed
> > in the transition page build correctly, except a few ones. They all have
> > bugs reported, and I just raised their severity to serious:
> 
> Please go ahead

Just uploaded. I have a few notes to the list of binNMUs below.

> > level 1
> > ===
> > 
> > libselinux mecab qdbm raspell protobuf remctl ruby-atomic ruby-augeas
> > rrdtool ruby-bcrypt-pbkdf ruby-bcrypt ruby-bindex ruby-bert
> > ruby-binding-ninja ruby-byebug ruby-cairo ruby-character-set ruby-cbor
> > passenger ruby-charlock-holmes ignition-math ruby-concurrent
> > ruby-cool.io ruby-damerau-levenshtein ruby-curses
> > ruby-dataobjects-sqlite3 ruby-debian ruby-dataobjects-postgres ruby-curb
> > ruby-debug-inspector ruby-ed25519 ruby-eb ruby-enumerable-statistics
> > ruby-escape-utils ruby-exif ruby-fast-blank ruby-fast-stemmer
> > ruby-fast-xs ruby-fcgi ruby-eventmachine ruby-ffi-yajl ruby-filesystem
> > ruby-ffi ruby-fusefs ruby-god ruby-gpgme ruby-gd ruby-hiredis
> > ruby-gitlab-pg-query ruby-jaro-winkler ruby-hitimes ruby-json
> > ruby-levenshtein ruby-ldap ruby-liquid-c ruby-libxml ruby-mmap2
> > ruby-murmurhash3 ruby-narray ruby-nfc ruby-ncurses ruby-libvirt
> > ruby-odbc ruby-kgio ruby-nio4r ruby-oily-png ruby-pcaprub ruby-ox
> > ruby-posix-spawn ruby-oj ruby-pg ruby-prometheus-client-mmap
> > ruby-nokogiri ruby-rblineprof ruby-raindrops ruby-rbtree ruby-rdiscount
> > ruby-re2 ruby-redcarpet ruby-regexp-property-values ruby-redcloth
> > ruby-rinku ruby-rpam-ruby19 ruby-rjb ruby-ruby-magic-static ruby-sdbm
> > ruby-rpatricia ruby-sequel-pg ruby-rugged ruby-serialport ruby-shadow
> > ruby-rmagick ruby-sigar ruby-sdl ruby-strptime ruby-termios ruby-thrift
> > ruby-timfel-krb5-auth ruby-uconv ruby-unf-ext ruby-tokyocabinet
> > ruby-tioga ruby-unicode ruby-version-sorter ruby-websocket-driver
> > ruby-vmstat ruby-xmlhash ruby-xmlparser ruby-yajl ruby-zoom stfl spglib
> > unicorn-engine xapian-bindings

Add ruby-prof here, since it was recently fixed.

> > level 2
> > ===
> > 
> > libsemanage ruby-fftw3 ruby-commonmarker ruby-github-linguist
> > ruby-github-markdown ruby-grib ruby-gsl ruby-hamlit ruby-hdfeos5
> > ruby-gnome ruby-http-parser.rb ruby-mpi ruby-msgpack ruby-multibitnums
> > ruby-nokogumbo ruby-password ruby-sqlite3 thin libguestfs ruby-lapack
> > unicorn grpc


Add ruby-bson here, also recently fixed.

Thanks.


signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

Hi,

On Sun, Jul 17, 2022 at 02:08:14PM -0300, Lucas Kanashiro wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> Tags: moreinfo
> 
> Hi,
> 
> We would like to add support for ruby3.1 in ruby-defaults in unstable
> soon. The ben file was already added to the transition tracker as
> planned by elbrus.

I would like to start this transition, by uploading ruby-defaults
enabling building against ruby3.1 to unstable. All the packages listed
in the transition page build correctly, except a few ones. They all have
bugs reported, and I just raised their severity to serious:

https://bugs.debian.org/1015305
https://bugs.debian.org/1015309
https://bugs.debian.org/1015310
https://bugs.debian.org/1015322
https://bugs.debian.org/1015327
https://bugs.debian.org/1015328
https://bugs.debian.org/1015329
https://bugs.debian.org/1015334

The following binNMUs can be done right after the ruby-defaults is
uploaded and built:

level 1
===

libselinux mecab qdbm raspell protobuf remctl ruby-atomic ruby-augeas
rrdtool ruby-bcrypt-pbkdf ruby-bcrypt ruby-bindex ruby-bert
ruby-binding-ninja ruby-byebug ruby-cairo ruby-character-set ruby-cbor
passenger ruby-charlock-holmes ignition-math ruby-concurrent
ruby-cool.io ruby-damerau-levenshtein ruby-curses
ruby-dataobjects-sqlite3 ruby-debian ruby-dataobjects-postgres ruby-curb
ruby-debug-inspector ruby-ed25519 ruby-eb ruby-enumerable-statistics
ruby-escape-utils ruby-exif ruby-fast-blank ruby-fast-stemmer
ruby-fast-xs ruby-fcgi ruby-eventmachine ruby-ffi-yajl ruby-filesystem
ruby-ffi ruby-fusefs ruby-god ruby-gpgme ruby-gd ruby-hiredis
ruby-gitlab-pg-query ruby-jaro-winkler ruby-hitimes ruby-json
ruby-levenshtein ruby-ldap ruby-liquid-c ruby-libxml ruby-mmap2
ruby-murmurhash3 ruby-narray ruby-nfc ruby-ncurses ruby-libvirt
ruby-odbc ruby-kgio ruby-nio4r ruby-oily-png ruby-pcaprub ruby-ox
ruby-posix-spawn ruby-oj ruby-pg ruby-prometheus-client-mmap
ruby-nokogiri ruby-rblineprof ruby-raindrops ruby-rbtree ruby-rdiscount
ruby-re2 ruby-redcarpet ruby-regexp-property-values ruby-redcloth
ruby-rinku ruby-rpam-ruby19 ruby-rjb ruby-ruby-magic-static ruby-sdbm
ruby-rpatricia ruby-sequel-pg ruby-rugged ruby-serialport ruby-shadow
ruby-rmagick ruby-sigar ruby-sdl ruby-strptime ruby-termios ruby-thrift
ruby-timfel-krb5-auth ruby-uconv ruby-unf-ext ruby-tokyocabinet
ruby-tioga ruby-unicode ruby-version-sorter ruby-websocket-driver
ruby-vmstat ruby-xmlhash ruby-xmlparser ruby-yajl ruby-zoom stfl spglib
unicorn-engine xapian-bindings

level 2
===

libsemanage ruby-fftw3 ruby-commonmarker ruby-github-linguist
ruby-github-markdown ruby-grib ruby-gsl ruby-hamlit ruby-hdfeos5
ruby-gnome ruby-http-parser.rb ruby-mpi ruby-msgpack ruby-multibitnums
ruby-nokogumbo ruby-password ruby-sqlite3 thin libguestfs ruby-lapack
unicorn grpc

level 3
===

ruby-bootsnap
ruby-rbtrace

8<8<8<-

There are still bugs to be reported about arch:all packages that FTBFS,
and I will be doing that next.


signature.asc
Description: PGP signature

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

[Antonio Terceiro]

On Fri, Jul 01, 2022 at 07:13:24PM +0100, Adam D. Barratt wrote:
> On Sun, 2022-02-20 at 19:38 -0300, Antonio Terceiro wrote:
> > On Sat, Feb 19, 2022 at 06:53:52PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + confirmed
> > > 
> > > On Thu, 2022-01-27 at 21:32 -0300, Antonio Terceiro wrote:
> > > > This update fixes the download of container images using the
> > > > "download"
> > > > template. pool.sks-keyservers.net is not active anymore, so the
> > > > patch
> > > > (already included in the upstream release present in
> > > > sid/bookworm)
> > > > changes that to keyserver.ubuntu.com.
> > > > 
> > > 
> > > +  * lxc-download: Switch GPG server.
> > > +The default server used to download gpg keys from has ben
> > > deprecated,
> > > 
> > > s/ben/been/
> > > 
> > > Please go ahead.
> > 
> > Uploaded with that typo fixed. Thanks.
> 
> I was just looking through some older p-u bugs, and realised that this
> was still open. Looking further, the package never seems to have made
> it to stable-new.
> 
> I can't find any mention of the upload in the dak logs on ftp-master,
> and all I can see on the upload host is:
> 
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1_source.changes
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1_source.changes
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1.dsc
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1.dsc
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1.debian.tar.xz
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1.debian.tar.xz
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1_source.buildinfo
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1_source.buildinfo

Weird. I do have local logs of it being uploaded. Anyway, I have just
uploaded again.


signature.asc
Description: PGP signature

Bug#1009363: bullseye-pu: package ruby-net-ssh/1:6.1.0-2+deb11u1

[Antonio Terceiro]

On Sat, May 28, 2022 at 08:47:53PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2022-04-12 at 09:40 -0300, Antonio Terceiro wrote:
> > OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm,
> > and
> > that breaks clients that do not support stronger algorithms, which is
> > the case of the ruby-net-ssh version in bullseye.
> > 
> > [ Impact ]
> > Users of vagrant and capistrano, for example, are not able to connect
> > to hosts running OpenSSH 8.8, which includes Debian bookworm but also
> > other distributions where OpenSSH 8.8. is already available.
> > 
> [...]
> > The patches are backports of the relevant upstream patches. The first
> > adds support for client authentication with RSA + SHA-2. The second
> > adds
> > support for RSA+SHA-2 in host keys.
> > 
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#1009363: bullseye-pu: package ruby-net-ssh/1:6.1.0-2+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm, and
that breaks clients that do not support stronger algorithms, which is
the case of the ruby-net-ssh version in bullseye.

[ Impact ]
Users of vagrant and capistrano, for example, are not able to connect
to hosts running OpenSSH 8.8, which includes Debian bookworm but also
other distributions where OpenSSH 8.8. is already available.

[ Tests ]
All the included unit tests, includind the new ones added by the
included patches, pass both during the package build and autopkgtest.

This updates was also tested manually on stable by Lucas Nussbaum (see
#1008541), who confirmed the fix works.

[ Risks ]
I don't see much risk in this update.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The patches are backports of the relevant upstream patches. The first
adds support for client authentication with RSA + SHA-2. The second adds
support for RSA+SHA-2 in host keys.

[ Other info ]
I'm also attaching the patches themselves, because they are easier to
read than the diff-in-diff in the debdiff.
diff --git a/debian/changelog b/debian/changelog
index a1f8837f..763e6086 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-net-ssh (1:6.1.0-2+deb11u1) bullseye; urgency=medium
+
+  * Backport upstream patches to fix authentication against hosts using
+OpenSSH 8.8, including but not limited to Debian bookworm
+(Closes: #1009155, #1008541)
+
+ -- Antonio Terceiro   Fri, 08 Apr 2022 10:06:46 -0300
+
 ruby-net-ssh (1:6.1.0-2) unstable; urgency=medium
 
   [ Cédric Boutillier ]
diff --git a/debian/patches/0001-Added-support-for-RSA-client-authentication-with-SHA.patch b/debian/patches/0001-Added-support-for-RSA-client-authentication-with-SHA.patch
new file mode 100644
index ..ae350e52
--- /dev/null
+++ b/debian/patches/0001-Added-support-for-RSA-client-authentication-with-SHA.patch
@@ -0,0 +1,394 @@
+From: Zdenek Zambersky 
+Date: Thu, 6 May 2021 13:50:20 +0200
+Subject: Added support for RSA client authentication with SHA-2
+
+Source: https://github.com/net-ssh/net-ssh/pull/838
+Backported-By: Antonio Terceiro 
+---
+ lib/net/ssh/authentication/certificate.rb   |  4 +-
+ lib/net/ssh/authentication/ed25519.rb   |  2 +-
+ lib/net/ssh/authentication/key_manager.rb   | 22 ++--
+ lib/net/ssh/authentication/methods/abstract.rb  | 10 
+ lib/net/ssh/authentication/methods/publickey.rb | 66 ++-
+ lib/net/ssh/authentication/session.rb   |  5 +-
+ lib/net/ssh/transport/openssl.rb| 16 --
+ test/authentication/methods/test_publickey.rb   | 71 ++---
+ test/authentication/test_session.rb |  6 ++-
+ 9 files changed, 169 insertions(+), 33 deletions(-)
+
+diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb
+index 82e37e9..95b01ff 100644
+--- a/lib/net/ssh/authentication/certificate.rb
 b/lib/net/ssh/authentication/certificate.rb
+@@ -65,8 +65,8 @@ module Net
+   ).to_s
+ end
+ 
+-def ssh_do_sign(data)
+-  key.ssh_do_sign(data)
++def ssh_do_sign(data, sig_alg = nil)
++  key.ssh_do_sign(data, sig_alg)
+ end
+ 
+ def ssh_do_verify(sig, data)
+diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb
+index 0c5530c..1989d1f 100644
+--- a/lib/net/ssh/authentication/ed25519.rb
 b/lib/net/ssh/authentication/ed25519.rb
+@@ -167,7 +167,7 @@ module Net
+ PubKey.new(@pk)
+   end
+ 
+-  def ssh_do_sign(data)
++  def ssh_do_sign(data, sig_alg = nil)
+ @sign_key.sign(data)
+   end
+ 
+diff --git a/lib/net/ssh/authentication/key_manager.rb b/lib/net/ssh/authentication/key_manager.rb
+index 242d5d5..3624550 100644
+--- a/lib/net/ssh/authentication/key_manager.rb
 b/lib/net/ssh/authentication/key_manager.rb
+@@ -159,7 +159,7 @@ module Net
+ # Regardless of the identity's origin or who does the signing, this
+ # will always return the signature in an SSH2-specified "signature
+ # blob" format.
+-def sign(identity, data)
++def sign(identity, data, sig_alg = nil)
+   info = known_identities[identity] or raise KeyManagerError, "the given identity is unknown to the key manager"
+ 
+   if info[:key].nil? && info[:from] == :file
+@@ -171,13 +171,27 @@ module Net
+   end
+ 
+   if info[:key]
+-return Net::SSH::Buffer.from(:string, identity.ssh_signature_type,
+-  :mstring, info[:key].ssh_do_sign(data.to_s)).to_s

Bug#1004915: transition: ruby2.7-rm

[Antonio Terceiro]

On Thu, Feb 24, 2022 at 08:56:49AM +0100, Paul Gevers wrote:
> Hi Antonio,
> 
> Thanks for taking care.
> 
> On 24-02-2022 02:43, Antonio Terceiro wrote:
> > > diaspora-installer can just be removed, it's already on the autoremoval
> > > list.
> > 
> > also fails without the new ruby-defaults.
> 
> I'm not seeing that. The 2022-02-24 01:38:19 UTC reference run on amd64
> passed.

Yes. I investigated this today and it is an issue that makes
diaspora-installer incompatible with ruby3.0:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006547

The fix for that is probably non-trivial, so IMO we should remove
diaspora-installer from testing to let the transition complete.

Yesterday I also uploaded NMUs for all remaining packages that are in
testing.
https://release.debian.org/transitions/html/ruby3.0-default.html is now
empty when one checks "ignore packages that are not in testing".



signature.asc
Description: PGP signature

Bug#1004915: transition: ruby2.7-rm

[Antonio Terceiro]

On Sun, Feb 20, 2022 at 02:30:15PM +0100, Paul Gevers wrote:
> Hi,
> 
> On 18-02-2022 21:23, Paul Gevers wrote:
> > > > Also the autopkgtest regressions don't look pretty yet, did you
> > > > already have a look:
> > > > https://qa.debian.org/excuses.php?package=ruby-defaults
> > > I'll try to take a look at this list and see what's going on.
> 
> coderay seems to have a patch to fix this in Ubuntu:
>  https://patches.ubuntu.com/c/coderay/coderay_1.1.3-5ubuntu1.patch
> 
> diaspora-installer can just be removed, it's already on the autoremoval
> list.

also fails without the new ruby-defaults. I retried all the migration
reference tests; they will fail and this will stop being a regression
from the POV of britney.

> jekyll apparently is fixed in unstable, but is on the autoremoval list.
> Shall I remove it or are you going to fix ruby-pathutil shortly?

I don't see it anymore as a regression so I guess this was already done.

> ruby-certificate-authority is a key package, bug #1005448 looks related.

I fixed this on the weekend.

> ruby-eventmachine is a key package, you'll need to investigate: NameError:
> uninitialized constant TestIOStreamer::StreamServer::StringIO

I fixed this today.

> ruby-jwt, is a key package, you'll need to fix bug #1005426.

I fixed this today.

> ruby-rack will migrate soon, I removed ruby-rack-mount.

This has happened since.


signature.asc
Description: PGP signature

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

[Antonio Terceiro]

On Sat, Feb 19, 2022 at 06:53:52PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2022-01-27 at 21:32 -0300, Antonio Terceiro wrote:
> > This update fixes the download of container images using the
> > "download"
> > template. pool.sks-keyservers.net is not active anymore, so the patch
> > (already included in the upstream release present in sid/bookworm)
> > changes that to keyserver.ubuntu.com.
> > 
> 
> +  * lxc-download: Switch GPG server.
> +The default server used to download gpg keys from has ben deprecated,
> 
> s/ben/been/
> 
> Please go ahead.

Uploaded with that typo fixed. Thanks.


signature.asc
Description: PGP signature

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.7.1-1+deb11u1

[Antonio Terceiro]

On Sat, Feb 19, 2022 at 05:41:40PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2022-02-15 at 21:33 -0300, Antonio Terceiro wrote:
> > Control: reopen -1
> > 
> > > On Thu, Feb 10, 2022 at 11:44:24AM -0300, Antonio Terceiro wrote:
> > > > [ Reason ]
> > > > Version 0.8.0-1 contains a bug caused by extra whitespace in
> > > > src=""
> > > > attributes of 

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.7.1-1+deb11u1

[Antonio Terceiro]

Control: reopen -1

> On Thu, Feb 10, 2022 at 11:44:24AM -0300, Antonio Terceiro wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bullseye
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > [ Reason ]
> > Version 0.8.0-1 contains a bug caused by extra whitespace in src=""
> > attributes of  tags that search to be broken.
> > 
> > [ Impact ]
> > Documentation generated with sphinx and this theme has a broken search
> > functionality.
> > 
> > [ Tests ]
> > I confirmed the fix against the lava package, which generates
> > documentation using sphinx-bootstrap-theme.
> > 
> > [ Risks ]
> > None. The only functional changes are the exact bug fixes, which are
> > basically deleting 1 extra space in a few lines.
> > 
> > [ Checklist ]
> >   [*] *all* changes are documented in the d/changelog
> >   [*] I reviewed all changes and I approve them
> >   [*] attach debdiff against the package in (old)stable
> >   (for your convenience I'm also attaching the patch itself, since
> >   it's easier to read the diff-in-diff in the debdiff)
> >   [*] the issue is verified as fixed in unstable
> > 
> > [ Changes ]
> > The fix is simple and consists of removing the extra spaces that were
> > breaking the reference to the Javascript files.
> > 
> > [ Other info ]
> > Nothing.
> 
> Sorry, I made this update against the version that was then in testing
> instead of the one in stable. I rebased the changes on stable, but it
> seems they are not enough to fix the issue in that case. I'm closing
> this now and will open a new PU request if and when I am able to fix it.

It turns out my backport was broken; now I got it right and was able to
test that the bug is indeed fixed. All the info above in my original bug
report still applies, with the attached patches.
</pre><pre>diff --git a/debian/changelog b/debian/changelog
index 6ebc402..53beb21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sphinx-bootstrap-theme (0.7.1-1+deb11u1) bullseye; urgency=medium
+
+  * Fix search functionality
+Add a combined backport of 2 upstream commits that remove 1 extra spaces
+off of a few lines.
+
+ -- Antonio Terceiro <terce...@debian.org>  Tue, 15 Feb 2022 19:18:53 -0300
+
 sphinx-bootstrap-theme (0.7.1-1) unstable; urgency=low
 
   [ Debian Janitor ]
diff --git a/debian/patches/Fix-search-functionality.patch b/debian/patches/Fix-search-functionality.patch
new file mode 100644
index 000..7794c08
--- /dev/null
+++ b/debian/patches/Fix-search-functionality.patch
@@ -0,0 +1,50 @@
+From: Antonio Terceiro <terce...@debian.org>
+Date: Thu, 10 Feb 2022 11:36:03 -0300
+Subject: Fix search functionality
+
+The extra spaces at the end of the src="" attibute of those <script>
+tags caused search to be broken on generated documentation. This is a
+combined backport of the following upstream commits
+0d80bffe488da6d5b7b575b964f92adde5026e3e ("BUG: Fix for Sphinx 3.4+
+search") and 19e69c8c46dff011ce24e1718e034decdf319f28 ("Drop spirious
+space in script urls").
+---
+ sphinx_bootstrap_theme/bootstrap/layout.html | 8 
+ sphinx_bootstrap_theme/bootstrap/search.html | 5 +++--
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/sphinx_bootstrap_theme/bootstrap/layout.html b/sphinx_bootstrap_theme/bootstrap/layout.html
+index c21e441..f6d3bfc 100644
+--- a/sphinx_bootstrap_theme/bootstrap/layout.html
 b/sphinx_bootstrap_theme/bootstrap/layout.html
+@@ -52,10 +52,10 @@
+ <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
+ <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
+ <meta name="apple-mobile-web-app-capable" content="yes">
+-<script type="text/javascript" src="{{ pathto('_static/js/jquery-1.11.0.min.js', 1) }} ">
+-
+-
+-
++
++
++
++
+ {% endblock %}
+ 
+ {# Silence the sidebar's, relbar's #}
+diff --git a/sphinx_bootstrap_theme/bootstrap/search.html b/sphinx_bootstrap_theme/bootstrap/search.html
+index 60a6601..92444cc 100644
+--- a/sphinx_bootstrap_theme/bootstrap/search.html
 b/sphinx_bootstrap_theme/bootstrap/search.html
+@@ -10,8 +10,9 @@
+ {%- extends "layout.html" %}
+ {% set title = _('Search') %}
+ {% block extrahead %}
+-  
+-  
++  
++  
++  
+   {# this is used when loading the search index using $.ajax fails,
+  such as on Chrome for documents on localhost #}
+   
diff --git a/debian/patches/series b/debian/patches/series
index 391ae29..134cab0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 privacy_breach.patch
+Fix-search-functionality.patch
From: Antonio Terceiro 
Date: 

Bug#1004915: transition: ruby2.7-rm

[Antonio Terceiro]

Hi,

On Thu, Feb 03, 2022 at 11:59:30AM -0300, Lucas Kanashiro wrote:
> Package: release.debian.org
> Severity: normal
> User:release.debian@packages.debian.org
> Usertags: transition
> 
> Hi,
> 
> We would like to add ruby3.0 as the default and remove ruby2.7 support.
> 
> Ben file:
> 
> title = "ruby2.7-rm";
> is_affected = (.depends ~ /ruby2.7/ | .depends ~ /ruby3.0/) & !.source ~ 
> /^(ruby2.7|ruby3.0|ruby-defaults)$/;
> is_good = ! .depends ~ /ruby2.7/;
> is_bad = .depends ~ /ruby2.7/;
> 
> 
> This part of the transition was already done in Ubuntu, so I do not expect
> any blocker, this is the transition tracker page there:
> 
> https://people.canonical.com/~ubuntu-archive/transitions/html/ruby2.7-rm.html
> 
> ruby-defaults/1:3.0~exp1 is already in experimental (which makes ruby3.0 the
> default and remove ruby2.7), I'll be waiting for your acknowledgement to
> upload it to unstable.

ping. :)

I saw that this was already added to the list of planned transitions,
thanks for that. according to
https://release.debian.org/transitions/html/ruby2.7-rm.html the
conflicts seem to be small enough to be easily manageable. Or am I
missing something?


signature.asc
Description: PGP signature

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.8.0-1+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Version 0.8.0-1 contains a bug caused by extra whitespace in src=""
attributes of  tags that search to be broken.

[ Impact ]
Documentation generated with sphinx and this theme has a broken search
functionality.

[ Tests ]
I confirmed the fix against the lava package, which generates
documentation using sphinx-bootstrap-theme.

[ Risks ]
None. The only functional changes are the exact bug fixes, which are
basically deleting 1 extra space in a few lines.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  (for your convenience I'm also attaching the patch itself, since
  it's easier to read the diff-in-diff in the debdiff)
  [*] the issue is verified as fixed in unstable

[ Changes ]
The fix is simple and consists of removing the extra spaces that were
breaking the reference to the Javascript files.

[ Other info ]
Nothing.
</pre><pre>diff --git a/debian/changelog b/debian/changelog
index 450e76e..0b40199 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sphinx-bootstrap-theme (0.8.0-1+deb11u1) bullseye; urgency=medium
+
+  * Fix search functionality
+Add a combined backport of 2 upstream commits that remove 1 extra spaces
+off of a few lines.
+
+ -- Antonio Terceiro <terce...@debian.org>  Thu, 10 Feb 2022 11:38:38 -0300
+
 sphinx-bootstrap-theme (0.8.0-1) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff --git a/debian/patches/0002-Fix-search-functionality.patch b/debian/patches/0002-Fix-search-functionality.patch
new file mode 100644
index 000..d587944
--- /dev/null
+++ b/debian/patches/0002-Fix-search-functionality.patch
@@ -0,0 +1,50 @@
+From: Antonio Terceiro <terce...@debian.org>
+Date: Thu, 10 Feb 2022 11:36:03 -0300
+Subject: Fix search functionality
+
+The extra spaces at the end of the src="" attibute of those <script>
+tags caused search to be broken on generated documentation. This is a
+combined backport of the following upstream commits
+0d80bffe488da6d5b7b575b964f92adde5026e3e ("BUG: Fix for Sphinx 3.4+
+search") and 19e69c8c46dff011ce24e1718e034decdf319f28 ("Drop spirious
+space in script urls").
+---
+ sphinx_bootstrap_theme/bootstrap/layout.html | 8 
+ sphinx_bootstrap_theme/bootstrap/search.html | 5 +++--
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/sphinx_bootstrap_theme/bootstrap/layout.html b/sphinx_bootstrap_theme/bootstrap/layout.html
+index 303472d..d29ca4f 100644
+--- a/sphinx_bootstrap_theme/bootstrap/layout.html
 b/sphinx_bootstrap_theme/bootstrap/layout.html
+@@ -52,10 +52,10 @@
+ <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
+ <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
+ <meta name="apple-mobile-web-app-capable" content="yes">
+-<script type="text/javascript" src="{{ pathto('_static/js/jquery-1.12.4.min.js', 1) }} ">
+-
+-
+-
++
++
++
++
+ {% endblock %}
+ 
+ {# Silence the sidebar's, relbar's #}
+diff --git a/sphinx_bootstrap_theme/bootstrap/search.html b/sphinx_bootstrap_theme/bootstrap/search.html
+index 60a6601..cca744a 100644
+--- a/sphinx_bootstrap_theme/bootstrap/search.html
 b/sphinx_bootstrap_theme/bootstrap/search.html
+@@ -10,8 +10,9 @@
+ {%- extends "layout.html" %}
+ {% set title = _('Search') %}
+ {% block extrahead %}
+-  
+-  
++  
++  
++  
+   {# this is used when loading the search index using $.ajax fails,
+  such as on Chrome for documents on localhost #}
+   
diff --git a/debian/patches/series b/debian/patches/series
index 391ae29..30e0b22 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 privacy_breach.patch
+0002-Fix-search-functionality.patch
From: Antonio Terceiro 
Date: Thu, 10 Feb 2022 11:36:03 -0300
Subject: Fix search functionality

The extra spaces at the end of the src="" attibute of those 
tags caused search to be broken on generated documentation. This is a
combined backport of the following upstream commits
0d80bffe488da6d5b7b575b964f92adde5026e3e ("BUG: Fix for Sphinx 3.4+
search") and 19e69c8c46dff011ce24e1718e034decdf319f28 ("Drop spirious
space in script urls").
---
 sphinx_bootstrap_theme/bootstrap/layout.html | 8 
 sphinx_bootstrap_theme/bootstrap/search.html | 5 +++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/sphinx_bootstrap_theme/bootstrap/layout.html b/sphinx_bootstrap_theme/bootstrap/layout.html
index 303472d..d29ca4f 100644
--- a/sphinx_bootstrap_theme/bootstrap/layout.html
+++ b/sphinx_bootstrap_theme/bootstrap/layout.html
@@ -52,10 +52,10 @@
 <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'&g

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
This update fixes the download of container images using the "download"
template. pool.sks-keyservers.net is not active anymore, so the patch
(already included in the upstream release present in sid/bookworm)
changes that to keyserver.ubuntu.com.

[ Impact ]
Creating containers with the lxc-download template (`-t download`) does
not work because the key that signs the images cannot be retrieved.

[ Tests ]
This has been tested on lxc and was verified to fix the issue. The patch
is trivial.

[ Risks ]
None.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Replace pool.sks-keyservers.net with keyserver.ubuntu.com.
diff --git a/debian/changelog b/debian/changelog
index 6a5c2db..e6bcbc6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lxc (1:4.0.6-2+deb11u1) bullseye; urgency=medium
+
+  * lxc-download: Switch GPG server.
+The default server used to download gpg keys from has ben deprecated,
+and therefore creating containers using the `download` template is now
+broken. This is fixed with an upstream patch by Stéphane Graber that
+points to a valid server. (Closes: #991615)
+
+ -- Antonio Terceiro   Thu, 13 Jan 2022 16:57:39 -0300
+
 lxc (1:4.0.6-2) unstable; urgency=medium
 
   * d/contrib/lxc-net: Add a commented dnsmasq reference for the users to be
diff --git a/debian/patches/0005-lxc-download-Switch-GPG-server.patch b/debian/patches/0005-lxc-download-Switch-GPG-server.patch
new file mode 100644
index 000..ac7074c
--- /dev/null
+++ b/debian/patches/0005-lxc-download-Switch-GPG-server.patch
@@ -0,0 +1,30 @@
+From: =?utf-8?q?St=C3=A9phane_Graber?= 
+Date: Sun, 27 Jun 2021 23:42:52 -0400
+Subject: lxc-download: Switch GPG server
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Stéphane Graber 
+---
+ templates/lxc-download.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/templates/lxc-download.in b/templates/lxc-download.in
+index d688b8f..2f6cf2a 100644
+--- a/templates/lxc-download.in
 b/templates/lxc-download.in
+@@ -56,11 +56,11 @@ LXC_PATH=
+ LXC_ROOTFS=
+ 
+ if [ -z "${DOWNLOAD_KEYSERVER:-}" ]; then
+-  DOWNLOAD_KEYSERVER="hkp://pool.sks-keyservers.net"
++  DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com"
+ 
+   # Deal with GPG over http proxy
+   if [ -n "${http_proxy:-}" ]; then
+-DOWNLOAD_KEYSERVER="hkp://p80.pool.sks-keyservers.net:80"
++DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80"
+ DOWNLOAD_GPG_PROXY="--keyserver-options http-proxy=\"${http_proxy}\""
+   fi
+ fi
diff --git a/debian/patches/series b/debian/patches/series
index f952766..d98fa8f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 0005-lxc.service-Starts-after-remote-fs.target.patch
 0006-lxc.pc.in-removes-DLOG_LIBS-which-is-not-expanded-up.patch
 0007-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
+0005-lxc-download-Switch-GPG-server.patch


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Hi,

On Sat, 2 Oct 2021 15:14:39 -0300 Antonio Terceiro  wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> We would like to add support for ruby3.0 in ruby-defaults.

This can now be closed. There are 4 unfixed packages in the tracker, but
they are all out of testing. Some of them probably need to be removed
from the archive entirely, but we will look at them later and give
someone who cares a chance to fix them before that.


signature.asc
Description: PGP signature

Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1

[Antonio Terceiro]

On Fri, Dec 03, 2021 at 04:39:06PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2021-10-10 at 09:40 -0300, Antonio Terceiro wrote:
> > ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> > that is a ticking time bomb. This update fixes that by removing that
> > vendored copy and making it use the system CA certificate bundle by
> > default.
> > 
> > [ Impact ]
> > The main package affected by this is apt-listbugs, which stopped
> > being
> > able to download bug data information from bugs.debian.org due to the
> > recent expiration of the old Let's Encrypt root certificate.
> > 
> 
> Please go ahead, thanks.

Uploaded.


signature.asc
Description: PGP signature

Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1

[Antonio Terceiro]

On Sat, Dec 04, 2021 at 05:31:52PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2021-10-10 at 09:58 -0300, Antonio Terceiro wrote:
> > ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> > that is a ticking time bomb. This update fixes that by removing that
> > vendored copy and making it use the system CA certificate bundle by
> > default.
> > 
> > [ Impact ]
> > The main package affected by this is apt-listbugs, which stopped
> > being
> > able to download bug data information from bugs.debian.org due to the
> > recent expiration of the old Let's Encrypt root certificate.
> > 
> 
> Please go ahead, thanks.

Uploaded.


signature.asc
Description: PGP signature

Bug#996584: (some kind of) transition: add python3.10 as a supported python3 version

[Antonio Terceiro]

On Thu, Nov 18, 2021 at 10:01:17AM +0100, Sebastiaan Couwenberg wrote:
> On 11/18/21 09:49, Matthias Klose wrote:
> > On 11/18/21 06:51, Sebastiaan Couwenberg wrote:
> > > On 11/16/21 14:23, Matthias Klose wrote:
> > > > I'm planning to upload python3-defaults later tonight, adding 3.10 as a
> > > > supported Python version.  Packages are able to migrate on their own, 
> > > > there are
> > > > no blockages introduced on other transitions.
> > > 
> > > numpy rdeps (e.g. pyproj) are a bit problematic, they fail with the 3.10 
> > > as long
> > > as numpy is not built with it yet.
> > 
> > numpy is in stage6 of the transition. so please be a bit patient until all 
> > the
> > binNMUs up to stage6 are built.
> 
> There has been no communication about this transition outside this
> bugreport, you should probably follow the example for perl transitions to
> alert the developer base about the expected ImportError issues with the new
> version until the rebuilds are completed.

This Python transition is different from the Perl transitions. Python
has multiple simultaneously supported versions, in this case 3.9 and
3.10. The transition involves rebuilding the packages with C extensions
so that they carry the associated binary files compiled for both support
Python versions. Any errors due to missing support in dependencies
affect only people building Python packages.

The default Python is still Python 3.9, so users using Python programs
are not affected during this transition.

Perl, on the other hand, has only a single version at the archive at any
time. This is why during the Perl transition, it's possible that users
running Perl programs are affected by missing C extensions during the
time it takes to rebuild all packages for the new Perl version.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

On Sat, Oct 30, 2021 at 11:43:35AM +0200, Sebastian Ramacher wrote:
> Those have been scheduled. Note that a bunch of them have only built and
> installed the extension for the default ruby version, e.g.,
> ruby-debug-inspector and libprelude.

Yes. Please amend the ben file like this:

is_affected = (.depends ~ /ruby2.7/ | .depends ~ /ruby3.0/) & ! .source ~ 
/^(ruby2\.7|ruby3\.0|ruby-defaults|dislocker|epic5|graphviz|hivex|kamailio|klayout|kross-interpreters|libprelude|marisa|ngraph-gtk|notmuch|obexftp|redland-bindings|rubyluabridge|ruby-standalone|subtle|subversion|uwsgi|vim-command-t|weechat|robot-testing-framework|treil|vim|nbdkit)$/


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

On Thu, Oct 28, 2021 at 11:34:28PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 confirmed
> 
> On 2021-10-20 09:45:10 -0300, Antonio Terceiro wrote:
> > Control: tag -1 - moreinfo
> > 
> > On Sat, Oct 16, 2021 at 03:46:11PM +0200, Sebastian Ramacher wrote:
> > > Control: tags -1 moreinfo
> > > 
> > > On 2021-10-15 06:44:36 -0300, Antonio Terceiro wrote:
> > > > Hi,
> > > > 
> > > > On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> > > > > Package: release.debian.org
> > > > > Severity: normal
> > > > > User: release.debian@packages.debian.org
> > > > > Usertags: transition
> > > > > 
> > > > > We would like to add support for ruby3.0 in ruby-defaults.
> > > > > 
> > > > > Ben file:
> > > > > 
> > > > > title = "ruby3.0-add";
> > > > > is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source 
> > > > > ~ /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> > > > > is_good = .depends ~ /ruby3.0/;
> > > > > is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> > > > > 
> > > > > We already did a mass rebuild some time ago, and the results don't 
> > > > > look
> > > > > bad. We should be doing a new one soon, and will come up with a list 
> > > > > of
> > > > > binNMUs
> > > > 
> > > > This is a friendly ping. We would like to make the switch in unstable
> > > > soon and start doing binNMUs.
> > > > 
> > > > We have these bugs related to this transition:
> > > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org
> > > > 
> > > > Most of those bugs are for leaf libraries. We already started fixing the
> > > > ones that block a lof of other (e.g. the ones with C extensions that
> > > > FTBFS with ruby3.0) so they are ready to be binNMUed.
> > > 
> > > ruby3.0 isn't in testing yet - it currently fails to build on ppc64el.
> > > So let's at least wait until it migrated.
> > 
> > ruby3.0 is now in testing. Can we go ahead with this?
> 
> Yes, please go ahead

Thanks, we will upload ruby-defaults shortly.

Note that we do not necessarily want/need to block involved packages
from migrating, as adding ruby3.0 support does not break anything since
the default is still unchanged.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

On Wed, Oct 20, 2021 at 03:12:17PM +0200, Sebastiaan Couwenberg wrote:
> On 10/20/21 2:45 PM, Antonio Terceiro wrote:
> > On Sat, Oct 16, 2021 at 03:46:11PM +0200, Sebastian Ramacher wrote:
> >> On 2021-10-15 06:44:36 -0300, Antonio Terceiro wrote:
> >>> On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> >>>> Package: release.debian.org
> >>>> Severity: normal
> >>>> User: release.debian@packages.debian.org
> >>>> Usertags: transition
> >>>>
> >>>> We would like to add support for ruby3.0 in ruby-defaults.
> >>>>
> >>>> Ben file:
> >>>>
> >>>> title = "ruby3.0-add";
> >>>> is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
> >>>> /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> >>>> is_good = .depends ~ /ruby3.0/;
> >>>> is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> >>>>
> >>>> We already did a mass rebuild some time ago, and the results don't look
> >>>> bad. We should be doing a new one soon, and will come up with a list of
> >>>> binNMUs
> >>>
> >>> This is a friendly ping. We would like to make the switch in unstable
> >>> soon and start doing binNMUs.
> >>>
> >>> We have these bugs related to this transition:
> >>> https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org
> >>>
> >>> Most of those bugs are for leaf libraries. We already started fixing the
> >>> ones that block a lof of other (e.g. the ones with C extensions that
> >>> FTBFS with ruby3.0) so they are ready to be binNMUed.
> >>
> >> ruby3.0 isn't in testing yet - it currently fails to build on ppc64el.
> >> So let's at least wait until it migrated.
> > 
> > ruby3.0 is now in testing. Can we go ahead with this?
> 
> There are 169 packages affected by the transition according to the
> tracker, the ruby3.0 usertag has 152 unresolved ftbfs bugreports.
>
> Does it really make sense to start this transition when most rdeps fail
> to build?

Yes.

Those two sets of packages are more or less distinct. The only
intersection is of packages that have C extensions (and thus a
dependency on the specific ruby versions it was build against) *and* to
build against ruby3.0.

Most of the FTBFS bugs are against pure-Ruby packages that fail against
ruby3.0, and are not even listed in the transition tracker.

A good part of the packages that *are* listed in the transition will be
good after a binNMU. To fix those we need to have ruby3.0 as a supported
version in unstable in the first place.

Also as we are "just" adding ruby3.0 support, this has little effect on
users since ruby2.7 is still the default.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Control: tag -1 - moreinfo

On Sat, Oct 16, 2021 at 03:46:11PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
> 
> On 2021-10-15 06:44:36 -0300, Antonio Terceiro wrote:
> > Hi,
> > 
> > On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > 
> > > We would like to add support for ruby3.0 in ruby-defaults.
> > > 
> > > Ben file:
> > > 
> > > title = "ruby3.0-add";
> > > is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
> > > /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> > > is_good = .depends ~ /ruby3.0/;
> > > is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> > > 
> > > We already did a mass rebuild some time ago, and the results don't look
> > > bad. We should be doing a new one soon, and will come up with a list of
> > > binNMUs
> > 
> > This is a friendly ping. We would like to make the switch in unstable
> > soon and start doing binNMUs.
> > 
> > We have these bugs related to this transition:
> > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org
> > 
> > Most of those bugs are for leaf libraries. We already started fixing the
> > ones that block a lof of other (e.g. the ones with C extensions that
> > FTBFS with ruby3.0) so they are ready to be binNMUed.
> 
> ruby3.0 isn't in testing yet - it currently fails to build on ppc64el.
> So let's at least wait until it migrated.

ruby3.0 is now in testing. Can we go ahead with this?


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Hi,

On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> We would like to add support for ruby3.0 in ruby-defaults.
> 
> Ben file:
> 
> title = "ruby3.0-add";
> is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
> /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> is_good = .depends ~ /ruby3.0/;
> is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> 
> We already did a mass rebuild some time ago, and the results don't look
> bad. We should be doing a new one soon, and will come up with a list of
> binNMUs

This is a friendly ping. We would like to make the switch in unstable
soon and start doing binNMUs.

We have these bugs related to this transition:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org

Most of those bugs are for leaf libraries. We already started fixing the
ones that block a lof of other (e.g. the ones with C extensions that
FTBFS with ruby3.0) so they are ready to be binNMUed.


signature.asc
Description: PGP signature

Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)

[ Reason ]
ruby-httpclient uses a vendored copy of a CA certificate bundle, and
that is a ticking time bomb. This update fixes that by removing that
vendored copy and making it use the system CA certificate bundle by
default.

[ Impact ]
The main package affected by this is apt-listbugs, which stopped being
able to download bug data information from bugs.debian.org due to the
recent expiration of the old Let's Encrypt root certificate.

[ Tests ]
The added autopkgtest test fails without the patch and passes without
it. apt-listbugs is now able to fetch bug data information again.

[ Risks ]
The changes are simple enough and this is a low risk update.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]

The changes are simple enough that I feel copy-pasting from the
changelog is enough:

* Add simple autopkgtest to check a basic SSL connection
* Add patch to use the system certificate store (Closes: #995448)
* debian/rules: remove embedded CA certificate store
* Add dependency on ca-certificates
diff --git a/debian/changelog b/debian/changelog
index a164bb1..3708b17 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ruby-httpclient (2.8.3-3+deb11u1) bullseye; urgency=medium
+
+  * Add simple autopkgtest to check a basic SSL connection
+  * Add patch to use the system certificate store (Closes: #995448)
+  * debian/rules: remove embedded CA certificate store
+  * Add dependency on ca-certificates
+
+ -- Antonio Terceiro   Sun, 10 Oct 2021 09:24:03 -0300
+
 ruby-httpclient (2.8.3-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/control b/debian/control
index e50868f..e38581d 100644
--- a/debian/control
+++ b/debian/control
@@ -21,6 +21,7 @@ Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  ruby-http-cookie (>= 1.0),
+ ca-certificates,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: HTTP client library for ruby
diff --git a/debian/patches/0008-Use-system-CA-certificate-store.patch b/debian/patches/0008-Use-system-CA-certificate-store.patch
new file mode 100644
index 000..3ec8820
--- /dev/null
+++ b/debian/patches/0008-Use-system-CA-certificate-store.patch
@@ -0,0 +1,33 @@
+From: Antonio Terceiro 
+Date: Wed, 6 Oct 2021 10:03:32 -0300
+Subject: Use system CA certificate store
+
+---
+ lib/httpclient/ssl_config.rb | 7 +--
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/lib/httpclient/ssl_config.rb b/lib/httpclient/ssl_config.rb
+index f6e7ce9..d4e48f2 100644
+--- a/lib/httpclient/ssl_config.rb
 b/lib/httpclient/ssl_config.rb
+@@ -249,7 +249,7 @@ class HTTPClient
+ # Loads default trust anchors.
+ # Calling this method resets all existing sessions.
+ def load_trust_ca
+-  load_cacerts(@cert_store)
++  set_default_paths
+   change_notify
+ end
+ 
+@@ -413,11 +413,6 @@ class HTTPClient
+   nil
+ end
+ 
+-# Use 2048 bit certs trust anchor
+-def load_cacerts(cert_store)
+-  file = File.join(File.dirname(__FILE__), 'cacert.pem')
+-  add_trust_ca_to_store(cert_store, file)
+-end
+   end
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index f1a4a0e..3764163 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 0004-Add-upstream-changelog.patch
 0005-tweak-test-dep-change.patch
 disable-test-proxy-ssl.patch
+0008-Use-system-CA-certificate-store.patch
diff --git a/debian/rules b/debian/rules
index 118221b..bdf2c5b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,3 +6,8 @@ export LANG=C.UTF-8
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
+
+
+override_dh_auto_install:
+	dh_auto_install
+	rm --verbose $(CURDIR)/debian/ruby-httpclient/usr/lib/ruby/vendor_ruby/httpclient/*.pem
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..d5b55a2
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: ssl-smoke-test
+Restrictions: needs-internet, allow-stderr
diff --git a/debian/tests/ssl-smoke-test b/debian/tests/ssl-smoke-test
new file mode 100644
index 000..ce81ca0
--- /dev/null
+++ b/debian/tests/ssl-smoke-test
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -exu
+
+httpclient get https://bugs.debian.org/


signature.asc
Description: PGP signature

Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
ruby-httpclient uses a vendored copy of a CA certificate bundle, and
that is a ticking time bomb. This update fixes that by removing that
vendored copy and making it use the system CA certificate bundle by
default.

[ Impact ]
The main package affected by this is apt-listbugs, which stopped being
able to download bug data information from bugs.debian.org due to the
recent expiration of the old Let's Encrypt root certificate.

[ Tests ]
The added autopkgtest test fails without the patch and passes without
it. apt-listbugs is now able to fetch bug data information again.

[ Risks ]
The changes are simple enough and this is a low risk update.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]

The changes are simple enough that I feel copy-pasting from the
changelog is enough:

* Add simple autopkgtest to check a basic SSL connection
* Add patch to use the system certificate store (Closes: #995448)
* debian/rules: remove embedded CA certificate store
* Add dependency on ca-certificates
diff --git a/debian/changelog b/debian/changelog
index a164bb1..e6d96d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ruby-httpclient (2.8.3-3+deb10u1) buster; urgency=medium
+
+  * Add simple autopkgtest to check a basic SSL connection
+  * Add patch to use the system certificate store (Closes: #995448)
+  * debian/rules: remove embedded CA certificate store
+  * Add dependency on ca-certificates
+
+ -- Antonio Terceiro   Sun, 10 Oct 2021 09:24:03 -0300
+
 ruby-httpclient (2.8.3-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/control b/debian/control
index e50868f..e38581d 100644
--- a/debian/control
+++ b/debian/control
@@ -21,6 +21,7 @@ Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  ruby-http-cookie (>= 1.0),
+ ca-certificates,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: HTTP client library for ruby
diff --git a/debian/patches/0008-Use-system-CA-certificate-store.patch b/debian/patches/0008-Use-system-CA-certificate-store.patch
new file mode 100644
index 000..3ec8820
--- /dev/null
+++ b/debian/patches/0008-Use-system-CA-certificate-store.patch
@@ -0,0 +1,33 @@
+From: Antonio Terceiro 
+Date: Wed, 6 Oct 2021 10:03:32 -0300
+Subject: Use system CA certificate store
+
+---
+ lib/httpclient/ssl_config.rb | 7 +--
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/lib/httpclient/ssl_config.rb b/lib/httpclient/ssl_config.rb
+index f6e7ce9..d4e48f2 100644
+--- a/lib/httpclient/ssl_config.rb
 b/lib/httpclient/ssl_config.rb
+@@ -249,7 +249,7 @@ class HTTPClient
+ # Loads default trust anchors.
+ # Calling this method resets all existing sessions.
+ def load_trust_ca
+-  load_cacerts(@cert_store)
++  set_default_paths
+   change_notify
+ end
+ 
+@@ -413,11 +413,6 @@ class HTTPClient
+   nil
+ end
+ 
+-# Use 2048 bit certs trust anchor
+-def load_cacerts(cert_store)
+-  file = File.join(File.dirname(__FILE__), 'cacert.pem')
+-  add_trust_ca_to_store(cert_store, file)
+-end
+   end
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index f1a4a0e..3764163 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 0004-Add-upstream-changelog.patch
 0005-tweak-test-dep-change.patch
 disable-test-proxy-ssl.patch
+0008-Use-system-CA-certificate-store.patch
diff --git a/debian/rules b/debian/rules
index 118221b..bdf2c5b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,3 +6,8 @@ export LANG=C.UTF-8
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
+
+
+override_dh_auto_install:
+	dh_auto_install
+	rm --verbose $(CURDIR)/debian/ruby-httpclient/usr/lib/ruby/vendor_ruby/httpclient/*.pem
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..d5b55a2
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: ssl-smoke-test
+Restrictions: needs-internet, allow-stderr
diff --git a/debian/tests/ssl-smoke-test b/debian/tests/ssl-smoke-test
new file mode 100644
index 000..ce81ca0
--- /dev/null
+++ b/debian/tests/ssl-smoke-test
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -exu
+
+httpclient get https://bugs.debian.org/


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

We would like to add support for ruby3.0 in ruby-defaults.

Ben file:

title = "ruby3.0-add";
is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
/^(ruby2.7|ruby3.0|ruby-defaults)$/);
is_good = .depends ~ /ruby3.0/;
is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;

We already did a mass rebuild some time ago, and the results don't look
bad. We should be doing a new one soon, and will come up with a list of
binNMUs


signature.asc
Description: PGP signature

Re: careless upload of Erlang v24 without a transition tracking with the release team (was: rabbitmq-server fails to start after erlang v24 update)

[Antonio Terceiro]

On Fri, Aug 27, 2021 at 10:26:39PM +0200, Paul Gevers wrote:
> Hi,
> 
> Sorry my previous message was weird.
> 
> On 27-08-2021 22:11, Paul Gevers wrote:
> > On 27-08-2021 21:58, Antonio Terceiro wrote:
> >> One thing that happens when you do this type of change without
> >> coordination is that all CI pipelines on unstable where rabbitmq-server
> >> is installed are now broken. For example all merge requests against
> >> debci at the moment have their tests in "failed" status. This creates
> >> unnecessary noise for a lot of people.
> > 
> > rabbitmq-server already got an update, so unstable should be fine (if
> > not, shout (or better, file bugs)). I expect you mean testing, as I
> > think that the point is that erlang already migrated before the issue
> > was detected, otherwise an RC bug would have prevented the migration.
> > 
> > That's why it was suggested earlier that rabbitmq-server should grow an
> > autopkgtest as that have would prevented the migration.
> 
> What I should have said:
> we could have prevented migration of erlang until the reverse
> dependencies were ready by having an RC bug on erlang. That would have
> been totally appropriate if it would have lasted an reasonable time. I
> *think* rabbitmq-server has problems migrating now *because* erlang
> migrated, but that should clear up once the references are tested again.
> However, it *also* has issues with being uninstallable.

FWIW, I just did that: I made a new rabbitmq-server upload adding a
superficial autopkgtest to rabbitmq-server that just checks if the
service is running after installation. This should avoid testing being
broken because erlang migrated before rabbitmq-server has been fixed.


signature.asc
Description: PGP signature

Re: careless upload of Erlang v24 without a transition tracking with the release team (was: rabbitmq-server fails to start after erlang v24 update)

[Antonio Terceiro]

On Sun, Aug 22, 2021 at 07:14:30PM +0300, Sergei Golovan wrote:
> Hi Thomas,
> 
> On Sun, Aug 22, 2021 at 6:55 PM Thomas Goirand  wrote:
> >
> > Hi Damir, Sergei, the release team,
> >
> > First of all, thanks for your bug report, Damir.
> >
> > Debian Bullseye was released on the 14th of Aug. Then Erlang v24 was
> > uploaded on the 17th. Looking at:
> >
> > https://release.debian.org/transitions/
> >
> > I cannot see any transition thingy opened for Erlang. This means that
> > Erlang was carelessly uploaded to Unstable:
> 
> Uploading new major version of Erlang does not require a transition.
> No application needs to be rebuilt against it, and only a minority
> breaks (those which use removed deprecated features, and they have to
> be updated or patched anyway). I'm sorry that elixir and rabbit-mq
> break.
> 
> >
> > 1/ Without informing the release team, and defining a schedule for the
> > Erlang transition
> 
> I insist that a transition is not necessary.

It's OK to break things, and you do not have to wait forever, but you
need to give people enough time to react before the packages they
work/depend on become instantly broken.

One thing that happens when you do this type of change without
coordination is that all CI pipelines on unstable where rabbitmq-server
is installed are now broken. For example all merge requests against
debci at the moment have their tests in "failed" status. This creates
unnecessary noise for a lot of people.

> > 2/ Without rebuilding any reverse dependency, and more specifically,
> > without caring about RabbitMQ which is kind of a high profile server
> > application.
> >
> > Now, we have Erlang v24 in Unstable which looks like a good target for
> > RabbitMQ 3.9.4, however, this new version needs a new Elixir release, as
> > it has a bound of ">= 1.10.4 and < 1.13.0". Elixir as in unstable (ie:
> > 1.10.3) doesn't work, even when trying to convince RabbitMQ it's ok.
> 
> Well, I would say that Elixir in Debian is not in a good shape. It
> lags way behind upstream (which is already 1.12.2, quite a few
> releases ahead).
> 
> >
> > There isn't much I can do now. I'm opening a bug against Elixir, and
> > I'll have to wait for it to be solved...
> >
> > This isn't the first time something like this happen. Could we please
> > bring some sanity in the way we do things? Sergei, could you please
> > revert your upload of Erlang v24 in Unstable, and open a release team
> > bug to get a transition tracker thingy, which is the only sane way to do
> > things in Debian?
> >
> > Not amused...
> 
> I've uploaded Erlang 24 to experimental months ago. If you know that
> your software breaks on Erlang upgrade, you could do something
> already.

experimental is not a communication channel. You need to tell
maintainers of your reverse dependencies that this breakage is coming
via bug reports in advance, it's not reasonable to expect people to
monitor experimental.


signature.asc
Description: PGP signature

Bug#990074: unblock: auto-apt-proxy/13.3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package auto-apt-proxy

This updates fixes a autopkgtest regression (#989776).

Starting with debci 3.0, the test beds have auto-apt-proxy preinstalled
in them, what breaks some assumptions of the tests, in special that the
apt usage in them is the first time auto-apt-proxy is being used. By
setting AUTO_APT_PROXY_NO_CACHE, we avoid auto-apt-proxy caching any
results from invocations prior to the test run itself.

This brings no risk to end users as the only changes are to the test
suite.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock auto-apt-proxy/13.3
diff --git a/debian/changelog b/debian/changelog
index 2ebd205..7d6e40d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+auto-apt-proxy (13.3) unstable; urgency=medium
+
+  * autopkgtest: cope with auto-apt-proxy being pre-installed (Closes: #989776)
+
+ -- Antonio Terceiro   Fri, 18 Jun 2021 22:51:34 -0300
+
 auto-apt-proxy (13.2) unstable; urgency=medium
 
   [ Antonio Terceiro ]
diff --git a/debian/tests/apt-cacher-ng.txt b/debian/tests/apt-cacher-ng.txt
index 20f0936..0b169a5 100644
--- a/debian/tests/apt-cacher-ng.txt
+++ b/debian/tests/apt-cacher-ng.txt
@@ -1,2 +1,3 @@
+$ export AUTO_APT_PROXY_NO_CACHE=1
 $ auto-apt-proxy 
 http://127.0.0.1:3142
diff --git a/debian/tests/apt-integration b/debian/tests/apt-integration
index ea29484..dfdc2fe 100755
--- a/debian/tests/apt-integration
+++ b/debian/tests/apt-integration
@@ -5,6 +5,7 @@ set -eu
 cd ${AUTOPKGTEST_TMP:-/tmp}
 unset no_proxy
 
+export AUTO_APT_PROXY_NO_CACHE=1
 apt-get source auto-apt-proxy
 
 grep auto-apt-proxy /var/log/apt-cacher-ng/apt-cacher.log


signature.asc
Description: PGP signature

Bug#986742: unblock: ruby2.7/2.7.3-1

[Antonio Terceiro]

On Sun, Apr 18, 2021 at 09:43:41PM +0200, Sebastian Ramacher wrote:
> On 2021-04-17 22:10:19 +0530, Utkarsh Gupta wrote:
> > Hi Sebastian,
> > 
> > On Sat, Apr 17, 2021 at 3:08 PM Sebastian Ramacher  
> > wrote:
> > > Thanks, please go ahead and remove the moreinfo tag once the version is
> > > available in unstable.
> > 
> > Uploaded to unstable, thanks. And removed the tag as well.
> 
> The builds on armel and armhf failed:
> https://buildd.debian.org/status/fetch.php?pkg=ruby2.7=armel=2.7.3-1=1618744303=0

I just uploaded -2 with the following fix:

----8<8<8<- 
From: Antonio Terceiro 
Date: Mon, 19 Apr 2021 17:50:12 +
Subject: Revert "Make host_* values consistent with target_*"

See https://bugs.ruby-lang.org/issues/17021 for the original request.

This breaks the build on the 32-bit Debian ARM architectures. Maybe this
is specific to the Debian packaging, so this has not been reported
upstream yet.
---
 configure.ac | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index da22ab6..73ce534 100644
--- a/configure.ac
+++ b/configure.ac
@@ -309,14 +309,9 @@ AC_SUBST(CC_VERSION_MESSAGE, $cc_version_message)
 : ${DLDFLAGS="$LDFLAGS"}
 
 RUBY_UNIVERSAL_ARCH
-AS_IF([test "$target_cpu" != "$host_cpu" -a "$GCC" = yes -a "$cross_compiling" 
= no -a "${universal_binary:-no}" = no], [
+AS_IF([test "$target_cpu" != "$host_cpu" -a "$GCC" = yes -a "$cross_compiling" 
= no -a "$universal_binary" = no], [
 RUBY_DEFAULT_ARCH("$target_cpu")
 ])
-host_os=$target_os
-host_vendor=$target_vendor
-host_cpu=$target_cpu
-host=$target
-host_alias=$target_alias
 
 AS_CASE(["$target_os"], [darwin*], [
 if libtool 2>&1 | grep no_warning_for_no_symbols > /dev/null; then
8<8<8<- 


signature.asc
Description: PGP signature

Bug#986742: unblock: ruby2.7/2.7.3-1

[Antonio Terceiro]

On Sun, 11 Apr 2021 03:04:42 +0530 Utkarsh Gupta  wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: debian-r...@lists.debian.org
> 
> Hello,
> 
> Upstream has recently released a bug-fix only release after a
> vulnerability, CVE-2021-28965, was discovered.
> 
> Upstream release note:
> https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
> Upstream git logs b/w 2.7.2 and 2.7.3:
> https://github.com/ruby/ruby/compare/v2_7_2...v2_7_3
> 
> This is clearly a bug-fix only release and it'd be *really great* to
> have this included in Bullseye. (I'd be sad not to but..) I understand
> it's your call to make after analyzing so attaching the debdiff for
> your reference and help (snipping ChangeLog entries for noise
> reduction).
> 
> Hopefully, it'd be OK to get this included and have an even nicer
> ruby2.7 for Bullseye. Thanks.

 99 files changed, 39552 insertions(+), 23134 deletions(-)

The debian diff looks very big because of 3 generated files: ChangeLog,
parse.c, and ext/ripper/ripper.c (the last two being bison/yacc
generated parsers). If you filter those out, the result is a lot more
palatable:

 96 files changed, 3761 insertions(+), 886 deletions(-)

Roughtly 1/3 of the insertions are test cases:

 32 files changed, 1150 insertions(+), 97 deletions(-)

I have reviewed the upstream patches and compared the upstream diff with
the debian diff, and indeed all the changes are bug fixes.

There was one marked as a "Feature" in the commit message, but it was
really a follwup to fix an inconsistency in a feature that has been
added in the 2.7 series already. It will cause formerly invalid syntax
to be valid, but won't break any currently working code.

I think the risk with this update is low, and releasing with the latest
available ruby bugfix release will make it easier to provide stable
support in bullseye.

Full disclosure: I am trying to get ruby into new hands, but I'm still a
comaintainer and care a lot about it, so I'm not an uninterested party
here.


signature.asc
Description: PGP signature

Bug#986366: unblock: ruby-kramdown/2.3.0-5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-kramdown

[ Reason ]
Fixes a CVE and RC bug #985569

[ Tests ]
all autopkgtests of reverse dependencies passed.

[ Risks ]
The change should not cause regressions on non-malicious code.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock ruby-kramdown/2.3.0-5
commit b80244870c477d90090305f569eea39f7bd2b3f5
Author: Antonio Terceiro 
Date:   Sat Apr 3 10:40:54 2021 -0300

Add upstream patch to fix arbitrary code execution vulnerability

This is CVE-2021-28834

Closes: #985569

diff --git a/debian/changelog b/debian/changelog
index 088c244..012d553 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-kramdown (2.3.0-5) unstable; urgency=medium
+
+  * Team upload.
+  * Add upstream patch to fix arbitrary code execution vulnerability
+[CVE-2021-28834] (Closes: #985569)
+
+ -- Antonio Terceiro   Sat, 03 Apr 2021 10:39:28 -0300
+
 ruby-kramdown (2.3.0-4) unstable; urgency=medium
 
   * Recommend ruby-rouge, for out-of-the-box syntax highlighting
diff --git a/debian/patches/0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch b/debian/patches/0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch
new file mode 100644
index 000..68457a6
--- /dev/null
+++ b/debian/patches/0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch
@@ -0,0 +1,69 @@
+From: Stan Hu 
+Date: Sun, 14 Mar 2021 11:21:00 -0700
+Subject: Restrict Rouge formatters to Rouge::Formatters namespace
+
+ff0218a added support for specifying custom Rouge formatters with the
+constraint that the formatter be in theRouge::Formatters namespace, but
+it did not actually enforce this constraint. For example, this is valid:
+
+```ruby
+Rouge::Formatters.const_get('CSV')
+=> CSV
+```
+
+Adding the `false` parameter to `const_get` prevents this:
+
+```ruby
+Rouge::Formatters.const_get('CSV', false)
+NameError: uninitialized constant Rouge::Formatters::CSV
+```
+---
+ lib/kramdown/converter/syntax_highlighter/rouge.rb |  2 +-
+ test/test_files.rb | 18 +++---
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/lib/kramdown/converter/syntax_highlighter/rouge.rb b/lib/kramdown/converter/syntax_highlighter/rouge.rb
+index c799526..ed6a4f8 100644
+--- a/lib/kramdown/converter/syntax_highlighter/rouge.rb
 b/lib/kramdown/converter/syntax_highlighter/rouge.rb
+@@ -70,7 +70,7 @@ module Kramdown::Converter::SyntaxHighlighter
+   when Class
+ formatter
+   when /\A[[:upper:]][[:alnum:]_]*\z/
+-::Rouge::Formatters.const_get(formatter)
++::Rouge::Formatters.const_get(formatter, false)
+   else
+ # Available in Rouge 2.0 or later
+ ::Rouge::Formatters::HTMLLegacy
+diff --git a/test/test_files.rb b/test/test_files.rb
+index 82ff6b0..3517e55 100644
+--- a/test/test_files.rb
 b/test/test_files.rb
+@@ -21,16 +21,20 @@ begin
+   end
+ 
+   # custom formatter for tests
+-  class RougeHTMLFormatters < Kramdown::Converter::SyntaxHighlighter::Rouge.formatter_class
++  module Rouge
++module Formatters
++  class RougeHTMLFormatters < Kramdown::Converter::SyntaxHighlighter::Rouge.formatter_class
+ 
+-tag 'rouge_html_formatters'
++tag 'rouge_html_formatters'
+ 
+-def stream(tokens, )
+-  yield %()
+-  super
+-  yield %()
+-end
++def stream(tokens, )
++  yield %()
++  super
++  yield %()
++end
+ 
++  end
++end
+   end
+ rescue LoadError, SyntaxError, NameError
+ end
diff --git a/debian/patches/series b/debian/patches/series
index 7d4b5b1..f8d5d26 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 fix_manpage_warnings.patch
+0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch


signature.asc
Description: PGP signature

Re: ruby-vcr: DFSG violation (Hippocratic license)

[Antonio Terceiro]

On Mon, Mar 08, 2021 at 02:50:18PM +0530, Pirate Praveen wrote:
> 
> 
> On 2021, മാർച്ച് 8 1:24:48 AM IST, Antonio Terceiro  
> wrote:
[...]
> >I don't think that will be needed. I reverted to 5.0.0 locally, added a
> >few patches, and at least all of our reverse dependencies seem to pass
> >their tests with it:
> >
> >
> >=  Testing reverse (build) dependencies
> >
> >
> >rebuild  nanoc   ... PASS
> >rebuild  ruby-coveralls  ... PASS
> >autopkgtest  ruby-faraday... PASS
> >rebuild  ruby-graphlient ... PASS
> >rebuild  ruby-mixlib-install ... PASS
> >rebuild  ruby-octokit... PASS
> >
> >So in principle we could fix this issue without touching anything else.
> 
> Thanks. Are you waiting for an ack from release team to upload it?

No, I will upload it soon™.


signature.asc
Description: PGP signature

Re: ruby-vcr: DFSG violation (Hippocratic license)

[Antonio Terceiro]

On Sun, Mar 07, 2021 at 11:01:16PM +0530, Pirate Praveen wrote:
> [adding release team]
> 
> On Sun, Mar 7, 2021 at 10:49 pm, Utkarsh Gupta  wrote:
> > Hi Praveen,
> > 
> > On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen
> >  wrote:
> > >  It looks like we will have to remove ruby-vcr and we will have to
> > >  disable tests for the following packages. I don't think there is
> > >  another way, thoughts?
> > 
> > Maybe worth opening an issue upstream and discuss the cons of this
> > change or something? Or if that doesn't work out
> > and we need this
> 
> I doubt discussing with upstream will yield any possitive outcome as this is
> a specific philosophical movement.
> 
> See https://github.com/vcr/vcr/pull/792
> and
> https://github.com/vcr/vcr/issues/804
> 
> > package or something, would forking be an option?
> 
> https://github.com/vcr/vcr/blob/master/CHANGELOG.md#510-feb-5-2020
> 
> We will have to go back to 5.0 and someone will have to maintain it
> independently.
> 
> Hi Release team,
> 
> Do you think this needs to be fixed before bullseye? If yes, do you agree to
> change the reverse dependencies listed in my previous message to this bug?

I don't think that will be needed. I reverted to 5.0.0 locally, added a
few patches, and at least all of our reverse dependencies seem to pass
their tests with it:


=  Testing reverse (build) dependencies


rebuild  nanoc   ... PASS
rebuild  ruby-coveralls  ... PASS
autopkgtest  ruby-faraday... PASS
rebuild  ruby-graphlient ... PASS
rebuild  ruby-mixlib-install ... PASS
rebuild  ruby-octokit... PASS

So in principle we could fix this issue without touching anything else.


signature.asc
Description: PGP signature

Re: Podman 3.0 and Debian bullseye

[Antonio Terceiro]

On Sat, Jan 30, 2021 at 05:29:37PM -0500, Reinhard Tartler wrote:
> On Sat, Jan 30, 2021 at 5:03 PM Antonio Terceiro 
> wrote:
> 
> > FWIW I have been using podman 3.0.0~rc1 from experimental for a few days
> > and haven't noticed anything wrong with it. I hope we can have that
> > version in bullseye.
> >
> 
> 
> Me too.
> 
> Dear release team, do you have any opinion on this topic?

Based on previous similar discussions I have seem in the past, my guess
is that the RT doesn't care either way, as long as it doesn't' affect
the rest of the archive and that the maintainer(s) think it's the best
option for the stable release.


signature.asc
Description: PGP signature

Re: Podman 3.0 and Debian bullseye

[Antonio Terceiro]

On Sun, Jan 24, 2021 at 08:02:26PM -0500, Reinhard Tartler wrote:
> Dear release-team,
> 
> I'm proposing to have podman 3.0 in debian/bullseye. As maintainer of the
> package, I'm convinced this is a good step for Debian because:
> 
>  - podman 3.0 will be included in RHEL 8.4, which will be released in May
> 2021. I expect security support for podman in Debian to become
> significantly simpler than let's say podman 2.2
>  - users have expressed interest in podman 2.2 or late (cf. #978650 and
> others)
>  - podman 3.0 implements enough of docker's REST API to support
> docker-compose (cf. https://www.redhat.com/sysadmin/podman-docker-compose)
>  - the salsa team has expressed interest in exploring podman to facilitate
> gitlab maintenance. I'd expect this update to make their lives
> significantly easier if included in the next stable release
> 
> Current concerns/risk:
> 
>  - Podman 3.0.0~rc1 was only just released, but I expect it to be released
> soon. After all, RHEL 8.4 is scheduled for May 2021
>  - Podman 3 drops the legacy varlink interface. To the best of my
> knowledge, there are no packages in debian/testing that would require
> varlink (please correct me if I'm wrong here). Not having to support
> varlink in Debian seems a support benefit, there is little to no love
> for it upstream.
>  - I've just uploaded podman 3.0 to debian/experimental, and is ready for
> wider testing. Uploading to unstable requires a couple of additional
> package updates in sid:
>- golang-github-containers-storage
>- golang-github-containers-image
>- golang-github-containers-common
>- golang-github-containers-buildah
> 
> I'm not really sure if this update required formal approval by the release
> team, but I'd really appreciate your input in any case.

FWIW I have been using podman 3.0.0~rc1 from experimental for a few days
and haven't noticed anything wrong with it. I hope we can have that
version in bullseye.


signature.asc
Description: PGP signature

Bug#965334: buster-pu: package ruby-ronn/0.8.0-2

[Antonio Terceiro]

On Sat, Jul 25, 2020 at 05:01:52PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2020-07-19 at 15:26 -0300, Antonio Terceiro wrote:
> > It was discovered that ronn fails to process input that contains UTF-
> > 8 characters due to a programming error
> > 
> 
> Please go ahead.

Uploaded, thanks.


signature.asc
Description: PGP signature

Bug#965334: buster-pu: package ruby-ronn/0.8.0-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
It was discovered that ronn fails to process input that contains UTF-8
characters due to a programming error

[ Impact ]
Not having this fix makes it impossible to process input with UTF-8.

[ Tests ]
I have add an autopkgtest that exposes the issue (fails without this
patch, passes with it)

[ Risks ]
Very low

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The fix is just removing the "s" flag from a regular expression. It was
obtained from upstream at https://github.com/apjanke/ronn-ng/pull/35

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 0cf8d08..fd7e234 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-ronn (0.8.0-2+deb10u1) buster; urgency=medium
+
+  * Team upload.
+  * Add an autopkgtest that exposes problem in processing UTF-8 input
+  * Fix handling of UTF-8 content in manpages (Closes: #965294)
+
+ -- Antonio Terceiro   Sun, 19 Jul 2020 13:50:53 -0300
+
 ruby-ronn (0.8.0-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/fix-utf8-content.patch b/debian/patches/fix-utf8-content.patch
new file mode 100644
index 000..9f62756
--- /dev/null
+++ b/debian/patches/fix-utf8-content.patch
@@ -0,0 +1,24 @@
+From 0dc86b83ee27a20d8a9d7bd85f7022a2db403f2f Mon Sep 17 00:00:00 2001
+From: Matteo Bernardini 
+Date: Sun, 6 Oct 2019 19:04:04 +0200
+Subject: [PATCH] Fix regex encoding: don't assume Windows-31J encoding
+
+Source: https://github.com/apjanke/ronn-ng/pull/35
+
+---
+ lib/ronn/roff.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ronn/roff.rb b/lib/ronn/roff.rb
+index 7c56d2c..f313a95 100644
+--- a/lib/ronn/roff.rb
 b/lib/ronn/roff.rb
+@@ -351,7 +351,7 @@ def quote(text)
+ def write(text)
+   return if text.nil? || text.empty?
+   # lines cannot start with a '.'. insert zero-width character before.
+-  text = text.gsub(/\n\\\./s, "\n&\\.")
++  text = text.gsub(/\n\\\./, "\n&\\.")
+   buf_ends_in_newline = @buf.last && @buf.last[-1] == "\n"
+   @buf << '\&' if text[0, 2] == '\.' && buf_ends_in_newline
+   @buf << text
diff --git a/debian/patches/series b/debian/patches/series
index 701d377..ae4940f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ relax-dependencies.patch
 rename-to-ronn.patch
 fix-ordered-lists.patch
 fix-url-hyphenation.patch
+fix-utf8-content.patch
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..9f8c752
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: utf8
+Restrictions: superficial, allow-stderr
diff --git a/debian/tests/utf8 b/debian/tests/utf8
new file mode 100644
index 000..913cd36
--- /dev/null
+++ b/debian/tests/utf8
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -eu
+
+cd ${AUTOPKGTEST_TMP:-/tmp}
+
+cat >> utf8.7.ronn <

signature.asc
Description: PGP signature

Bug#950655: #950655: buster-pu: package rubygems-integration/1.11+deb10u1

[Antonio Terceiro]

On Tue, Feb 04, 2020 at 02:44:28PM +0100, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Hello,
> 
> This update is part of a collaboration with upstream on their handling
> of deprecations in the rubygems codebase. See
> https://github.com/rubygems/rubygems/issues/3068 and the thread starting
> at https://lists.debian.org/debian-ruby/2020/01/msg00015.html for
> context.
> 
> In short: going forward, they want to only deprecate code on rubygems on
> new releases of the ruby interpreter (~ once a year). But for this time,
> there was a release where these warnings reached end users.
> 
> This is fixed by this update (patch attached). As you can see the patch
> is pretty simple and harmless.

> diff --git a/debian/changelog b/debian/changelog
> index 272a6dc..b2d099a 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +rubygems-integration (1.11+deb10u1) buster; urgency=medium
> +
> +  * Replace usage of Gem::ConfigMap with RbConfig::CONFIG
> +
> + -- Antonio Terceiro   Tue, 04 Feb 2020 14:11:57 +0100
> +
>  rubygems-integration (1.11) unstable; urgency=medium
>  
>[ Cédric Boutillier ]
> diff --git a/lib/rubygems/defaults/operating_system.rb 
> b/lib/rubygems/defaults/operating_system.rb
> index 461cfe4..f68f029 100644
> --- a/lib/rubygems/defaults/operating_system.rb
> +++ b/lib/rubygems/defaults/operating_system.rb
> @@ -7,7 +7,7 @@ class << Gem
>  
>alias :upstream_default_dir :default_dir
>def default_dir
> -File.join('/', 'var', 'lib', 'gems', Gem::ConfigMap[:ruby_version])
> +File.join('/', 'var', 'lib', 'gems', RbConfig::CONFIG["ruby_version"])
>end
>  
>alias :upstream_default_bindir :default_bindir
> @@ -26,8 +26,8 @@ class << Gem
>extra_path = File.join('/usr/share/rubygems-integration', '2.2')
>  end
>  
> -arch = Gem::ConfigMap[:arch]
> -api_version = Gem::ConfigMap[:ruby_version]
> +arch = RbConfig::CONFIG["arch"]
> +api_version = RbConfig::CONFIG["ruby_version"]
>  
>  upstream_default_path + [
>"/usr/lib/#{arch}/rubygems-integration/#{api_version}",

ping


signature.asc
Description: PGP signature

Bug#952792: closed by Ivo De Decker (remove chef)

[Antonio Terceiro]

Control: reopen -1

> Date: Sat, 29 Feb 2020 13:25:33 +
> From: Ivo De Decker 
> To: 952792-d...@bugs.debian.org
> Subject: remove chef
> Message-Id: 
> 
> Added removal hint for chef.

Hello,

I just noticed that I failed to check for reverse (build) dependencies.
So please also remove the following packages from testing:

foodcritic
ohai
ruby-cheffish
ruby-knife-acl
ruby-ridley

These are all part of the chef ecosystem, so we are not breaking
unrelated software.


signature.asc
Description: PGP signature

Bug#952792: RM: chef/13.8.7-6

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-CC: stefa...@debian.org, debian-r...@lists.debian.org

Please remove chef from testing. It's marked for autoremoval due to a RC
bug; fixing the RC bug will take a while (needs a new upstream release
which needs a few new dependencies to be packaged), it's blocking other
stuff from migrating to testing.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#950655: buster-pu: package rubygems-integration/1.11+deb10u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hello,

This update is part of a collaboration with upstream on their handling
of deprecations in the rubygems codebase. See
https://github.com/rubygems/rubygems/issues/3068 and the thread starting
at https://lists.debian.org/debian-ruby/2020/01/msg00015.html for
context.

In short: going forward, they want to only deprecate code on rubygems on
new releases of the ruby interpreter (~ once a year). But for this time,
there was a release where these warnings reached end users.

This is fixed by this update (patch attached). As you can see the patch
is pretty simple and harmless.
diff --git a/debian/changelog b/debian/changelog
index 272a6dc..b2d099a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+rubygems-integration (1.11+deb10u1) buster; urgency=medium
+
+  * Replace usage of Gem::ConfigMap with RbConfig::CONFIG
+
+ -- Antonio Terceiro   Tue, 04 Feb 2020 14:11:57 +0100
+
 rubygems-integration (1.11) unstable; urgency=medium
 
   [ Cédric Boutillier ]
diff --git a/lib/rubygems/defaults/operating_system.rb b/lib/rubygems/defaults/operating_system.rb
index 461cfe4..f68f029 100644
--- a/lib/rubygems/defaults/operating_system.rb
+++ b/lib/rubygems/defaults/operating_system.rb
@@ -7,7 +7,7 @@ class << Gem
 
   alias :upstream_default_dir :default_dir
   def default_dir
-File.join('/', 'var', 'lib', 'gems', Gem::ConfigMap[:ruby_version])
+File.join('/', 'var', 'lib', 'gems', RbConfig::CONFIG["ruby_version"])
   end
 
   alias :upstream_default_bindir :default_bindir
@@ -26,8 +26,8 @@ class << Gem
   extra_path = File.join('/usr/share/rubygems-integration', '2.2')
 end
 
-arch = Gem::ConfigMap[:arch]
-api_version = Gem::ConfigMap[:ruby_version]
+arch = RbConfig::CONFIG["arch"]
+api_version = RbConfig::CONFIG["ruby_version"]
 
 upstream_default_path + [
   "/usr/lib/#{arch}/rubygems-integration/#{api_version}",


signature.asc
Description: PGP signature

Bug#929214: release.debian.org - Add package constraint for cloud images

[Antonio Terceiro]

On Wed, Jun 12, 2019 at 09:03:04PM +0200, Paul Gevers wrote:
> Hi Bastian,
> 
> [CC adding debian-ci@l.d.o, please drop the bug in the next reply as it
> starts to become off-topic there.]
> 
> On 12-06-2019 20:52, Bastian Blank wrote:
> > On Wed, Jun 12, 2019 at 08:42:27PM +0200, Paul Gevers wrote:
> >> On 12-06-2019 20:01, Bastian Blank wrote:
> >>> I'm also not sure if the Debian autopkgtest infrastructure would be able
> >>> to do that and build images.  The actual testing runs via the Gitlab
> >>> CI.[1]
> >> You could very probably do it. Depending on how long such a build takes,
> > 
> > One build takes 3 minutes if it runs native and 13 minutes if it runs
> > via qemu-user.  However it needs awefull amount of network and disk IO.
> 
> I don't believe that should be a problem if that is an *or*. However,
> qemu will not work properly, right Antonio?

qemu-user probably works; qemu-system might work, but not with kvm
acceleration.

> > Does the Debian autopkgtest instance support "needs-root" and
> > "breaks-testbed"?
> 
> Yes and yes. The only thing we currently do not support *yet* is
> isolation-machine.
> 
> > The image build uses loop devices, hence
> > "needs-root", which can't be cleaned up properly, hence
> > "breaks-testbed".
> 
> That's no problem at all.

mounting loop devices would not work. (these tests probably also need
isolation-machine)


signature.asc
Description: PGP signature

Bug#929899: unblock: ruby2.5/2.5.5-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby2.5

2.5.5-3 contains just a patch to make it build on ia64.

the diff against the package in testing is attached.

unblock ruby2.5/2.5.5-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 5cab009b..d6eaca0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ruby2.5 (2.5.5-3) unstable; urgency=medium
+
+  * ia64: Don't clear register_stack_start (Closes: #928068)
+
+ -- Antonio Terceiro   Sun, 02 Jun 2019 10:16:57 -0300
+
 ruby2.5 (2.5.5-2) unstable; urgency=medium
 
   * debian/tests/excludes/: fix exclusion of Rinda tests that depend on
diff --git a/debian/patches/0011-ia64-Don-t-clear-register_stack_start.patch b/debian/patches/0011-ia64-Don-t-clear-register_stack_start.patch
new file mode 100644
index ..ed43e467
--- /dev/null
+++ b/debian/patches/0011-ia64-Don-t-clear-register_stack_start.patch
@@ -0,0 +1,25 @@
+From: James Clarke 
+Date: Fri, 26 Apr 2019 23:32:46 +0100
+Subject: ia64: Don't clear register_stack_start
+
+r59829 stopped clearing stack_start and enabled the code for
+!FIBER_USE_NATIVE, but we need to do the same for register_stack_start
+on ia64, otherwise we end up with NULL in cont_save_machine_stack.
+
+Closes: https://github.com/ruby/ruby/pull/2155
+---
+ cont.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/cont.c b/cont.c
+index 7b6864a..8ad8207 100644
+--- a/cont.c
 b/cont.c
+@@ -543,7 +543,6 @@ cont_save_thread(rb_context_t *cont, rb_thread_t *th)
+ sec->machine.stack_end = NULL;
+ 
+ #ifdef __ia64
+-sec->machine.register_stack_start = NULL;
+ sec->machine.register_stack_end = NULL;
+ #endif
+ }
diff --git a/debian/patches/series b/debian/patches/series
index e0cb0602..a6319c31 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
 0008-Disable-tests-failing-on-Ubuntu-builders.patch
 0009-test-test_pair-fix-deadlock-in-test_connect_accept_n.patch
 0010-test-use-larger-keys-for-SSL-tests.patch
+0011-ia64-Don-t-clear-register_stack_start.patch


signature.asc
Description: PGP signature

Bug#928940: unblock: ruby2.5/2.5.5-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby2.5. The latest uploaded fixes the one
pending RC bug. The fix is pretty simple, just putting 2 files in the
correct location.

the diff:

8<8<8<-
diff --git a/debian/changelog b/debian/changelog
index 370de1ed..5cab009b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby2.5 (2.5.5-2) unstable; urgency=medium
+
+  * debian/tests/excludes/: fix exclusion of Rinda tests that depend on
+network availability, by moving the existing excludes files to the correct
+location. (Closes: #927122)
+
+ -- Antonio Terceiro   Mon, 13 May 2019 10:55:06 -0300
+
 ruby2.5 (2.5.5-1) unstable; urgency=medium
 
   * New upstream version 2.5.5. Includes a series of bug fixes, most notably
diff --git a/debian/tests/excludes/any/TestRingFinger.rb 
b/debian/tests/excludes/any/Rinda/TestRingFinger.rb
similarity index 100%
rename from debian/tests/excludes/any/TestRingFinger.rb
rename to debian/tests/excludes/any/Rinda/TestRingFinger.rb
diff --git a/debian/tests/excludes/any/TestRingServer.rb 
b/debian/tests/excludes/any/Rinda/TestRingServer.rb
similarity index 100%
rename from debian/tests/excludes/any/TestRingServer.rb
rename to debian/tests/excludes/any/Rinda/TestRingServer.rb
8<8<8<-


unblock ruby2.5/2.5.5-2

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#927241: unblock: ruby-concurrent/1.0.5-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-concurrent

This fixes an autopkgtest failure (this is useful if we want to test
stable updates after buster is out). the change is trivial and has no
effect on the binaries produced.

8<8<8<-
diff --git a/debian/changelog b/debian/changelog
index bc70f4c..ee87263 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ruby-concurrent (1.0.5-3) unstable; urgency=medium
+
+  * Team upload.
+  * debian/control: drop `Testsuite: autopkgtest-pkg-ruby` to let autopkgtest
+run only the explicit debian/tests/control in this package, and not also
+run the default test produced by autodep8 (Closes: #926782)
+
+ -- Antonio Terceiro   Mon, 15 Apr 2019 12:52:29 -0300
+
 ruby-concurrent (1.0.5-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/control b/debian/control
index 5629f73..2f274b3 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,6 @@ Standards-Version: 4.0.0
 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-concurrent.git
 Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-concurrent
 Homepage: http://www.concurrent-ruby.com
-Testsuite: autopkgtest-pkg-ruby
 XS-Ruby-Versions: all
 
 Package: ruby-concurrent
8<8<8<-

unblock ruby-concurrent/1.0.5-3

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#927127: unblock: ruby-websocket/1.2.8-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-websocket

This fixes a file conflict with another package that invades its
namespace. The changes are trivial:

8<8<8<-
diff --git a/debian/changelog b/debian/changelog
index dc5fdfc..d49bace 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ruby-websocket (1.2.8-2) unstable; urgency=medium
+
+  * Team upload
+  * Add Breaks/Replaces against ruby-websocker-parser (Closes: #926254)
+
+ -- Antonio Terceiro   Sun, 14 Apr 2019 20:23:47 -0300
+
 ruby-websocket (1.2.8-1) unstable; urgency=medium
 
   * New upstream release 
diff --git a/debian/control b/debian/control
index 27f764d..2304613 100644
--- a/debian/control
+++ b/debian/control
@@ -20,6 +20,8 @@ XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  ${misc:Depends},
  ${shlibs:Depends}
+Breaks: ruby-websocket-parser (<= 1.0.0-1)
+Replaces: ruby-websocket-parser (<= 1.0.0-1)
 Description: Universal Ruby library to handle WebSocket protocol
  This library focuses on providing abstraction layer over
  WebSocket API instead of providing server or client
8<8<8<-

unblock ruby-websocket/1.2.8-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Re: Summary of the Arm ports BoF at DC18

[Antonio Terceiro]

On Sun, Apr 14, 2019 at 11:25:47PM +0200, Mattia Rizzolo wrote:
> Hi,
> 
> On Sun, Apr 14, 2019 at 09:20:51PM +0200, Paul Gevers wrote:
> > On 07-11-2018 20:15, Steve McIntyre wrote:
> > >> Currently all the amd64 CI nodes are VM's on Amazon EC2. There is
> > >> currently no arrangement for hosting actual hardware.
> > > 
> > > Right. I didn't realise that. In that case for arm*, would VMs on
> > > packet.net or similar work for us then?
> > 
> > While I was at the BSP in Paris, you promised ivodd that you would pass
> > us credentials for (I assume) packet.net. I assume you either didn't
> > have time yet, or forgot. In the latter case consider this a polite ping.
> 
> I'm assuming you are talking about the packet.net stuff that has been
> provided to debian.  TBOMK  nothing is using those credits atm.  I have
> admin access to the project and the team, so I can add you
> (incidentally, I don't see Steve in the least, so I wouldn't know how he
> would do it; there is only zumbi as an "owner", me as an "admin" and a
> few other people as "collaborator", including terceiro - so I expected
> you as a Debian CI to already have access).
> 
> Could you please check with terceiro?  He should have been CCed in a
> private thread back then, otherwise feel free to get in touch with me.

can you please add Paul? I signed up, but never had the bandwidth to
actually do anything, and now with DebConf getting closer I will have
even less time.

BTW Amazon also has arm64 instances now so maybe it would be easier to
use those instead.


signature.asc
Description: PGP signature

Bug#925923: unblock: ruby2.5/2.5.5-1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby2.5. This is a maintainance-only new upstream
release that includes fixes for important bugs, and 6 security bugs.

Changelog:

 ruby2.5 (2.5.5-1) unstable; urgency=medium
 .
   * New upstream version 2.5.5. Includes a series of bug fixes, most notably
 for 6 security bugs discovered in Rubygems:
 - CVE-2019-8320: Delete directory using symlink when decompressing tar
 - CVE-2019-8321: Escape sequence injection vulnerability in verbose
 - CVE-2019-8322: Escape sequence injection vulnerability in gem owner
 - CVE-2019-8323: Escape sequence injection vulnerability in API response
   handling
 - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
   execution
 - CVE-2019-8325: Escape sequence injection vulnerability in errors
   * Rebase patches. The following patches were applied upstream and dropped
 from the Debian package:
 - 0011-Update-for-tzdata-2018f.patch
 - 0012-test-update-test-certificate.patch

The full diff against the version in testing is attached. It's a bit
big, but I have reviewed the changes and there is nothing worrysome from
my POV. You will notice that a few functions are renamed, but they are
not part of the API or the ABI since they are not exported in the -dev
header files. Having this version in buster will make the maintainance
in stable a lot easier.

unblock ruby2.5/2.5.5-1

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#924497: unblock: bundler/1.17.3-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package bundler

This update fixes a bug that affects other packages that use bundler.
Changelog:

bundler (1.17.3-3) unstable; urgency=medium

  * Add test for locating bundler binaries
  * Switch to Rubygems installation layout (Closes: #914771)
* 0003-Do-not-add-system-path-to-RUBYLIB.patch: dropped, not necessary
  anymore
  * 0001-replace-call-to-git-ls-files-with-Dir.glob.patch: fix file listing
  * debian/install: removed, not necessary anymore

 -- Antonio Terceiro   Sat, 09 Mar 2019 08:41:37 -0300

A diff against the version in testing is attached.

unblock bundler/1.17.3-3

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 63563bc..1cc4472 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+bundler (1.17.3-3) unstable; urgency=medium
+
+  * Add test for locating bundler binaries
+  * Switch to Rubygems installation layout (Closes: #914771)
+* 0003-Do-not-add-system-path-to-RUBYLIB.patch: dropped, not necessary
+  anymore
+  * 0001-replace-call-to-git-ls-files-with-Dir.glob.patch: fix file listing
+  * debian/install: removed, not necessary anymore
+
+ -- Antonio Terceiro   Sat, 09 Mar 2019 08:41:37 -0300
+
 bundler (1.17.3-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/install b/debian/install
deleted file mode 100644
index be41aee..000
--- a/debian/install
+++ /dev/null
@@ -1 +0,0 @@
-lib/bundler/templates/newgem/travis.yml.tt /usr/lib/ruby/vendor_ruby/bundler/templates/newgem
diff --git a/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch b/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch
index 6d52c06..c470fd5 100644
--- a/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch
+++ b/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch
@@ -24,7 +24,7 @@ index 26fc322..b68627f 100644
 -  # we don't check in man pages, but we need to ship them because
 -  # we use them to generate the long-form help for each command.
 -  s.files += Dir.glob("man/**/*")
-+  s.files = Dir.glob("lib/**") + Dir.glob("exe/*") + Dir.glob("*.md") + Dir.glob("man/*")
++  s.files = Dir.glob('**/*') - Dir.glob('debian/**/*')
# Include the CHANGELOG.md, LICENSE.md, README.md manually
s.files += %w[CHANGELOG.md LICENSE.md README.md]
# include the gemspec itself because warbler breaks w/o it
diff --git a/debian/patches/0003-Do-not-add-system-path-to-RUBYLIB.patch b/debian/patches/0003-Do-not-add-system-path-to-RUBYLIB.patch
deleted file mode 100644
index 7735a6f..000
--- a/debian/patches/0003-Do-not-add-system-path-to-RUBYLIB.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: Christian Hofstaedtler 
-Date: Wed, 13 Jul 2016 15:51:52 +
-Subject: Do not add system path to RUBYLIB
-
-Bundler adds it's own installation path in front of RUBYLIB, but when
-this is the system ruby path, this causes system-wide installed gems
-to be used before bundler-installed gems.
-
-Closes: #830958
-Forwarded: not-needed
-Origin: vendor

- lib/bundler.rb| 6 --
- lib/bundler/shared_helpers.rb | 3 ---
- 2 files changed, 9 deletions(-)
-
-diff --git a/lib/bundler.rb b/lib/bundler.rb
-index 1cb3b4f..942f862 100644
 a/lib/bundler.rb
-+++ b/lib/bundler.rb
-@@ -296,12 +296,6 @@ EOF
- env["RUBYOPT"] = env["RUBYOPT"].sub "-rbundler/setup", ""
-   end
- 
--  if env.key?("RUBYLIB")
--rubylib = env["RUBYLIB"].split(File::PATH_SEPARATOR)
--rubylib.delete(File.expand_path("..", __FILE__))
--env["RUBYLIB"] = rubylib.join(File::PATH_SEPARATOR)
--  end
--
-   env
- end
- 
-diff --git a/lib/bundler/shared_helpers.rb b/lib/bundler/shared_helpers.rb
-index 3e2fe24..06c1c78 100644
 a/lib/bundler/shared_helpers.rb
-+++ b/lib/bundler/shared_helpers.rb
-@@ -339,9 +339,6 @@ module Bundler
- end
- 
- def set_rubylib
--  rubylib = (ENV["RUBYLIB"] || "").split(File::PATH_SEPARATOR)
--  rubylib.unshift bundler_ruby_lib
--  Bundler::SharedHelpers.set_env "RUBYLIB", rubylib.uniq.join(File::PATH_SEPARATOR)
- end
- 
- def bundler_ruby_lib
diff --git a/debian/patches/series b/debian/patches/series
in

Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5

[Antonio Terceiro]

On Sat, Mar 09, 2019 at 02:12:26PM +, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
> 
> On Sat, 2019-03-09 at 11:01 -0300, Antonio Terceiro wrote:
> > On Sat, Mar 09, 2019 at 01:56:02PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Sun, 2019-02-24 at 21:27 -0300, Antonio Terceiro wrote:
> > > > this update fixes 2 FTBFS bugs on stretch. All of the changes are
> > > > in
> > > > the test suite, so there are no functional changes.
> > > 
> > > [...]
> > > > ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
> > > > 
> > > >   * Backport upstream patches to fix FTBFS due to expired SSL
> > > > certificate and
> > > > timezone changes (Closes: #91)
> > > > - imap: update test certificate
> > > > - timezone changes for Japan and Kiritimati
> > > >   * test/ruby/test_gc.rb: skip entirely; some tests in there can
> > > > fail
> > > > unpredictably on buildds (Closes: #912740)
> > > 
> > > Does this resolve all of the FTBFS issues that are currently
> > > keeping
> > > 2.3.3-1+deb9u4 from being accepted into stable-new? (I'm hoping
> > > that's
> > > what the #912740 does, but would like to be sure.)
> > 
> > Yes
> 
> Thanks for the quick response; please go ahead.

Uploaded


signature.asc
Description: PGP signature

Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5

[Antonio Terceiro]

On Sat, Mar 09, 2019 at 01:56:02PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Sun, 2019-02-24 at 21:27 -0300, Antonio Terceiro wrote:
> > this update fixes 2 FTBFS bugs on stretch. All of the changes are in
> > the test suite, so there are no functional changes.
> [...]
> > ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
> > 
> >   * Backport upstream patches to fix FTBFS due to expired SSL
> > certificate and
> > timezone changes (Closes: #91)
> > - imap: update test certificate
> > - timezone changes for Japan and Kiritimati
> >   * test/ruby/test_gc.rb: skip entirely; some tests in there can fail
> > unpredictably on buildds (Closes: #912740)
> 
> Does this resolve all of the FTBFS issues that are currently keeping
> 2.3.3-1+deb9u4 from being accepted into stable-new? (I'm hoping that's
> what the #912740 does, but would like to be sure.)

Yes


signature.asc
Description: PGP signature

Bug#922300: unblock: chef/13.8.7-3, ohai/13.8.0-1

[Antonio Terceiro]

On Thu, Feb 14, 2019 at 09:42:42AM -0200, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Please unblock package chef
> 
> Hi,
> 
> The ci.debian.net nodes are managed with chef, and during the weekend I
> realized that it was not in testing. There was an RC bug against chef (FTBFS, 
> 3
> tests broken by an update to the test framework, package just worked
> nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I fixed both, and
> they were ACCEPTED in unstable Sunday morning within less than one hour of 
> each
> other (ruby-cheffish at 11:53:21 + and chef at 12:34:15 +)
> 
> https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/
> https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/

FWIW today I noticed a new item in the chef migration excuses that was
not there when I opened this bug, a piuparts regression. I made a new
upload with a trivial patch fixing only that.


signature.asc
Description: PGP signature

Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi

this update fixes 2 FTBFS bugs on stretch. All of the changes are in the
test suite, so there are no functional changes.

 debian/changelog  |  11 +++
 test/net/imap/cacert.pem  |  86 
++
 test/net/imap/server.crt  | 110 
--
 test/net/imap/server.key  |  43 ---
 test/ruby/test_gc.rb  |   2 +-
 test/ruby/test_time_tz.rb |  38 --
 6 files changed, 166 insertions(+), 124 deletions(-)

Changelog:

ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium

  * Backport upstream patches to fix FTBFS due to expired SSL certificate and
timezone changes (Closes: #91)
- imap: update test certificate
- timezone changes for Japan and Kiritimati
  * test/ruby/test_gc.rb: skip entirely; some tests in there can fail
unpredictably on buildds (Closes: #912740)

 -- Antonio Terceiro   Sat, 23 Feb 2019 18:31:45 -0300

The full diff is attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index cb2d07df..76f1e87f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
+
+  * Backport upstream patches to fix FTBFS due to expired SSL certificate and
+timezone changes (Closes: #91)
+- imap: update test certificate
+- timezone changes for Japan and Kiritimati
+  * test/ruby/test_gc.rb: skip entirely; some tests in there can fail
+unpredictably on buildds (Closes: #912740)
+
+ -- Antonio Terceiro   Sat, 23 Feb 2019 18:31:45 -0300
+
 ruby2.3 (2.3.3-1+deb9u4) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/test/net/imap/cacert.pem b/test/net/imap/cacert.pem
index 70733878..f623bd62 100644
--- a/test/net/imap/cacert.pem
+++ b/test/net/imap/cacert.pem
@@ -1,66 +1,24 @@
-Certificate:
-Data:
-Version: 3 (0x2)
-Serial Number:
-b9:90:a2:bf:62:69:17:9c
-Signature Algorithm: sha1WithRSAEncryption
-Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=secur...@ruby-lang.org
-Validity
-Not Before: Jan  3 01:34:17 2014 GMT
-Not After : Jan  2 01:34:17 2019 GMT
-Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=secur...@ruby-lang.org
-Subject Public Key Info:
-Public Key Algorithm: rsaEncryption
-RSA Public Key: (1024 bit)
-Modulus (1024 bit):
-00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6:
-bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be:
-9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13:
-9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5:
-b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40:
-0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d:
-a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89:
-af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6:
-d0:fc:d6:eb:fc:06:82:10:fb
-Exponent: 65537 (0x10001)
-X509v3 extensions:
-X509v3 Subject Key Identifier: 
-E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
-X509v3 Authority Key Identifier: 
-keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
-DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=secur...@ruby-lang.org
-serial:B9:90:A2:BF:62:69:17:9C
-
-X509v3 Basic Constraints: 
-CA:TRUE
-Signature Algorithm: sha1WithRSAEncryption
-8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95:
-f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8:
-61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56:
-d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a:
-08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e:
-84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e:
-35:03:ea:0a:65:5a:33:38:c6:cc:81:46:c0:bc:36:86:96:39:
-10:7d
 -BEGIN

Bug#922300: unblock: chef/13.8.7-3, ohai/13.8.0-1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

Please unblock package chef

Hi,

The ci.debian.net nodes are managed with chef, and during the weekend I
realized that it was not in testing. There was an RC bug against chef (FTBFS, 3
tests broken by an update to the test framework, package just worked
nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I fixed both, and
they were ACCEPTED in unstable Sunday morning within less than one hour of each
other (ruby-cheffish at 11:53:21 + and chef at 12:34:15 +)

https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/
https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/

ruby-cheffish migrated to testing before the freeze, but chef didn't
even though they have a pathological circular build dependency. So
ruby-cheffish can't be built in buster at the moment:

The following packages have unmet dependencies:
 builddeps:ruby-cheffish : Depends: chef but it is not installable
E: Unable to correct problems, you have held broken packages.'

Maybe this a bug in britney; it should have migrated either both or none
of them, but not one without the other.

I would very much prefer to have this fixed by having chef migrate, since 1)
that would make my life maintaining ci.debian.net much easier and 2) it will
save a lot of Debian users the pain of not having chef in stable. OTOH I
realize chef that the fixes came in late, so if it's unacceptable to have it in
buster, ruby-cheffish needs to be removed.

So I would ask you to

unblock chef/13.8.7-3
unstable ohai/13.8.0-1

(ohai also has a circular dependency with chef and was removed from testing
because of chef)

OR

remove ruby-cheffish/13.1.0-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Re: chef and ruby-cheffish in buster

[Antonio Terceiro]

On Tue, Feb 12, 2019 at 10:11:21PM -0200, Antonio Terceiro wrote:
> Hi,
> 
> The ci.debian.net nodes are managed with chef, and during the weekend I
> realized that it was not in testing. There was an RC bug against chef
> (FTBFS, 3 tests broken by an update to the test framework, package just
> worked nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I
> fixed both, and uploaded ruby-cheffish Saturday night and chef Sunday
> morning.

FWIW I just double checked and the actual uploads were both done Sunday
morning (11:53:21 + and 12:34:15 +)

https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/
https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/


signature.asc
Description: PGP signature

chef and ruby-cheffish in buster

[Antonio Terceiro]

Hi,

The ci.debian.net nodes are managed with chef, and during the weekend I
realized that it was not in testing. There was an RC bug against chef
(FTBFS, 3 tests broken by an update to the test framework, package just
worked nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I
fixed both, and uploaded ruby-cheffish Saturday night and chef Sunday
morning.

ruby-cheffish migrated to testing before the freeze, but chef didn't
even though they have a pathological circular build dependency, so
ruby-cheffish can't be built in buster at the moment:

The following packages have unmet dependencies:
 builddeps:ruby-cheffish : Depends: chef but it is not installable
E: Unable to correct problems, you have held broken packages.'

Maybe this a bug in britney; it should have migrated either both or none
of them, but not one without the other.

This needs to be fixed somehow. I would very much prefer to have chef
migrate, since 1) that would make my life maintaining ci.debian.net much
easier and 2) it will save a lot of Debian users the pain of not having
chef in stable. OTOH I realize chef was fixed too late, so if it's
unacceptable to have it in buster, ruby-cheffish needs to be removed.

Thanks in advance.


signature.asc
Description: PGP signature

Re: Proposal: Repository for fast-paced package backports

[Antonio Terceiro]

On Wed, Dec 26, 2018 at 01:04:44PM +0530, Pirate Praveen wrote:
> If it has to be completely separate from -backports, it means some packages 
> will need to be maintained twice, even when they meet the criteria for 
> backports fully, just because a package in volatile declare a dependency on 
> them.

There is nothing that stops you, or whoever wants to maintain this newn
repository from doing it in a way that 1) reuses what's already in
backports, even automatically and 2) adds the bits that are not deemed
appropriate for backports.


signature.asc
Description: PGP signature

Bug#909119: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

On Sat, Oct 06, 2018 at 05:50:33PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2018-09-18 at 10:22 -0700, Antonio Terceiro wrote:
> > vagrant from stretch currently refuses to work with VirtualBox 5.2
> > from
> > stretch-backports. This update just backports the few changes needed
> > to
> > make it work. The changes are pretty trivial.
> > 
> > VirtualBox is not in stretch, so users are getting it either from
> > stretch-backports or from upstream's .deb package; without this
> > update
> > vagrant will most likely be broken for most VirtualBox users. It
> > would
> > be nice if we can release this update.
> > 
> 
> Please go ahead.

Just uploaded, thanks.


signature.asc
Description: PGP signature

Bug#910371: stretch-pu: package lxcfs/2.0.7-1.1

[Antonio Terceiro]

On Sat, 6 Oct 2018 14:21:45 +0200 Michael Banck  wrote:
> On Fri, Oct 05, 2018 at 05:18:51PM +0200, Michael Banck wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: stretch
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Hi,
> > 
> > I would like to upload a lxcfs NMU to stable, fixing Bug #885542. This
> > would be useful for ci.debian.net autopkgtest, as ci.debian.net
> > currenlty runs lxc from stable.
> 
> PFA the debdiff.

ACK from my part as well.


signature.asc
Description: PGP signature

Bug#909119: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

vagrant from stretch currently refuses to work with VirtualBox 5.2 from
stretch-backports. This update just backports the few changes needed to
make it work. The changes are pretty trivial.

VirtualBox is not in stretch, so users are getting it either from
stretch-backports or from upstream's .deb package; without this update
vagrant will most likely be broken for most VirtualBox users. It would
be nice if we can release this update.

diff against the version in stretch is attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 48bff55..04885d8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+vagrant (1.9.1+dfsg-1+deb9u2) stretch; urgency=medium
+
+  * Backport support for VirtualBox 5.2 (available in stretch-backports)
+(Closes: #908826)
+
+ -- Antonio Terceiro   Sat, 15 Sep 2018 09:23:23 -0300
+
 vagrant (1.9.1+dfsg-1+deb9u1) stretch; urgency=medium
 
   * 0008-Convert-atlas-references-to-vagrant-cloud.patch: backport upstream
diff --git a/debian/patches/0009-Backport-support-for-VirtualBox-5.2.patch b/debian/patches/0009-Backport-support-for-VirtualBox-5.2.patch
new file mode 100644
index 000..46ec4a9
--- /dev/null
+++ b/debian/patches/0009-Backport-support-for-VirtualBox-5.2.patch
@@ -0,0 +1,58 @@
+From: Antonio Terceiro 
+Date: Sat, 15 Sep 2018 09:22:39 -0300
+Subject: Backport support for VirtualBox 5.2
+
+Signed-off-by: Antonio Terceiro 
+---
+ plugins/providers/virtualbox/driver/meta.rb|  1 +
+ plugins/providers/virtualbox/driver/version_5_2.rb | 16 
+ plugins/providers/virtualbox/plugin.rb |  1 +
+ 3 files changed, 18 insertions(+)
+ create mode 100644 plugins/providers/virtualbox/driver/version_5_2.rb
+
+diff --git a/plugins/providers/virtualbox/driver/meta.rb b/plugins/providers/virtualbox/driver/meta.rb
+index 0dd186d..ec457a8 100644
+--- a/plugins/providers/virtualbox/driver/meta.rb
 b/plugins/providers/virtualbox/driver/meta.rb
+@@ -62,6 +62,7 @@ module VagrantPlugins
+ "4.3" => Version_4_3,
+ "5.0" => Version_5_0,
+ "5.1" => Version_5_1,
++"5.2" => Version_5_2,
+   }
+ 
+   if @@version.start_with?("4.2.14")
+diff --git a/plugins/providers/virtualbox/driver/version_5_2.rb b/plugins/providers/virtualbox/driver/version_5_2.rb
+new file mode 100644
+index 000..cd6c0b6
+--- /dev/null
 b/plugins/providers/virtualbox/driver/version_5_2.rb
+@@ -0,0 +1,16 @@
++require File.expand_path("../version_5_1", __FILE__)
++
++module VagrantPlugins
++  module ProviderVirtualBox
++module Driver
++  # Driver for VirtualBox 5.2.x
++  class Version_5_2 < Version_5_1
++def initialize(uuid)
++  super
++
++  @logger = Log4r::Logger.new("vagrant::provider::virtualbox_5_2")
++end
++  end
++end
++  end
++end
+diff --git a/plugins/providers/virtualbox/plugin.rb b/plugins/providers/virtualbox/plugin.rb
+index 399747a..090bc50 100644
+--- a/plugins/providers/virtualbox/plugin.rb
 b/plugins/providers/virtualbox/plugin.rb
+@@ -57,6 +57,7 @@ module VagrantPlugins
+   autoload :Version_4_3, File.expand_path("../driver/version_4_3", __FILE__)
+   autoload :Version_5_0, File.expand_path("../driver/version_5_0", __FILE__)
+   autoload :Version_5_1, File.expand_path("../driver/version_5_1", __FILE__)
++  autoload :Version_5_2, File.expand_path("../driver/version_5_2", __FILE__)
+ end
+ 
+ module Model
diff --git a/debian/patches/series b/debian/patches/series
index 102bab3..86a1757 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 0006-Relax-dependency-resolution.patch
 0007-Update-command.rb.patch
 0008-Convert-atlas-references-to-vagrant-cloud.patch
+0009-Backport-support-for-VirtualBox-5.2.patch


signature.asc
Description: PGP signature

Re: autopkgtest gating migration, nearly there. But ...

[Antonio Terceiro]

On Fri, Sep 14, 2018 at 10:39:36PM +0200, Paul Gevers wrote:
> Dear all,
> 
> We are nearly there to enable migration being gated by autopkgtest
> results. Unfortunately I recently realized (after implementation and
> deployment of what I thought would be the solution) that the current
> situation is possibly not good enough yet. I'd like to solicit for your
> help on determining the way forward.
> 
> This e-mail is basically a follow-up of my earlier e-mail [1] about
> needed improvements. Before I start with my real issue, let me note that
>  needs-recommends is now deprecated (it is still supported, but the docs
> and lintian warn against it). So I don't bother about it anymore, except
> somebody (me) still has to fix autodep8 to not emit it.
> 
> Let me describe the problem and the current status. The migration
> software (britney2) is now taking versioned dependencies, breaks and
> conflicts of the binary packages from the source package that wants to
> migrate into account when requesting the tests. It will add versioned
> dependencies that are not in testing and it will add packages from
> unstable when their version in testing is broken by (or conflicts with)
> anything needed from unstable (recursively). However, it is not having
> enough information to do this well (at least, I fear), because of the
> following:
> 
> 1) it only knows the Testsuite-Triggers, but it is missing possible
> version information of test dependencies. (Possibly fixable by
> dpkg-source, but that will take time to propagate and then the
> Testsuite-Trigger field changes syntax and meaning).
>
> 2) @builddeps@ is not resolved by dpkg-source, so the migration software
> doesn't know if build-depends should be evaluated for the list
> (currently the migration software doesn't add them). (Possibly "fixable"
> by always evaluating them, or possibly fixable by enhancing dpkg-source).
> 
> 3) test dependencies generated by autodep8 are fully unknown to the
> migration software. It seems (but I haven't verified properly) that e.g.
> with r packages the test dependencies can be versioned as well.

maybe debci could cache the actual test dependencies considered for a
given package, including expansion @builddeps@ and stuff produced by
autodep8, so that britney2 can query that information to calculate its
required tests?

a simple action plan would be:

- make autopkgtst output the "expanded" control file considered for each
  test
- make debci store that data in the database and expose it via the API
  (exact format TBD)
- make britney2 query that API


signature.asc
Description: PGP signature

Bug#893765: transition: ruby2.3

[Antonio Terceiro]

On Tue, Mar 27, 2018 at 01:02:53AM +0200, Emilio Pozuelo Monfort wrote:
> Control: tags -1 confirmed
> 
> On 22/03/18 03:38, Antonio Terceiro wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > 
> > ruby2.5 has been made the default and the ruby2.5 transition has been
> > finished succesfully. there is a pending issue with graphviz on armel,
> > but that is beyond what we can do ATM.
> > 
> > So I would like to remove ruby2.3 now.
> 
> Go ahead.

Thanks.

Please binNMU the following packages (dependency level 1):

hivex
libselinux
qdbm
raspell
remctl
rrdtool
ruby-allocations
ruby-atomic
ruby-augeas
ruby-bcrypt
ruby-bcrypt-pbkdf
ruby-bert
ruby-cairo
ruby-charlock-holmes
ruby-concurrent-ext
ruby-curb
ruby-curses
ruby-dataobjects-mysql
ruby-dataobjects-postgres
ruby-dataobjects-sqlite3
ruby-debian
ruby-debug-inspector
ruby-eb
ruby-escape-utils
ruby-eventmachine
ruby-exif
ruby-fast-blank
ruby-fast-stemmer
ruby-fast-xs
ruby-fcgi
ruby-ferret
ruby-ffi
ruby-ffi-yajl
ruby-filesystem
ruby-fusefs
ruby-gd
ruby-gnome2
ruby-god
ruby-google-protobuf
ruby-gpgme
ruby-hiredis
ruby-hitimes
ruby-json
ruby-kgio
ruby-kyotocabinet
ruby-ldap
ruby-levenshtein
ruby-libvirt
ruby-libxml
ruby-mecab
ruby-mmap2
ruby-mysql2
ruby-narray
ruby-ncurses
ruby-nfc
ruby-nio4r
ruby-nokogiri
ruby-odbc
ruby-oily-png
ruby-openssl
ruby-ox
ruby-pcaprub
ruby-pg
ruby-posix-spawn
ruby-prof
ruby-prometheus-client-mmap
ruby-psych
ruby-rblineprof
ruby-rdiscount
ruby-re2
ruby-redcarpet
ruby-redcloth
ruby-rinku
ruby-rjb
ruby-rmagick
ruby-rpam-ruby19
ruby-rpatricia
ruby-rugged
ruby-sdl
ruby-sequel-pg
ruby-serialport
ruby-shadow
ruby-sigar
ruby-termios
ruby-timfel-krb5-auth
ruby-tioga
ruby-tokyocabinet
ruby-uconv
ruby-unf-ext
ruby-unicode
ruby-version-sorter
ruby-vmstat
ruby-websocket-driver
ruby-xmlhash
ruby-xmlparser
ruby-yajl
ruby-zoom
stfl
xapian-bindings
xmms2


signature.asc
Description: PGP signature

Bug#893765: transition: ruby2.3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

ruby2.5 has been made the default and the ruby2.5 transition has been
finished succesfully. there is a pending issue with graphviz on armel,
but that is beyond what we can do ATM.

So I would like to remove ruby2.3 now.

Ben file:

title = "ruby2.3-rm";
is_affected = (.depends ~ /ruby2.3 | .depends ~ /ruby2.5/) & !.source ~ 
/^(ruby2.3|ruby2.5|ruby-defaults)$/)
is_good = ! .depends ~ /ruby2.3/
is_bad = .depends ~ /ruby2.3/

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #5, and next steps

[Antonio Terceiro]

On Sat, Mar 10, 2018 at 04:26:03AM +0100, Andreas Beckmann wrote:
> On Fri, 9 Mar 2018 11:53:17 -0300 Antonio Terceiro <terce...@debian.org>
> wrote:
> > ruby-pgplot: it's in contrib and has a dependency on a non-free package,
> > so it can't be built on buildds. I could do binary uploads myself now,
> > or ask someone who cares about it to do that, but then when it's time to
> > drop ruby2.3 I would need to do that again, and I would prefer to do it
> > just once. I just reported a serious bugs about this.
> 
> If you have the infrastructure ready to do contrib/non-free binNMUs (and
> some experience with it), this is not really much work. Uploaded a +b1
> binNMU. Please ping me once you need the ruby2.5-only binNMU.

I have neither the infra ready nor the experience, so thank you lot for
your help with this! :-)


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #5, and next steps

[Antonio Terceiro]

Hi,

Please binNMU:

obexftp
ruby-bcrypt-pbkdf

Now we need to discuss what to do wrt the few pending packages.

weechat: #892072 [S|+|  ] [src:weechat] weechat: build against ruby2.5

uwsgi: #892074 [S  |  ] [src:uwsgi] uwsgi: FTBFS with ruby2.5 as default

graphviz: is missing on armel, because guile-2.2-dev is missing on armel. I
asked on #debian-buildd and Julien told me that guile-2.2-dev brings the
buildds down.

ruby-prof: I just uploaded an update that will make it build fine on s390x.

ruby-pgplot: it's in contrib and has a dependency on a non-free package,
so it can't be built on buildds. I could do binary uploads myself now,
or ask someone who cares about it to do that, but then when it's time to
drop ruby2.3 I would need to do that again, and I would prefer to do it
just once. I just reported a serious bugs about this.

My suggestion would be to remove weechat, uwsgi and ruby-pgplot from
testing, remove graphviz from testing on armel, and unblock the
transition. But, of course, this is your call.


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #4

[Antonio Terceiro]

Hi,

I just uploaded ruby-defaults 1:2.5.0 making the switch in unstable.
Binaries should be available in a few hours from now.

Please binNMU the following packages:

broccoli-ruby
dislocker
geos
graphviz
kross-interpreters
libprelude
marisa
nbdkit
ngraph-gtk
notmuch
redland-bindings
rubyluabridge
ruby-standalone
subtle
subversion
treil
vim
vim-command-t

Pending:

obexftpneeds a fix to be released in gem2deb 0.38
uwsgi  #892074 [S  |  ] [src:uwsgi] uwsgi: FTBFS with ruby2.5 as default
weechat#892072 [S|+|  ] [src:weechat] weechat: build against ruby2.5


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #3

[Antonio Terceiro]

On Sun, Feb 25, 2018 at 02:57:37PM +0100, Emilio Pozuelo Monfort wrote:
> On 25/02/18 14:43, Antonio Terceiro wrote:
> > Hi,
> > 
> > On Wed, Feb 21, 2018 at 09:33:44AM +0100, Emilio Pozuelo Monfort wrote:
> >> On 07/02/18 01:21, Antonio Terceiro wrote:
> >>> Please binNMU:
> >>>
> >>> libguestfs
> >>> mapserver
> >>> passenger
> >>> nbdkit
> >>
> >> Any update here?
> > 
> > Almost all of the the missing packages build for the default version of
> > Ruby, so they need to be binNMUed after the switch.
> > 
> > Apart from those, I would like to have ruby-json and ruby-rmagick fixed
> > before doing the switch. However I could leave ruby-rmagick to be fixed
> > after, but ruby-json has too many reverse dependencies for that. There
> > is work underway on ruby-rmagick, and I will look into ruby-json today.
> > 
> > With ruby-json fixed, I would like to go ahead and do the switch. How
> > does that sound?
> 
> Definitely fix ruby-json before doing the switch. Fixing ruby-rmagick would be
> good too, I think we can wait a bit for those. Thanks for the update.

Both are now fixed in unstable, I will switch to ruby2.5 soon.


signature.asc
Description: PGP signature

Bug#891484: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

On Tue, Feb 27, 2018 at 06:41:01PM +, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
> 
> On Mon, 2018-02-26 at 18:36 -0300, Antonio Terceiro wrote:
> > On Mon, Feb 26, 2018 at 08:42:56PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Sun, 2018-02-25 at 22:10 -0300, Antonio Terceiro wrote:
> > > > The platform from where vagrant downloads images has been
> > > > discontinued
> > > > and we need to switch the default download location plus
> > > > documentation,
> > > > usage messages etc to match the new platform. Without this
> > > > update,
> > > > vagrant is pretty useless.
> > > > 
> > > 
> > > So far as I can tell, this issue also affects the version of
> > > vagrant in
> > > unstable and has not yet been fixed there. Assuming that's correct,
> > > the
> > > bug will need resolving in unstable first.
> > 
> > Ah, I thought I adjusted the bug metadata yesterday, but it seems I
> > didn't.
> > 
> > No, unstable is not affected. This has been done upstream for a
> > while,
> > this update is a backport of the change -- which we already have in
> > the
> > version in unstable -- to stable.
> 
> Thanks. Please feel free to upload.

uploaded.


signature.asc
Description: PGP signature

Bug#891484: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

On Mon, Feb 26, 2018 at 08:42:56PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Sun, 2018-02-25 at 22:10 -0300, Antonio Terceiro wrote:
> > The platform from where vagrant downloads images has been
> > discontinued
> > and we need to switch the default download location plus
> > documentation,
> > usage messages etc to match the new platform. Without this update,
> > vagrant is pretty useless.
> > 
> 
> So far as I can tell, this issue also affects the version of vagrant in
> unstable and has not yet been fixed there. Assuming that's correct, the
> bug will need resolving in unstable first.

Ah, I thought I adjusted the bug metadata yesterday, but it seems I
didn't.

No, unstable is not affected. This has been done upstream for a while,
this update is a backport of the change -- which we already have in the
version in unstable -- to stable.


signature.asc
Description: PGP signature

Bug#891484: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

The platform from where vagrant downloads images has been discontinued
and we need to switch the default download location plus documentation,
usage messages etc to match the new platform. Without this update,
vagrant is pretty useless.

Changelog:

vagrant (1.9.1+dfsg-1+deb9u1) stretch; urgency=medium

  * 0008-Convert-atlas-references-to-vagrant-cloud.patch: backport upstream
patch to download boxes from app.vagrantcloud.com instead of the
deprecated atlas.hashicorp.com (Closes: #889873)

 -- Antonio Terceiro <terce...@debian.org>  Sun, 25 Feb 2018 21:54:18 -0300

Diff against package in stretch attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 39dbcb2..48bff55 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+vagrant (1.9.1+dfsg-1+deb9u1) stretch; urgency=medium
+
+  * 0008-Convert-atlas-references-to-vagrant-cloud.patch: backport upstream
+patch to download boxes from app.vagrantcloud.com instead of the
+deprecated atlas.hashicorp.com (Closes: #889873)
+
+ -- Antonio Terceiro <terce...@debian.org>  Sun, 25 Feb 2018 21:54:18 -0300
+
 vagrant (1.9.1+dfsg-1) unstable; urgency=medium
 
   * New upstream version 1.9.1+dfsg
diff --git a/debian/patches/0008-Convert-atlas-references-to-vagrant-cloud.patch b/debian/patches/0008-Convert-atlas-references-to-vagrant-cloud.patch
new file mode 100644
index 000..20533be
--- /dev/null
+++ b/debian/patches/0008-Convert-atlas-references-to-vagrant-cloud.patch
@@ -0,0 +1,286 @@
+From: Chris Roberts <c...@chrisroberts.org>
+Date: Sun, 25 Feb 2018 21:53:24 -0300
+Subject: Convert atlas references to vagrant cloud
+
+Backported-by: Antonio Terceiro <terce...@debian.org>
+---
+ lib/vagrant/shared_helpers.rb   |  4 ++--
+ plugins/commands/box/command/add.rb |  2 +-
+ plugins/commands/login/client.rb| 21 -
+ plugins/commands/login/command.rb   |  8 
+ plugins/commands/login/locales/en.yml   | 10 +-
+ .../commands/login/middleware/add_authentication.rb |  3 ++-
+ plugins/commands/login/plugin.rb|  2 +-
+ templates/commands/init/Vagrantfile.erb |  9 +
+ templates/locales/en.yml|  8 
+ test/unit/plugins/commands/login/client_test.rb |  4 ++--
+ 10 files changed, 34 insertions(+), 37 deletions(-)
+
+diff --git a/lib/vagrant/shared_helpers.rb b/lib/vagrant/shared_helpers.rb
+index ffe61e5..93f4c11 100644
+--- a/lib/vagrant/shared_helpers.rb
 b/lib/vagrant/shared_helpers.rb
+@@ -5,12 +5,12 @@ require "thread"
+ module Vagrant
+   @@global_lock = Mutex.new
+ 
+-  # This is the default endpoint of the Atlas in
++  # This is the default endpoint of the Vagrant Cloud in
+   # use. API calls will be made to this for various functions
+   # of Vagrant that may require remote access.
+   #
+   # @return [String]
+-  DEFAULT_SERVER_URL = "https://atlas.hashicorp.com;
++  DEFAULT_SERVER_URL = "https://vagrantcloud.com;
+ 
+   # This holds a global lock for the duration of the block. This should
+   # be invoked around anything that is modifying process state (such as
+diff --git a/plugins/commands/box/command/add.rb b/plugins/commands/box/command/add.rb
+index 5545ea2..d8ae063 100644
+--- a/plugins/commands/box/command/add.rb
 b/plugins/commands/box/command/add.rb
+@@ -40,7 +40,7 @@ module VagrantPlugins
+ end
+ 
+ o.separator ""
+-o.separator "The box descriptor can be the name of a box on HashiCorp's Atlas,"
++o.separator "The box descriptor can be the name of a box on HashiCorp's Vagrant Cloud,"
+ o.separator "or a URL, or a local .box file, or a local .json file containing"
+ o.separator "the catalog metadata."
+ o.separator ""
+diff --git a/plugins/commands/login/client.rb b/plugins/commands/login/client.rb
+index 04b6ee0..fb2dd05 100644
+--- a/plugins/commands/login/client.rb
 b/plugins/commands/login/client.rb
+@@ -86,28 +86,26 @@ module VagrantPlugins
+   end
+ 
+   # Reads the access token if there is one. This will first read the
+-  # `ATLAS_TOKEN` environment variable and then fallback to the stored
++ 

Bug#888788: stretch-pu: package lxc/1:2.0.7-2+deb9u2

[Antonio Terceiro]

On Fri, Feb 23, 2018 at 04:58:11PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2018-01-29 at 20:40 -0200, Antonio Terceiro wrote:
> > iproute has been a transitional package for a while, but the lxc-
> > debian
> > template was refering to it. Now that iproute has been finally
> > removed,
> > creating buster or sid containers fails.
> > 
> > This update replaces iproute with iproute2. I am running it on
> > ci.debian.net
> > 
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #3

[Antonio Terceiro]

Hi,

On Wed, Feb 21, 2018 at 09:33:44AM +0100, Emilio Pozuelo Monfort wrote:
> On 07/02/18 01:21, Antonio Terceiro wrote:
> > Please binNMU:
> > 
> > libguestfs
> > mapserver
> > passenger
> > nbdkit
> 
> Any update here?

Almost all of the the missing packages build for the default version of
Ruby, so they need to be binNMUed after the switch.

Apart from those, I would like to have ruby-json and ruby-rmagick fixed
before doing the switch. However I could leave ruby-rmagick to be fixed
after, but ruby-json has too many reverse dependencies for that. There
is work underway on ruby-rmagick, and I will look into ruby-json today.

With ruby-json fixed, I would like to go ahead and do the switch. How
does that sound?


signature.asc
Description: PGP signature

Bug#888788: Bug#891221: stretch's lxc fails to create sid container: iproute not found

[Antonio Terceiro]

Control: tags 891221 + confirmed
Control: block 891221 by 888788

On Fri, Feb 23, 2018 at 02:12:37PM +, Santiago wrote:
> Package: lxc
> Version: 1:2.0.7-2+deb9u1
> Severity: important
> 
> Stretch's lxc fails to create a -t debian -- -r sid container, because
> it doesn't find the iproute package, not longer included in unstable:
> 
> …
> I: Checking component main on http://httpredir.debian.org/debian...
> E: Couldn't find these debs: iproute
> Failed to download the rootfs, aborting.
> Failed to download 'debian base'
> failed to install debian
> lxc-create: lxccontainer.c: create_run_template: 1297 container creation 
> template for sid failed
> lxc-create: tools/lxc_create.c: main: 318 Error creating container sid
> 
> Changing iproute for iproute2 in /usr/share/lxc/templates/lxc-debian
> solves the issue.

Yes.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888788

Stable RMs, please review the proposed update to lxc on stretch.


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #3

[Antonio Terceiro]

Please binNMU:

libguestfs
mapserver
passenger
nbdkit


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - binNMU round #2

[Antonio Terceiro]

Hi,

Please binNMU the following packages:

broccoli-ruby
hyperestraier
libsemanage
notmuch
ruby-bson
ruby-fftw3
ruby-github-markdown
ruby-gnome2
ruby-grib
ruby-hdfeos5
ruby-hpricot
ruby-http-parser.rb
ruby-lapack
ruby-mpi
ruby-msgpack
ruby-multibitnums
ruby-netcdf
ruby-nokogumbo
ruby-password
ruby-pgplot
ruby-raindrops
ruby-rpam-ruby19
ruby-sqlite3
ruby-standalone
thin
xapian-bindings


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5 - please update tracker

[Antonio Terceiro]

Hi,

please update the tracker as follows:

Affected: (.depends ~ /ruby2.3 | .depends ~ /ruby2.5/) & !.source ~ 
/^(ruby2.3|ruby2.5|ruby-defaults)$/)

This will exclude the interpreter packages themselves from the list of
affected packages.


signature.asc
Description: PGP signature

Bug#888531: 888531 - transition: ruby2.5 - binNMU round #1

[Antonio Terceiro]

On Thu, Feb 01, 2018 at 10:57:09AM -0200, Antonio Terceiro wrote:
> ruby-defaults

err, no need to binNMU ruby-defaults


signature.asc
Description: PGP signature

Bug#888531: 888531 - transition: ruby2.5 - binNMU round #1

[Antonio Terceiro]

Hi,

As part of the ruby2.5 transition, please binNMU the following packages:

hivex
libselinux
raspell
remctl
rrdtool
ruby-allocations
ruby-atomic
ruby-augeas
ruby-bcrypt
ruby-bert
ruby-byebug
ruby-cairo
ruby-charlock-holmes
ruby-concurrent-ext
ruby-curb
ruby-curses
ruby-dataobjects-mysql
ruby-dataobjects-postgres
ruby-dataobjects-sqlite3
ruby-debian
ruby-debug-inspector
ruby-defaults
ruby-eb
ruby-eventmachine
ruby-exif
ruby-fast-stemmer
ruby-fast-xs
ruby-fcgi
ruby-ferret
ruby-ffi
ruby-filesystem
ruby-fusefs
ruby-gd
ruby-god
ruby-google-protobuf
ruby-gpgme
ruby-hiredis
ruby-hitimes
ruby-json
ruby-kgio
ruby-kyotocabinet
ruby-ldap
ruby-levenshtein
ruby-libvirt
ruby-libxml
ruby-mecab
ruby-mmap2
ruby-mysql2
ruby-narray
ruby-ncurses
ruby-nfc
ruby-nio4r
ruby-nokogiri
ruby-oily-png
ruby-openssl
ruby-ox
ruby-pcaprub
ruby-pg
ruby-posix-spawn
ruby-psych
ruby-rblineprof
ruby-rdiscount
ruby-re2
ruby-rinku
ruby-rjb
ruby-rpatricia
ruby-rugged
ruby-sdl
ruby-sequel-pg
ruby-serialport
ruby-sigar
ruby-termios
ruby-timfel-krb5-auth
ruby-tioga
ruby-tokyocabinet
ruby-uconv
ruby-unf-ext
ruby-unicode
ruby-version-sorter
ruby-vmstat
ruby-websocket-driver
ruby-xmlhash
ruby-xmlparser
ruby-zoom
stfl
xmms2


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5

[Antonio Terceiro]

On Tue, Jan 30, 2018 at 09:33:11AM -0200, Antonio Terceiro wrote:
> On Sat, Jan 27, 2018 at 12:37:46AM +0100, Emilio Pozuelo Monfort wrote:
> > Control: forwarded -1 
> > https://release.debian.org/transitions/html/ruby2.5.html
> > 
> > On 26/01/18 20:36, Antonio Terceiro wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > 
> > > Hi,
> > > 
> > > I would like to start the transition to ruby2.5 in unstable. General
> > > information about Ruby transitions can be found in:
> > > https://wiki.debian.org/Teams/Ruby/InterpreterTransitions
> > > 
> > > ruby2.5 has been in testing for a while.
> > > 
> > > Building against ruby2.5 has been enabled in experimental, and we
> > > already did a test rebuild against it, with pretty good results:
> > > https://hackmd.io/EYBghgHA7AjFDMBaCZgE5EBYYCYAmiaEAxhjgKzFQCmAZtGHtTkA
> > > 
> > > So I would like to enable building against ruby2.5 in unstable, and to
> > > effectively start the transition. Soon after we have a transition page,
> > > I will have a first round of binNMUs to request.
> > 
> > You mention 315 build failures in your report, but I only see 46 bugs
> > in [1] and [2] looks empty.  Where are the rest of the bugs? Also,
> > there are on ~150 packages affected in [3]. How many of those fail to
> > build?
> 
> The test rebuild was not made in lavels, so a bunch of packages fail to
> build because they are missing ruby2.5 support in a dependency
> (ruby-nokogiri being the most common case), so those didn't get a bug
> report.
> 
> I checked a sample of the packages listed in the transition page, and
> those that failed did it either for unrelated reasons, or due to missing
> ruby2.5 support in dependencies.
> 
> Anyway, before I enable ruby2.5 in sid I will do a new rebuild with the
> dependency level n available for level n+1, to make sure.

So I did such rebuild, and got this:

https://people.debian.org/~terceiro/ruby2.5/builds/

18 failures out of 152. Not bad.

5 of those 18 still don't have appropriate RC bugs filed, this will be
done later today. After these bugs are files, I will raise the existing
ones to RC, and enable building for ruby2.5 in sid.

Then I will come back with the first round of binNMUs.


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5

[Antonio Terceiro]

On Sat, Jan 27, 2018 at 12:37:46AM +0100, Emilio Pozuelo Monfort wrote:
> Control: forwarded -1 https://release.debian.org/transitions/html/ruby2.5.html
> 
> On 26/01/18 20:36, Antonio Terceiro wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > 
> > Hi,
> > 
> > I would like to start the transition to ruby2.5 in unstable. General
> > information about Ruby transitions can be found in:
> > https://wiki.debian.org/Teams/Ruby/InterpreterTransitions
> > 
> > ruby2.5 has been in testing for a while.
> > 
> > Building against ruby2.5 has been enabled in experimental, and we
> > already did a test rebuild against it, with pretty good results:
> > https://hackmd.io/EYBghgHA7AjFDMBaCZgE5EBYYCYAmiaEAxhjgKzFQCmAZtGHtTkA
> > 
> > So I would like to enable building against ruby2.5 in unstable, and to
> > effectively start the transition. Soon after we have a transition page,
> > I will have a first round of binNMUs to request.
> 
> You mention 315 build failures in your report, but I only see 46 bugs
> in [1] and [2] looks empty.  Where are the rest of the bugs? Also,
> there are on ~150 packages affected in [3]. How many of those fail to
> build?

The test rebuild was not made in lavels, so a bunch of packages fail to
build because they are missing ruby2.5 support in a dependency
(ruby-nokogiri being the most common case), so those didn't get a bug
report.

I checked a sample of the packages listed in the transition page, and
those that failed did it either for unrelated reasons, or due to missing
ruby2.5 support in dependencies.

Anyway, before I enable ruby2.5 in sid I will do a new rebuild with the
dependency level n available for level n+1, to make sure.


signature.asc
Description: PGP signature

Bug#888788: stretch-pu: package lxc/1:2.0.7-2+deb9u2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

iproute has been a transitional package for a while, but the lxc-debian
template was refering to it. Now that iproute has been finally removed,
creating buster or sid containers fails.

This update replaces iproute with iproute2. I am running it on
ci.debian.net

Diff attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 04e3af6..cd60ca9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lxc (1:2.0.7-2+deb9u2) stretch; urgency=medium
+
+  * 0005-debian-Use-iproute2-instead-of-iproute.patch: pull iproute2 instead
+of iproute, fixing the creation of testing and unstable containers after
+the iproute binary package was dropped.
+
+ -- Antonio Terceiro <terce...@debian.org>  Mon, 29 Jan 2018 20:23:36 -0200
+
 lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium
 
   * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't
diff --git a/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch b/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch
new file mode 100644
index 000..6bc61e4
--- /dev/null
+++ b/debian/patches/0005-debian-Use-iproute2-instead-of-iproute.patch
@@ -0,0 +1,29 @@
+From: =?utf-8?q?St=C3=A9phane_Graber?= <stgra...@ubuntu.com>
+Date: Mon, 29 Jan 2018 18:18:34 -0200
+Subject: debian: Use iproute2 instead of iproute
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: base64
+
+VGhlIHBhY2thZ2UgaGFzIHByZXR0eSBtdWNoIGFsd2F5cyBiZWVuIGlwcm91dGUyIHdpdGggaXBy
+b3V0ZSBiZWluZyBhbgphbGlhcyBmb3IgaXQsIHRoZSBhbGlhcyBpcyBub3cgZ29uZSBzbyB3ZSBu
+ZWVkIHRvIHVzZSBpcHJvdXRlMi4KClNpZ25lZC1vZmYtYnk6IFN0w6lwaGFuZSBHcmFiZXIgPHN0
+Z3JhYmVyQHVidW50dS5jb20+CkJhY2twb3J0LWJ5OiBBbnRvbmlvIFRlcmNlaXJvIDx0ZXJjZWly
+b0BkZWJpYW4ub3JnPgo=
+---
+ templates/lxc-debian.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
+index 2245770..c927bf6 100644
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -271,7 +271,7 @@ dialog,\
+ isc-dhcp-client,\
+ netbase,\
+ net-tools,\
+-iproute,\
++iproute2,\
+ openssh-server
+ 
+ cache=$1
diff --git a/debian/patches/series b/debian/patches/series
index 5e0bb25..587502e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 lxc-2.0-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
 0003-lxc-debian-don-t-hardcode-valid-releases.patch
 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch
+0005-debian-Use-iproute2-instead-of-iproute.patch


signature.asc
Description: PGP signature

Bug#888531: transition: ruby2.5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi,

I would like to start the transition to ruby2.5 in unstable. General
information about Ruby transitions can be found in:
https://wiki.debian.org/Teams/Ruby/InterpreterTransitions

ruby2.5 has been in testing for a while.

Building against ruby2.5 has been enabled in experimental, and we
already did a test rebuild against it, with pretty good results:
https://hackmd.io/EYBghgHA7AjFDMBaCZgE5EBYYCYAmiaEAxhjgKzFQCmAZtGHtTkA

So I would like to enable building against ruby2.5 in unstable, and to
effectively start the transition. Soon after we have a transition page,
I will have a first round of binNMUs to request.

Ben file:

title = "ruby2.5";
is_affected: .depends ~ /ruby2.3 | .depends ~ /ruby2.5/
is_good: .depends ~ /ruby2.5/
is_bad: .depends ~ /ruby2.3/ & !.depends ~ /ruby2.5/

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#882773: stretch-pu: package auto-apt-proxy/2+deb9u1

[Antonio Terceiro]

Control: tag -1 - moreinfo

On Sun, Nov 26, 2017 at 10:11:12PM +0100, Andreas Beckmann wrote:
> Control: tag -1 moreinfo
> 
> On Sun, 26 Nov 2017 14:36:06 -0200 Antonio Terceiro
> <terce...@debian.org> wrote:
> > This fixes a RC bug that has been reported recently, and was just fixed
> > in unstable.
> 
> I'm missing the corresponding undo operation in the preinst.
> 
> AFAICS, a
>install-remove-install or
>install-remove-distupgrade-install
> sequence will have that conffile missing afterwards (i.e. it's still in
> .disabled state).

Yes, you are right. Thanks for catching this.

I have made a new upload to unstable fixing this, and cherry-picked the
fix into my stretch branch. Attached you will find an updated diff
against the version in stretch.
diff --git a/debian/changelog b/debian/changelog
index 805de64..9ba8e54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+auto-apt-proxy (2+deb9u1) stretch; urgency=medium
+
+  * Move apt configuration away on removal, and put it back on reinstalls
+(Closes: #881751)
+
+ -- Antonio Terceiro <terce...@debian.org>  Mon, 27 Nov 2017 13:55:16 -0200
+
 auto-apt-proxy (2) unstable; urgency=medium
 
   * specify `--shell dash` to shellcheck (Closes: #834976)
diff --git a/debian/postrm b/debian/postrm
new file mode 100644
index 000..e39b370
--- /dev/null
+++ b/debian/postrm
@@ -0,0 +1,25 @@
+#! /bin/sh
+
+set -e
+aptconf=/etc/apt/apt.conf.d/auto-apt-proxy.conf
+
+case "$1" in
+purge)
+rm -f "$aptconf".disabled
+;;
+
+remove|abort-install)
+if [ -f "$aptconf" ]; then
+mv "$aptconf" "$aptconf".disabled
+fi
+;;
+
+upgrade|failed-upgrade|abort-upgrade|disappear)
+;;
+
+*)
+echo "postrm called with unknown argument \`$1'" >&2
+exit 1
+esac
+
+##DEBHELPER##
diff --git a/debian/preinst b/debian/preinst
new file mode 100644
index 000..6ede705
--- /dev/null
+++ b/debian/preinst
@@ -0,0 +1,10 @@
+#! /bin/sh
+
+set -e
+aptconf=/etc/apt/apt.conf.d/auto-apt-proxy.conf
+
+if [ -e "$aptconf".disabled ]; then
+mv "$aptconf".disabled "$aptconf"
+fi
+
+##DEBHELPER##
diff --git a/debian/tests/control b/debian/tests/control
index 79b3cde..dd1fe07 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,2 +1,6 @@
 Test-Command: clitest debian/tests/apt-cacher-ng.txt
 Depends: @, clitest, apt-cacher-ng
+
+Tests: remove, reinstall
+Restrictions: needs-root
+Depends: @, clitest
diff --git a/debian/tests/reinstall b/debian/tests/reinstall
new file mode 100755
index 000..da77c2f
--- /dev/null
+++ b/debian/tests/reinstall
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+exec 2>&1
+
+action="$(basename "$0")"
+
+set -x
+apt-get remove -qy auto-apt-proxy
+apt-get install -qy auto-apt-proxy
+
+eval "$(apt-config shell proxy Acquire::http::Proxy-Auto-Detect)"
+test "$proxy" = '/usr/bin/auto-apt-proxy'
diff --git a/debian/tests/remove b/debian/tests/remove
new file mode 100755
index 000..b40d4e9
--- /dev/null
+++ b/debian/tests/remove
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+exec 2>&1
+
+action="$(basename "$0")"
+
+set -x
+apt-get "$action" -qy auto-apt-proxy
+apt-get update


signature.asc
Description: PGP signature