from:"Holger Levsen"

Bug#1085052: nmu: many packages for riscv64 coinstallation

2024-10-16 Thread Holger Levsen

On Wed, Oct 16, 2024 at 11:19:45AM +0200, Emilio Pozuelo Monfort wrote:
> I took a look at one of the cases, and the reason is that the newer rebuild
> in riscv64 had a debhelper version that trimmed the changelog, whereas for
> the other architectures there has been no upload/binNMU with a recent
> debhelper, so they contain the full changelog.

ah, good, thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If we'd ban all cars from cities tomorrow, next week we will wonder why we
waited for so long.


signature.asc
Description: PGP signature

Re: Bug#1085052: nmu: many packages for riscv64 coinstallation

2024-10-14 Thread Holger Levsen

On Sun, Oct 13, 2024 at 05:50:48PM +0200, Helmut Grohne wrote:
> the changlog.Debian.gz being different for riscv64 seems to be a more
> common issue than I thought and fixing them individually, feels like a
> waste of time to me now. Can we just binNMU them all in one batch?

do we know how this happened and whether this will not happen again?
 
> The multiarch hinter has knowledge of the cases. We can extract the
> cases where the changelog.Debian.gz is different for riscv64 vs everyone
> else using a yq query:
> 
> curl -s https://dedup.debian.net/static/multiarch-hints.yaml.xz | xzcat | yq 
> -r 
> '.hints|map(select(.link=="https://wiki.debian.org/MultiArch/Hints#file-conflict";))|map(select(.description|contains("/changelog.Debian.gz
>  on riscv64 <->")))|map(.source+"_"+.version)|unique|join("\n")'
 
I wonder if this should be turned into a (jenkins) job like
https://jenkins.debian.net/job/udd_trixie_multiarch_versionskew/72/console
or https://jenkins.debian.net/job/udd_sid_multiarch_versionskew/3536/console


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"tja" - a German reaction to the apocalypse, dawn of the gods, nuclear war,
an alien attack or no bread in the house.


signature.asc
Description: PGP signature

Bug#1080021: trixie-pu: package chromium/128.0.6613.113-1~deb13u1

2024-08-29 Thread Holger Levsen

Control: tags -1 confirmed

On Thu, Aug 29, 2024 at 07:53:33PM +0200, Paul Gevers wrote:
> Control: tags -1 cconfirmed


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Was seid ihr so für Urlaubstypen, lieber Überschwemmung oder Waldbrand?
(@elhotzo)


signature.asc
Description: PGP signature

Re: Making trixie debootstrap-able again?

2024-04-27 Thread Holger Levsen

hi kibi,

fwiw, bootstraping trixie still works using mmdebstrap, while it fails
with debootstrap and cdebootstrap.

I've notified #-release about the debootstrap breakage on the 24th
and added that mmdebstrap was still working on the 25th...

https://jenkins.debian.net/job/reproducible_mmdebstrap_trixie/ etc show
this nicely.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If it feels like we’re breaking climate records every year, it’s because we are.


signature.asc
Description: PGP signature

Bug#1063736: snort removal from bullseye (Re: Bug#1063736: RM: snort -- RoQA; security issues, unmaintained)

2024-02-12 Thread Holger Levsen

clone 1063736 -1
reassign -1 debian-security-support
retitle -1 document snort situation in bullseye
thanks

hi,

On Sun, Feb 11, 2024 at 09:44:18PM +, Jonathan Wiltshire wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: rm
> 
> Requested by security team. Not in stable or testing.

once this has happened we should communicate this to our users via
debian-security-upload to bullseye.

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Deadly heatwaves, floods, storms, wildfires, droughts, crop failures... 
This is not “the new normal”. We’re at the very beginning of a climate and
ecological emergency, and extreme weather events will only become more and
more frequent.

signature.asc
Description: PGP signature

Bug#1062233: Acknowledgement (bookworm-pu: package debian-edu-doc/2.12.23~deb12u1)

2024-01-31 Thread Holger Levsen

On Wed, Jan 31, 2024 at 08:01:15PM +, Holger Levsen wrote:
> debdiff no attached. I've also uploaded already.
  now!
 
(the attachment was in my previous mail to this bug however.)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Imagine god created trillions of galaxies but freaks out because some dude
kisses another.


signature.asc
Description: PGP signature

Bug#1062233: bookworm-pu: package debian-edu-doc/2.12.23~deb12u1

2024-01-31 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
x-debbugs-cc: debian-...@lists.debian.org

[ Reason ]
Documentation updates for the Debian Edu bookworm manual,
translations updates for the Debian Edu bookworm and bullseye manuals.

[ Impact ]
outdated documentation.

[ Risks ]
broken documentation updated human languages :)

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
This is the debdiff to what's in bookworm today:

 debian/changelog   
  |   61 
 debian/copyright   
  |2 
 debian/copyright.packaging 
  |2 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual-stripped.xml  
  |8 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.da.po 
  |   23 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.de.po 
  |   33 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.es.po 
  |   62 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.fr.po 
  |   33 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.it.po 
  |  339 -
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.ja.po 
  |   33 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.nb-no.po  
  |   23 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.nl.po 
  |   26 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pl.po 
  |   23 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pot   
  |   16 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-br.po  
  |  626 +
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-pt.po  
  |   33 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt.add
  |2 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt.po 
  |  663 +-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.ro.po 
  | 4598 --
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.sv.po 
  |   23 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.uk.add
  |7 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.uk.po 
  | 8162 ++
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.xml   
  |8 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.zh-cn.po  
  |   23 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.zh-tw.po  
  | 6343 
 
documentation/debian-edu-bookworm/source/AllInOne-debian-edu-bookworm-manual.xml
 |7 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.add
  |2 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po 
  |6 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po 
  | 4500 +-
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.uk.add
  |6 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.uk.po 
  | 7365 +++
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po  
  | 7066 --
 32 files changed, 22400 insertions(+), 17724 deletions(-)


[ Other info ]
I'll attach the full debdiff wants this bugs has made it to the list.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

This is the year of gpg on the desktop! (Gunnar Wolf)


signature.asc
Description: PGP signature

Bug#1061983: bullseye-pu: package debian-security-support/1:11+2024.01.30

2024-01-30 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-security-supp...@packages.debian.org
Control: affects -1 + src:debian-security-support

[ Reason ]
  * Add chromium to security-support-ended.deb11, thanks to Andres Salomon.
Closes: #1061268
  * Add tiles and libspring-java to security-support-limited. Closes: #1057343

[ Impact ]
Users might not learn that security support for some packages has ended.

[ Risks ]
trivial change, data-only update

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable



The diff is against the version already approved for+in bullseye-p-u:

 debian/.gitlab-ci.yml|   13 -
 debian/changelog |9 +
 security-support-ended.deb11 |4 +++-
 security-support-limited |2 ++
 4 files changed, 14 insertions(+), 14 deletions(-)

The .gitlab-ci.yml is desired and harmless.

The full diff is attached.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Es war mir eine Lehre, dich kennenzulernen.
diff -Nru debian-security-support-11+2023.12.11/debian/changelog debian-security-support-11+2024.01.30/debian/changelog
--- debian-security-support-11+2023.12.11/debian/changelog	2023-12-22 16:48:41.0 +0100
+++ debian-security-support-11+2024.01.30/debian/changelog	2024-01-30 17:55:19.0 +0100
@@ -1,3 +1,12 @@
+debian-security-support (1:11+2024.01.30) bullseye; urgency=medium
+
+  * Add chromium to security-support-ended.deb11, thanks to Andres Salomon.
+Closes: #1061268
+  * Add tiles and libspring-java to security-support-limited. Closes: #1057343
+  * Drop debian/.gitlab-ci.yml.
+
+ -- Holger Levsen   Tue, 30 Jan 2024 17:55:19 +0100
+
 debian-security-support (1:11+2023.12.11) bullseye; urgency=medium
 
   [ Santiago Ruano Rincón ]
diff -Nru debian-security-support-11+2023.12.11/debian/.gitlab-ci.yml debian-security-support-11+2024.01.30/debian/.gitlab-ci.yml
--- debian-security-support-11+2023.12.11/debian/.gitlab-ci.yml	2023-12-22 16:46:13.0 +0100
+++ debian-security-support-11+2024.01.30/debian/.gitlab-ci.yml	1970-01-01 01:00:00.0 +0100
@@ -1,13 +0,0 @@
-image: debian:unstable
-
-build: 
-  stage: build
-  
-  before_script:
-- apt-get update && apt-get -y install devscripts git-buildpackage
-- mk-build-deps --tool "apt -y -o Debug::pkgProblemResolver=yes --no-install-recommends" --install -r debian/control
-
-  script:
-- git checkout master
-- git pull
-- gbp buildpackage -uc -us
diff -Nru debian-security-support-11+2023.12.11/security-support-ended.deb11 debian-security-support-11+2024.01.30/security-support-ended.deb11
--- debian-security-support-11+2023.12.11/security-support-ended.deb11	2023-12-22 16:47:38.0 +0100
+++ debian-security-support-11+2024.01.30/security-support-ended.deb11	2024-01-30 17:51:03.0 +0100
@@ -10,6 +10,8 @@
 # 4. Descriptive text or URL with more details (optional)
 #In the program's output, this is prefixed with "Details:"
 
-tor  0.4.5.16-1  2023-11-22  https://lists.debian.org/debian-security-announce/2023/msg00258.html
+chromium 120.0.6099.224-1~deb11u12024-01-23  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061268
 consul   1.8.7+dfsg1-2   2023-12-04  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057418
 xen  4.14.5+94-ge49571868d-1 2023-09-30  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053246
+tor  0.4.5.16-1  2023-11-22  https://lists.debian.org/debian-security-announce/2023/msg00258.html
+
diff -Nru debian-security-support-11+2023.12.11/security-support-limited debian-security-support-11+2024.01.30/security-support-limited
--- debian-security-support-11+2023.12.11/security-support-limited	2023-12-22 16:47:38.0 +0100
+++ debian-security-support-11+2024.01.30/security-support-limited	2024-01-30 17:55:19.0 +0100
@@ -15,6 +15,7 @@
 gnupg1  See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
 kde4libskhtml has no security support upstream, only for use on trusted content
 khtml   khtml has no security support upstream, only for use on trusted content, see #1004293
+libspring-java  should be only used for building other Debian packages or in a secured local environment with trusted devices.
 mozjs68 Not covered by security support, only suitable for trusted content, see #959804
 mozjs78 Not covered by security support, only suitable for trusted content, see

Bug#1061487: bookworm-pu: package rpm/4.18.0+dfsg-1+deb12u1

2024-01-25 Thread Holger Levsen

On Thu, Jan 25, 2024 at 02:39:03PM +0200, Peter Pentchev wrote:
> [ Impact ]
> Users who upgrade from RPM 4.16.0 or earlier to 4.18.0 cannot use
> their database of packages already installed via RPM.

IOW, qubes 4.x users:

https://github.com/QubesOS/qubes-issues/issues/8482
"Dom0 updates fail when update qube is based on Debian 12 or Whonix 17"


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Bananas are berries.


signature.asc
Description: PGP signature

Re: Planning for 12.5/11.9

2024-01-25 Thread Holger Levsen

On Wed, Jan 24, 2024 at 06:29:36PM +, Adam D. Barratt wrote:
> > I've just noticed https://release.debian.org/ still says "not yet
> > planned" for both 12.5 and 11.9. 
> Now fixed (pending cron rebuilding and publishing the site).

thank you.
 
> > And is the plan to release 12.5 and 11.9 on the same weekend, or?
> Yes. (That's essentially always going to be the case when we're
> planning both a stable and oldstable point release, because otherwise
> we need to herd the cats for two separate weekends close together.)

heh, makes sense very much. thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

No matter how many mistakes you make or how slow you progress, you are still
way ahead of everyone who isn't trying.


signature.asc
Description: PGP signature

Re: Planning for 12.5/11.9

2024-01-22 Thread Holger Levsen

On Wed, Jan 17, 2024 at 07:40:56AM +, Jonathan Wiltshire wrote:
> > > It's time to set a date for 12.5 (taking account of the emergency .4)
> > > and 11.9. I expect this to be the penultimate update for bullseye
> > > before LTS.
> Let's go for the 10th, announcements to follow.

I've just noticed https://release.debian.org/ still says "not yet planned"
for both 12.5 and 11.9. 

And is the plan to release 12.5 and 11.9 on the same weekend, or?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The planet we think we're living on no longer exists.


signature.asc
Description: PGP signature

Bug#1054189: bullseye-pu: package debian-security-support/1:11+2023.10.17

2024-01-21 Thread Holger Levsen

hi!

On Fri, Dec 29, 2023 at 03:23:55PM +, Jonathan Wiltshire wrote:
> In the past this package has been released early via stable-updates; is
> that your intention this time, or can it wait until the next point release
> expected in February?

after having spent a bit too much time thinking about this I've came to the
conclusion that I think updates of d-s-s in stable and previous releases should
a.) always come with an announcement and b.) always come ASAP, whatever
that means in details.

Does that make sense to you too?

(for completeness: updates in unstable and testing should also be done ASAP
and without announcements.)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

»Sieh, dass du Mensch bleibst. Mensch sein ist von allem die Hauptsache.
Und das heißt fest und klar und heiter sein, ja heiter, trotz alledem.«
(Rosa Luxemburg)

signature.asc
Description: PGP signature

Bug#1060367: release.debian.org: RFC: Transitions check for dupload?

2024-01-15 Thread Holger Levsen

On Sun, Jan 14, 2024 at 10:06:44PM +0100, Guillem Jover wrote:
> Warning: Source package barnowl is part of ongoing transitions:
>   
>   
> (I think I'll be adding some generic way to skip specific hooks,
> because this is a common pattern among them, something like
> --skip-hooks=a,b and DUPLOAD_SKIP_HOOKS=a,b.)
> > Continue anyway? (yes/NO) 
 
/me likes!

Though I'm a dput user. :) So I also applause sorting this out with
dupload first and then filing wishbugs for dput & dput-ng!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The devel is in the details.


signature.asc
Description: PGP signature

Bug#1056222: bookworm-pu: package debian-edu-artwork/2.12.4-1~deb12u1

2023-12-23 Thread Holger Levsen

control: forcemerge -1 1057891
control: retitle -1 bookworm-pu: package debian-edu-artwork/2.12.4-1~deb12u1
thanks

Hi,

I've just uploaded debian-edu-artwork/2.12.4-1 to unstable and expect that we'd
want to at least update in bookworm to this. However I'm not sure which debdiff
you'd like to see, to the one in bookworm or the one in bookworm-pu?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The law, in its majestic equality, forbids the rich as well as the poor to
sleep under bridges, to beg in the streets, and to steal bread. (Anatole France)


signature.asc
Description: PGP signature

Bug#1054189: bullseye-pu: package debian-security-support/1:11+2023.10.17

2023-12-22 Thread Holger Levsen

On Thu, Dec 21, 2023 at 08:59:31PM +, Jonathan Wiltshire wrote:
> > I've updated this update request for adding 3 more lines to
> > security-support-ended.deb11 (and updating d/changelog)
> Please go ahead.

thanks, uploaded.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

First they ignore you, then they laugh at you, and then it's too late.
Don't look up!


signature.asc
Description: PGP signature

Bug#1054189: bullseye-pu: package debian-security-support/1:11+2023.10.17

2023-12-11 Thread Holger Levsen

control: retitle -1 bullseye-pu: package debian-security-support/1:11+2023.12.11
thanks

hi,

I've updated this update request for adding 3 more lines to
security-support-ended.deb11 (and updating d/changelog)

On Wed, Oct 18, 2023 at 04:46:44PM -0300, Santiago Ruano Rincón wrote:
> [ Reason ]
> The reasons for this proposed update are:
> * Fix two bugs already solved in bookworm (#986581 and #986333)
> * Include samba in the list of packages with limited support (#1053109).
> 
> Currently, because of #986581 and #986333, d-d-s's check-support-status
> silently ignores "golang*" packages, so users don't get any warning
> about their limited support status.

now also to add these 3 lines to security-support-ended.deb11:

tor  0.4.5.16-1  2023-11-22  
https://lists.debian.org/debian-security-announce/2023/msg00258.html
consul   1.8.7+dfsg1-2   2023-12-04  
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057418
xen  4.14.5+94-ge49571868d-1 2023-09-30  
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053246

 
> [ Impact ]
> Bullseye users will continue to don't get any warning about the limited
> support regarding the golang.* packages installed in their systems.
> 
> As for the samba-related change, without the upload, users will lose a
> change to get informed about its security support situation.
> 
> [ Tests ]
> The changes include tests to verify #986581 and #986333 have been fixed.
> I have also manually verified on a bullseye container how the current
> and the proposed packages behave, and I can confirm the issues are
> fixed, and I didn't identify any regression.
> 
> [ Risks ]
> The relevant code has been included in bookworm since its release. They
> were fully included in 1:12+2021.09.30:
> https://tracker.debian.org/news/1263114/accepted-debian-security-support-11220210930-source-into-unstable/
> 
> The only difference in check-suppor-status.in between the proposed
> update and bookworm is:
> 
> git diff HEAD bookworm -- check-support-status.in
> diff --git a/check-support-status.in b/check-support-status.in
> index 3ebf5e9..86b080a 100755
> --- a/check-support-status.in
> +++ b/check-support-status.in
> @@ -13,7 +13,7 @@ VERSION='[% VERSION %]'
>  # Oldest Debian version included in debian-security-support
>  DEB_LOWEST_VER_ID=9
>  # Version ID for next Debian stable
> -DEB_NEXT_VER_ID=12
> +DEB_NEXT_VER_ID=13
> 
>  if [ -z "$DEBIAN_VERSION" ] ; then
>  DEBIAN_VERSION="$(cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)"
> 
> So the risk of regression is miminum.
> 
> 
> Regarding the change of adding samba in the list of packages with
> limited support. That doesn't represent any risk.
> 
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable
> 
> [ Changes ]
> 
> From d/changelog:

the full new changelog is:

debian-security-support (1:11+2023.12.11) UNRELEASED-bullseye; urgency=medium

  [ Santiago Ruano Rincón ]
  * Mark samba support limited to non-AD DC uses cases (Closes: #1053109)
  * Drop version-based check (Closes: #986581) and update test suite
accordingly. Backport changes made by Sylvain Beucler.
  * Match ecosystems with limited support, test case updated. (Closes: #986333)
Backport changes by Sylvain Beucler.
* Use golang.* (as regex) instead of golang* in security-support-limited

   [ Salvatore Bonaccorso ]
   * Add tor to security-support-ended.deb11 Closes: #1056606.

   [ Moritz Muehlenhoff ]
   * Mark Consul as EOLed in Bullseye. Closes: #1057418.
   * Mark Xen as EOLed in Bullseye. Closes: #1053246.

 -- Santiago Ruano Rincón   Tue, 17 Oct 2023 13:08:20 
-0300



I haven't uploaded this yet but everything is ready in a git branch.

Thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Be careful when you follow the masses. Sometimes the "m" is silent.


signature.asc
Description: PGP signature

Re: maintainer built binary package in stable release, still (Re: Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1)

2023-12-07 Thread Holger Levsen

On Thu, Dec 07, 2023 at 12:40:35PM +0100, Paul Gevers wrote:
> On 07-12-2023 12:20, Adrian Bunk wrote:
> > On Thu, Dec 07, 2023 at 11:18:42AM +0100, Paul Gevers wrote:
> > > I hope that in several hours,
> > > https://release.debian.org/britney/excuses_s-p-u.html will have the 
> > > answer.

awesome, thank you very much!

> > it should find packages like jtreg6 that are scheduled for the next
> > point release, but it won't find packages like gmp that went into
> > bullseye 2 years ago.
> Ack. Indeed it spots:
> cacti, fastdds, freetype, grub-efi-amd64-signed, grub-efi-arm64-signed,
> grub-efi-ia32-signed, jtreg6, llvm-toolchain-16, node-babel7,
> node-browserify-sign and slurm-wlm. A bunch of them have arch:all binaries.

eeks.
 
> > Stopping further regression on this is good, but for the ~ February
> > point releases we have to discuss whether binNMUs+NMUs for packages that
> > slipped through in the past should be done for bookworm (and bullseye).
> I would agree with this, but I'm not an SRM. A bunch of these are security
> uploads. We need to discuss this with the security team too (in CC now).

I also agree with this, though I'm also neither an SRM nor a security team
member. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Because things are the way they are, things will not stay the way they are.
(Bertolt Brecht)


signature.asc
Description: PGP signature

maintainer built binary package in stable release, still (Re: Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1)

2023-12-04 Thread Holger Levsen

Hi Adrian,

thanks for bringing this to our attention!

On Sun, Dec 03, 2023 at 11:27:04PM +0200, Adrian Bunk wrote:
> Architecture: source amd64
> 
> Should this be binNMU'ed on amd64 before the release?

I think so, yes.

> Maintainer-built binaries are not supposed to be in main.

yup.

> There are other packages with the same issue in bookworm,
> but these either involve binary-all packages and/or were
> in previous point releases.

do you have a list of these? or better yet, a command to
assemble that list?

> It might be useful if SRM tooling catches this issue,
> similar to what britney does for testing.
 
absolutly.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Friendly reminder, that we are all closer to being climate refugees than
billionaires.


signature.asc
Description: PGP signature

Bug#1057103: Acknowledgement (bookworm-pu: package debian-edu-doc/2.12.20~deb12u1)

2023-11-29 Thread Holger Levsen

hi,

attached is the compressed debdiff. I've also uploaded the package to
bookworm in the meantime.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If nothing saves us from death, may love at least save us from life.


debian-edu-doc_2.12.20~deb12u1.diff.xz
Description: application/xz


signature.asc
Description: PGP signature

Bug#1057103: bookworm-pu: package debian-edu-doc/2.12.20~deb12u1

2023-11-29 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
x-debbugs-cc: debian-...@lists.debian.org

[ Reason ]
Update to the latest version of the Debian Edu bookworm & bullseye manuals and
their translations. This update also adds a build-depends on inkscape which
will cause some PDFs for some languages to be build again.

[ Impact ]
Updated debian-edu-doc and translations. Some users will be happy about having
a PDF manual again too.

[ Tests ]
Build and smoke-tests.

[ Risks ]
Hardly any & definitly none for anyone not using the package.

 debian/changelog   
  |   38 
 debian/control 
  |1 
 debian/mail_stats_to_list  
  |5 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual-stripped.xml  
  |   42 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.da.po 
  |  118 ---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.de.po 
  |  124 +--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.es.po 
  |  558 ---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.fr.po 
  |  118 ---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.it.po 
  |  368 ++
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.ja.po 
  |  118 ---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.nb-no.po  
  |  114 +++---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.nl.po 
  |  206 +++---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pl.po 
  |   95 +---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pot   
  |   88 ---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-br.po  
  |  776 
++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-pt.po  
  |  676 
--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt.po 
  |  704 
++---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.ro.po 
  |  104 ++---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.sv.po 
  |  699 
+++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.xml   
  |  133 +++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.zh-cn.po  
  |  124 +--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.zh-tw.po  
  |   94 +--
 documentation/debian-edu-bookworm/images/installer-logo.svg
  |  177 ++
 
documentation/debian-edu-bookworm/source/AllInOne-debian-edu-bookworm-manual.xml
 |   97 +++-
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po 
  |  599 
+++-
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po  
  |   16 +-
 26 files changed, 3943 insertions(+), 2249 deletions(-)



[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
(will do attach the 90kb compressed diff one the bug has made it to the 
list)
  [x] the issue is verified as fixed in unstable

[ Changes ]
 debian-edu-doc (2.12.20~deb12u1) bookworm; urgency=medium
 .
   * Upload to bookworm.
 .
 debian-edu-doc (2.12.20) unstable; urgency=medium
 .
   [ Translation updates ]
   * Bookworm manual:
 - Brasilian Portuguese: Fred Maranhão.
 - Italian: Claudio Carboncini.
 - Spanish: Francisco Javier Carro Orgeira.
   * Bullseye manual:
 - Brasilian Portuguese: Fred Maranhão.
 - Spanish:Eulalio Barbero Espinosa and Francisco Javier Carro Orgeira.
 .
   [ Holger Levsen ]
   * stop sending monthly mails about the bullseye edu manual
 .
 debian-edu-doc (2.12.19) unstable; urgency=medium
 .
   [ Holger Levsen ]
   * Update Debian Edu Bookworm manual from the wiki.
 .
   [ Guido Berhoerster ]
   * Add build-dependency on inkscape in order to converts SVGs, bringing back
 the PDF versions of the bookworm manuals.
 .
   [ Translation

Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1

2023-10-23 Thread Holger Levsen

hi,

On Mon, Oct 23, 2023 at 01:19:25PM +0200, Jan Wagner wrote:
> [ Reason ]
> As reported in #1033791, check_running_kernel fails to find version on
> bookworm/(arm64|armhf).
> 
> [ Impact ]
> check_running_kernel doesn't work on arm64 and armhf as expected, this is a
> regression.
> 
> [ Tests ]
> The patch was verified to work in #1033791

I've rebuild the package on arm64 and can confirm 
/usr/lib/nagios/plugins/check_running_kernel
now works on those arm64 systems where the version currently in bookworm does
not work.

\o/ & thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Everyone is entitled to their own opinion, but not their own facts.


signature.asc
Description: PGP signature

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

2023-10-21 Thread Holger Levsen

Santiago,

I don't object to fixing fails to build on a single core bugs, I just
object to fixing them by disabling tests *unconditionally*. A fix
disabling the tests on single core system *only* I would not object.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Do yo ever think about how capitalism is forcing us to work up until the
eminent extinction of our species as the earth heats to an unlivable
temperature? (@aishamadeit)


signature.asc
Description: PGP signature

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

2023-10-21 Thread Holger Levsen

Am Fri, Oct 20, 2023 at 07:40:55PM +0200 schrieb Santiago Vila:
> +  * Update fix-build-on-single-cpu-systems.patch to skip
> +"test_write_db_parallel" again. Closes: #1030885.

fwiw, I find it wrong to disable tests to make sure a package builds
on a single core system.

I'd much rather have the package have more tests on systems which are
the default since 15y, then have less tests and also build on a rather
theoretical or very uncommon setup.

It's also not great for security updates to have less tests.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's climate crime, not climate change.


signature.asc
Description: PGP signature

Re: severity of bugs that FTBFS because of missing B-D

2023-10-10 Thread Holger Levsen

On Tue, Oct 10, 2023 at 04:17:38PM +0200, Johannes Schauer Marin Rodrigues 
wrote:
> Those bugs were set from 'serious' to 'important' by Sebastian Ramacher a few
> months ago and I'd like to revisit this decision now that we are at the
> beginning of a new release cycle.

but why? IME people will be more annoyed about RC bugs they disagree with
(even if they only disagree about the severity) than they will be annoyed
about the same bug with severity important.

what do you gain by making people more annoyed? nothing. the bugs will not
be fixed faster and the people will not learn to be less or not annoyed.

so there's no point.

also because technically it's the right decision from the release team.
these bugs are *currently*, in real life, merely cosmetic.

policy is not a stick to hit with.

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

We need to learn to live with cholera. What is the alternative? Breaking up
all streets, building drainage with toilets in every building? (@tadeas_)

signature.asc
Description: PGP signature

Bug#1052463: bookworm-pu: package debian-edu-doc/2.12.18~deb12u1

2023-09-22 Thread Holger Levsen

On Fri, Sep 22, 2023 at 03:28:28PM +, Holger Levsen wrote:
> On Fri, Sep 22, 2023 at 04:45:49PM +0200, Holger Levsen wrote:
> > I'll attach the full (compressed) debdiff in a reply, once this bug has 
> > made it
> > to the list.
> see below.

hm, I guess attachments over 500K are not send to the list, just to the BTS.
However, I've also uploaded to bookworm now, so you can also just diff there.

thanks!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Dance like no one's watching. Encrypt like everyone is.

signature.asc
Description: PGP signature

Bug#1052463: bookworm-pu: package debian-edu-doc/2.12.18~deb12u1

2023-09-22 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
x-debbugs-cc: debian-...@lists.debian.org

Hi,

please accept debian-edu-doc 2.12.18~deb12u1 into bookworm.

[ Reason ]
Updated documentation and translations.

[ Impact ]
Outdated documentation and translations for our users.

[ Tests ]
Build tests and manually confirmed the .debs are still the same size.

[ Risks ]
not really.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
 debian-edu-doc (2.12.18~deb12u1) bookworm; urgency=medium
 .
   * Upload to bookworm.
 .
 debian-edu-doc (2.12.18) unstable; urgency=medium
 .
   [ Holger Levsen ]
   * Update Debian Edu Bookworm manual from the wiki, thanks to Guido 
Berhörster.
   * Update Debian Edu Bookworm manual from the wiki.
   * debian/copyright: Update after running 'make update-copyright'.
 .
   [ Frans Spiesschaert ]
   * Synchronize translations from weblate.org
 .
   [ Translation updates ]
   * Bookworm manual:
 - Brasilian Portuguese: Fred Maranhão and José Vieira.
 - Dutch: Frans Spiesschaert.
 - Portuguese: Fred Maranhão.
 - Romanian: Remus-Gabriel Chelu.
 - Spanish: Eulalio Barbero Espinosa and Francisco Javier Carro Orgeira.
 - Swedish: Luna Jernberg.
 .
   * Bullseye manual:
 - Brasilian Portuguese: Fred Maranhão and José Vieira.
 - Portuguese: Fred Maranhão.
 - Romanian: Remus-Gabriel Chelu.
 - Spanish: Eulalio Barbero Espinosa and Francisco Javier Carro Orgeira.
 - Swedish: Luna Jernberg.

[ Other info ]
$ debdiff debian-edu-doc_2.12.17.dsc debian-edu-doc_2.12.18~deb12u1.dsc|diffstat
 debian/changelog   
  |   34 +
 debian/copyright   
  |1 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual-stripped.xml  
  |  121 +++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.da.po 
  |  369 +++---
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.de.po 
  |  361 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.es.po 
  |  740 +++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.fr.po 
  |  368 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.it.po 
  | 1560 +--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.ja.po 
  |  363 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.nb-no.po  
  |  362 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.nl.po 
  |  939 +++
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pl.po 
  |  350 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pot   
  |  289 +-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-br.po  
  |  983 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-pt.add 
  |2 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt-pt.po  
  | 1051 ++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt.add
  |1 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.pt.po 
  | 2017 
++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.ro.po 
  |  714 ++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.sv.add
  |2 
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.sv.po 
  | 2187 
+++
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.xml   
  |  117 +++-
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.zh-cn.po  
  |  356 +++--
 documentation/debian-edu-bookworm/debian-edu-bookworm-manual.zh-tw.po  
  |  295 +--
 
documentation/debian-edu-bookworm/source/AllInOne-debian-edu-bookworm-manual.xml
 |3 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po 
  |  368 ++---
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po  
  |   41 -
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.add 
  |2 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po

Re: How important are empty directories?

2023-08-29 Thread Holger Levsen

On Tue, Aug 29, 2023 at 08:09:24PM +0200, Paul Gevers wrote:
> If everybody agrees that the only place where this causes real life issues
> is piuparts, than I rather have piuparts ignore this problem.
[...]

FWIW, I agree.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Make lying wrong again.


signature.asc
Description: PGP signature

Bug#1036757: unblock: debian-security-support/1:12+2023.05.12

2023-05-28 Thread Holger Levsen

On Thu, May 25, 2023 at 05:06:20PM +0200, Paul Gevers wrote:
> On 25-05-2023 15:40, Holger Levsen wrote:
> > unblock debian-security-support/1:12+2023.05.12
> unblocked

thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Money is worth nothing on a dead planet.


signature.asc
Description: PGP signature

Bug#1036757: unblock: debian-security-support/1:12+2023.05.12

2023-05-25 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support to update the status
of security-support in bookworm. The debdiff is trivial:

$ debdiff debian-security-support_12+2023.05.04.dsc 
debian-security-support_12+2023.05.12.dsc
diff -Nru debian-security-support-12+2023.05.04/debian/changelog 
debian-security-support-12+2023.05.12/debian/changelog
--- debian-security-support-12+2023.05.04/debian/changelog  2023-05-04 
19:09:45.0 +0200
+++ debian-security-support-12+2023.05.12/debian/changelog  2023-05-12 
14:45:22.0 +0200
@@ -1,3 +1,14 @@
+debian-security-support (1:12+2023.05.12) unstable; urgency=medium
+
+  [ Holger Levsen ]
+  * Add wpewebkit to security-support-ended.deb12. Thanks to Alberto Garcia.
+Closes: #1035794.
+
+  [ Markus Koschany ]
+  * Add pluxml to security-support-ended.deb10.
+
+ -- Holger Levsen   Fri, 12 May 2023 14:45:22 +0200
+
 debian-security-support (1:12+2023.05.04) unstable; urgency=medium
 
   [ Holger Levsen ]
diff -Nru debian-security-support-12+2023.05.04/security-support-ended.deb10 
debian-security-support-12+2023.05.12/security-support-ended.deb10
--- debian-security-support-12+2023.05.04/security-support-ended.deb10  
2023-04-14 13:16:33.0 +0200
+++ debian-security-support-12+2023.05.12/security-support-ended.deb10  
2023-05-12 10:25:30.0 +0200
@@ -10,7 +10,6 @@
 # 4. Descriptive text or URL with more details (optional)
 #In the program's output, this is prefixed with "Details:"
 
-# none yet (please remove this line once this is not true anymore)
 libperlspeak-perl2.01-2  2020-04-16  
https://bugs.debian.org/954238 (CVE-2020-10674) and 
https://bugs.debian.org/954297 and 954298
 xen  4.11.4+107-gef32c7afa2-12021-08-28  
https://xenbits.xen.org/docs/4.11-testing/SUPPORT.html#release-support
 chromium 90.0.4430.212-1~deb10u1 2022-01-14  
https://lists.debian.org/debian-security-announce/2022/msg00012.html
@@ -18,3 +17,4 @@
 gpac 0.5.2-426-gc5ad4e4+dfsg5-5  2022-08-03  
https://lists.debian.org/debian-lts/2022/05/msg00043.html
 libspring-java   4.3.5-1+deb9u1  2022-08-09  
https://lists.debian.org/debian-lts/2022/08/msg1.html
 ckeditor33.6.6.1+dfsg-1  2022-08-09  
https://lists.debian.org/debian-lts/2022/08/msg1.html
+pluxml   5.6-1   2023-05-06  Removed from 
Debian. No upstream response to CVE.
diff -Nru debian-security-support-12+2023.05.04/security-support-ended.deb12 
debian-security-support-12+2023.05.12/security-support-ended.deb12
--- debian-security-support-12+2023.05.04/security-support-ended.deb12  
2023-04-14 13:16:33.0 +0200
+++ debian-security-support-12+2023.05.12/security-support-ended.deb12  
2023-05-12 10:25:58.0 +0200
@@ -10,4 +10,4 @@
 # 4. Descriptive text or URL with more details (optional)
 #In the program's output, this is prefixed with "Details:"
 
-# none yet (please remove this line once this is not true anymore)
+wpewebkit  2.38.6-12023-05-09  
https://bugs.debian.org/1035794

unblock debian-security-support/1:12+2023.05.12

Thanks!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Covid. Changing hearts and minds since 2019. (@1goodtern)


signature.asc
Description: PGP signature

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

2023-05-25 Thread Holger Levsen

On Wed, May 24, 2023 at 10:05:19PM +0100, Adam D. Barratt wrote:
> Great. That's now 
> https://lists.debian.org/debian-stable-announce/2023/05/msg0.html
 
awesome, thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

wirklicher reichtum ist nicht privatjet fliegen, sondern sich vor dem schützen
können, was privatjet fliegen auslöst." <3 böhmermann am 3.2.23


signature.asc
Description: PGP signature

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

2023-05-23 Thread Holger Levsen

On Tue, May 23, 2023 at 05:44:30PM +0100, Adam D. Barratt wrote:
> In the interests of not blocking on things other than SRM's free time,
> how does this sound as some blurb for an announcement mail?
> 
> 
> The debian-security-support package tracks the level of security support
> available for packages within Debian releases, allowing administrators to
> be alerted to installed packages for which support has had to be limited
> or prematurely ended.
> 
> The version of the package in bullseye can lead to the production of a
> large number of warning messages during an upgrade to the upcoming
> bookworm release. This update resolves that issue.
> 

sounds pretty good to me, thank you.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

No mas pobres en un pais rico!


signature.asc
Description: PGP signature

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

2023-05-19 Thread Holger Levsen

On Fri, May 19, 2023 at 02:38:37PM +0100, Adam D. Barratt wrote:
> > thanks! how/when will it moved/be moved to bullseye-updates?
> As I mentioned in a previous reply, the _how_ is by a member of SRM
> asking dak to do so. (And it will be copied, not moved. The package
> stays in p-u as well, in order to be added to bullseye in the next
> point release.)

ic, thanks.

> As to when, it needs to be when someone (which in practice is likely to
> be me) has had time to write an announcement and be around just after a
> dinstall to send out said announcement. As you can probably imagine,
> some people get worried when an update appears that they can't find a
> corresponding announcement for.
> 
> I'm hoping to find time to look at it over the weekend, but that
> depends a little on what life thinks of the idea.

cool, thank you.

> I'm sure it's not intended to be, but fwiw it does /feel/ a bit chasy.
> :-)

sigh, i'm sorry! (I do see the smiley however, but still.) 

My intentions were absolutly not chasing, but rather a.) making sure most people
will have it installed (on bullseye) before they upgrade to bookworm b.) 
probably
also help with what's left to do, though now I'm not sure there's much I can 
help
with.

Thank you!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If a monkey hoarded more bananas than it could eat, while most of the other
monkeys starved, scientists would study that monkey to figure out what the
heck was wrong with it. When humans do it, we put them on the cover of Forbes.

signature.asc
Description: PGP signature

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-19 Thread Holger Levsen

On Thu, May 18, 2023 at 02:44:01PM +0100, Adam D. Barratt wrote:
> The relevant section of dev-ref implies this, fwiw. I think some
> combination of you and I wrote it. :-)

https://www.debian.org/doc/manuals/developers-reference/developers-reference.en.html#special-case-the-stable-updates-suite
just got this change:

Author: Holger Levsen 
Date:   Fri May 19 16:04:35 2023 +0200

pkgs: explicitly state that $suite should be used in d/changelog for 
uploads to stable-updates.

Signed-off-by: Holger Levsen 

diff --git a/source/pkgs.rst b/source/pkgs.rst
+- Uploads to ``stable-updates`` should target their suite name in
+  the changelog as usual, e.g. ``bullseye``.
 

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

In a world where you can be anything, be kind.


signature.asc
Description: PGP signature

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-19 Thread Holger Levsen

On Thu, May 18, 2023 at 02:44:01PM +0100, Adam D. Barratt wrote:
> > ic. so I should have uploaded to bullseye-proposed-updates instead?
> Any upload goes to p-u first, yeah. So the target should always be
> simply "bullseye", by preference. dak will accept a bunch of other
> things, including "stable", "bullseye-proposed-updates", "proposed-
> updates" and, as you've demonstrated, "bullseye-updates" and DTRT, but
> it's cleaner and less potentially confusing if everything uses the
> same.

ok, thanks. that does make sense.
 
> The relevant section of dev-ref implies this, fwiw. I think some
> combination of you and I wrote it. :-)

oh dear. however upon re-reading 5.5.1 and 5.5.2 I've noticed that 5.5.2
says nothing about the suite in d/changelog and I think I'm going to fix
that now :)

https://www.debian.org/doc/manuals/developers-reference/developers-reference.en.html#special-case-the-stable-updates-suite


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If a monkey hoarded more bananas than it could eat, while most of the other
monkeys starved, scientists would study that monkey to figure out what the
heck was wrong with it. When humans do it, we put them on the cover of Forbes.


signature.asc
Description: PGP signature

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

2023-05-19 Thread Holger Levsen

On Thu, May 18, 2023 at 07:51:36PM +, Adam D Barratt wrote:
> The upload referenced by this bug report has been flagged for acceptance into 
> the proposed-updates queue for Debian bullseye.
 
thanks! how/when will it moved/be moved to bullseye-updates?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

🔥 - this is fine.


signature.asc
Description: PGP signature

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-18 Thread Holger Levsen

On Thu, May 18, 2023 at 06:44:18AM +0100, Adam D. Barratt wrote:
> On Thu, 2023-05-18 at 00:44 +0000, Holger Levsen wrote:
> >  debian-security-support (1:11+2023.05.04) bullseye-updates;
> > urgency=medium
> Hmmm. I didn't expect that would work, although apparently it did, at
> least for the package to get as far as stable-new. I'm hoping dak also
> dtrt for accepts of such packages, i.e. moves them to p-u as for any
> other stable upload.
> 
> -updates isn't an upload target; packages enter it by SRM asking dak to
> copy them from p-u.
 
ic. so I should have uploaded to bullseye-proposed-updates instead?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

People call vaccine mandates "Orwellian" even though Orwell died at 46 of
tuberculosis, which is now preventable with a vaccine.


signature.asc
Description: PGP signature

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-17 Thread Holger Levsen

On Fri, May 12, 2023 at 08:30:22PM +0100, Adam D. Barratt wrote:
> It's only been a week, and one of the SRMs has been on a publicised
> (fvo publicised being relevant to DDs) week away. It's a little soon to
> be chasing. :-(

(again) I'm sorry if this felt as chasing, this wasn't my intention.

> I'm a bit confused here. Your own text above indicates that you're
> aware that there won't be any more point releases before the release,
> and that therefore the package *cannot* be in bullseye before the
> release. Point releases are the mechanism by which packages get updated
> in stable.

yes, that part I am and was familar with. Less clear was ${distro}-updates,
which thankfully got resolved through this bug. I think. ;)

> In any case, please go ahead.

thanks, done so now with this changelog:

 debian-security-support (1:11+2023.05.04) bullseye-updates; urgency=medium
 .
   [ Holger Levsen ]
   * set DEB_NEXT_VER_ID=12 as bookworm is the next release. Closes: #1034077.
 Thanks to Stuart Prescott.
 .
   [ Sylvain Beucler ]
   * security-support-limited: add gnupg1, see #982258.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"I became an antifascist out of a sense of common decency.” – Marlene Dietrich


signature.asc
Description: PGP signature

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-12 Thread Holger Levsen

hi,

friendly ping on this.

On Thu, May 04, 2023 at 07:50:37PM +0200, Holger Levsen wrote:
> this is a pre-approval request, I have not uploaded this yet (except to
> unstable). 

the package has migrated to bookworm now.
 
> [ Reason ]
> 
> unfortunatly debian-security-support in both bullseye and bookworm
> are affected by - #1034077 
> "debian-security-support: Lots of noise about DEBIAN_VERSION 12 being 
> invalid when upgrading bullseye→bookworm"
[...]
 
> [ Other info ]
> As there will be no more bullseye point releases before the bookworm
> release, this probably needs to go in via bullseye-updates. Is d/changelog
> correct for this like it is?

I'm not quoting the full bug report but the above is reason why this should
go into *bullseye* before the bookworm release...


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

When you’re used to privilege, equality feels like oppression.


signature.asc
Description: PGP signature

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-04 Thread Holger Levsen

On Thu, May 04, 2023 at 07:50:37PM +0200, Holger Levsen wrote:
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable

I forgot to mention: I also reviewed the (only recently added checklist
in README.source about what to do for a new release cycle and confirmed
this checklist is correct and complete, so that I'm quite very hopeful 
we wont have something like #1034077 for forky.

(#1034077 is fixed in unstable (thus trixie) and those two bugs in To: are
to get the fix into bullseye and bookworm.)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Das Leben ist schön. Von 'einfach' war nie die Rede. (@lernzyklus)

signature.asc
Description: PGP signature

Bug#1035524: unblock: debian-security-support/1:12+2023.05.04

2023-05-04 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support to fix #1034077
"debian-security-support: Lots of noise about DEBIAN_VERSION 12 being invalid 
when upgrading bullseye→bookworm" in bookworm as well.

Else #1034077 will hit future upgrades to trixie as well.

#1035522 is the request for pre-approval for fixing this in bullseye and
has some more information why this is needed, though in principle just
look at #1034077 and the diff here :) Thanks!

 check-support-status.in  |2 +-
 debian/changelog |   14 ++
 debian/po/tr.po  |   36 +++-
 debian/rules |2 +-
 security-support-limited |2 ++
 5 files changed, 33 insertions(+), 23 deletions(-)

The full debdiff is attached.

unblock debian-security-support/1:12+2023.05.04


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Punk ist nicht tot.
Punk trägt Maske, ist solidarisch und schützt sich und andere.
(@Kreuzpirat)
diff -Nru debian-security-support-12+2023.03.23/check-support-status.in debian-security-support-12+2023.05.04/check-support-status.in
--- debian-security-support-12+2023.03.23/check-support-status.in	2023-03-05 20:33:23.0 +0100
+++ debian-security-support-12+2023.05.04/check-support-status.in	2023-05-04 19:02:24.0 +0200
@@ -13,7 +13,7 @@
 # Oldest Debian version included in debian-security-support
 DEB_LOWEST_VER_ID=9
 # Version ID for next Debian stable
-DEB_NEXT_VER_ID=12
+DEB_NEXT_VER_ID=13
 
 if [ -z "$DEBIAN_VERSION" ] ; then
 DEBIAN_VERSION="$(cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)"
diff -Nru debian-security-support-12+2023.03.23/debian/changelog debian-security-support-12+2023.05.04/debian/changelog
--- debian-security-support-12+2023.03.23/debian/changelog	2023-03-23 22:38:23.0 +0100
+++ debian-security-support-12+2023.05.04/debian/changelog	2023-05-04 19:09:45.0 +0200
@@ -1,3 +1,17 @@
+debian-security-support (1:12+2023.05.04) unstable; urgency=medium
+
+  [ Holger Levsen ]
+  * set DEB_NEXT_VER_ID=13 in anticipation of the bookworm release.
+Closes: #1034077. Thanks to Stuart Prescott.
+  * security-support-limited: add rust.* as discussed in
+https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/153
+  * Update Turkish translation, thanks to Atila KOÇ. Closes: #1033928.
+
+  [ Sylvain Beucler ]
+  * security-support-limited: add gnupg1, see #982258.
+
+ -- Holger Levsen   Thu, 04 May 2023 19:09:45 +0200
+
 debian-security-support (1:12+2023.03.23) unstable; urgency=medium
 
   * d/README.source: list steps to be done at the beginning of each release
diff -Nru debian-security-support-12+2023.03.23/debian/po/tr.po debian-security-support-12+2023.05.04/debian/po/tr.po
--- debian-security-support-12+2023.03.23/debian/po/tr.po	2018-03-16 15:39:59.0 +0100
+++ debian-security-support-12+2023.05.04/debian/po/tr.po	2023-05-04 19:09:45.0 +0200
@@ -1,21 +1,22 @@
-# Turkish translation of debian-security-support package
-# Copyright (C) 2014 Mert Dirik
+# Turkish debconf translation of debian-security-support
 # This file is distributed under the same license as the debian-security-support package.
 # Mert Dirik , 2014.
+# Atila KOÇ , 2023.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: debian-security-support\n"
 "Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n"
 "POT-Creation-Date: 2016-05-12 09:42+0200\n"
-"PO-Revision-Date: 2014-08-03 17:04+0200\n"
-"Last-Translator: Mert Dirik \n"
+"PO-Revision-Date: 2023-03-04 22:32+0300\n"
+"Last-Translator: Atila KOÇ \n"
 "Language-Team: Debian L10n Turkish \n"
 "Language: tr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.4\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"X-Generator: Poedit 2.4.2\n"
 
 #. Type: text
 #. Description
@@ -30,8 +31,8 @@
 "Unfortunately, it has been necessary to end security support for some "
 "packages before the end of the regular security maintenance life cycle."
 msgstr ""
-"Maalesef bazı paketlerin güvenlik desteğine dağıtım için normalde öngörülen "
-"güvenlik desteği süresi dolmadan önce son vermek zorunda kaldık."
+"Bazı paketlerin güvenlik desteğine, dağıtım için öngörülen güvenlik desteği "
+"süresi dolmadan önce son vermek gerekti."
 
 #. Type: text
 #. Description
@@ -43,14 +44,14 @@
 #: ../debian-security-support.templates:3001
 #: ../debian-security-support.templates:4001
 msgid "The fo

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-04 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

hi,

this is a pre-approval request, I have not uploaded this yet (except to
unstable). 

[ Reason ]

unfortunatly debian-security-support in both bullseye and bookworm
are affected by - #1034077 
"debian-security-support: Lots of noise about DEBIAN_VERSION 12 being 
invalid when upgrading bullseye→bookworm"

though fortunatly the fix is trivial and buster is not affected.

(And unfortunatly I forgot to fix this in the last bullseye point release...)

[ Impact ]

Lots of noise on bullseye to bookworm upgrades with debian-security-support
installed (which has a popcon of ~2750)

[ Tests ]

none, but the diff is really small & straightforward, see attachment.

 check-support-status.in  |2 +-
 debian/changelog |   11 +++
 debian/rules |2 +-
 security-support-limited |1 +
 4 files changed, 14 insertions(+), 2 deletions(-)

[ Risks ]

more users complaining about noise.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Other info ]

As there will be no more bullseye point releases before the bookworm
release, this probably needs to go in via bullseye-updates. Is d/changelog
correct for this like it is?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If we'd ban all cars from cities tomorrow, next week we will wonder why we
waited for so long.
diff -Nru debian-security-support-11+2022.08.23/check-support-status.in debian-security-support-11+2023.05.04/check-support-status.in
--- debian-security-support-11+2022.08.23/check-support-status.in	2022-08-23 18:24:26.0 +0200
+++ debian-security-support-11+2023.05.04/check-support-status.in	2023-05-04 19:24:04.0 +0200
@@ -13,7 +13,7 @@
 # Oldest Debian version included in debian-security-support
 DEB_LOWEST_VER_ID=9
 # Version ID for next Debian stable
-DEB_NEXT_VER_ID=11
+DEB_NEXT_VER_ID=12
 
 if [ -z "$DEBIAN_VERSION" ] ; then
 DEBIAN_VERSION="$(cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)"
diff -Nru debian-security-support-11+2022.08.23/debian/changelog debian-security-support-11+2023.05.04/debian/changelog
--- debian-security-support-11+2022.08.23/debian/changelog	2022-08-23 18:26:34.0 +0200
+++ debian-security-support-11+2023.05.04/debian/changelog	2023-05-04 19:27:19.0 +0200
@@ -1,3 +1,14 @@
+debian-security-support (1:11+2023.05.04) bullseye; urgency=medium
+
+  [ Holger Levsen ]
+  * set DEB_NEXT_VER_ID=12 as bookworm is the next release. Closes: #1034077.
+Thanks to Stuart Prescott.
+
+  [ Sylvain Beucler ]
+  * security-support-limited: add gnupg1, see #982258.
+
+ -- Holger Levsen   Thu, 04 May 2023 19:27:19 +0200
+
 debian-security-support (1:11+2022.08.23) bullseye; urgency=medium
 
   * Update security-support-limited from 1:12+2022.08.19 from unstable,
diff -Nru debian-security-support-11+2022.08.23/debian/rules debian-security-support-11+2023.05.04/debian/rules
--- debian-security-support-11+2022.08.23/debian/rules	2022-08-23 18:24:26.0 +0200
+++ debian-security-support-11+2023.05.04/debian/rules	2023-05-04 19:24:04.0 +0200
@@ -1,6 +1,6 @@
 #!/usr/bin/make -f
 
-NEXT_VERSION_ID=11
+NEXT_VERSION_ID=12
 
 DEBIAN_VERSION ?= $(shell cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)
 ifeq (,$(DEBIAN_VERSION))
diff -Nru debian-security-support-11+2022.08.23/security-support-limited debian-security-support-11+2023.05.04/security-support-limited
--- debian-security-support-11+2022.08.23/security-support-limited	2022-08-23 18:24:26.0 +0200
+++ debian-security-support-11+2023.05.04/security-support-limited	2023-05-04 19:24:04.0 +0200
@@ -12,6 +12,7 @@
 ganglia See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
 ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
 golang*		See https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking
+gnupg1  See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
 kde4libskhtml has no security support upstream, only for use on trusted content
 khtml   khtml has no security support upstream, only for use on trusted content, see #1004293
 mozjs68 Not covered by security support, only suitable for trusted content, see #959804


signature.asc
Description: PGP signature

Bug#1034400: unblock: debian-edu-config/2.12.32

2023-04-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-config, which is a key package and thus
needs unblocking. All autopkgtests are successful and the package has been
in unstable since 17 days.

The update fixes one bug affecting the use with blueray disks.

This is the full debdiff:

$ debdiff debian-edu-config_2.12.31.dsc debian-edu-config_2.12.32.dsc
diff -Nru debian-edu-config-2.12.31/debian/changelog 
debian-edu-config-2.12.32/debian/changelog
--- debian-edu-config-2.12.31/debian/changelog  2023-02-26 10:10:43.0 
+0100
+++ debian-edu-config-2.12.32/debian/changelog  2023-03-27 20:40:47.0 
+0200
@@ -1,3 +1,10 @@
+debian-edu-config (2.12.32) unstable; urgency=medium
+
+  * debian-edu-ltsp-install: fix failure with absent BD iso images. Patch
+thanks to Wolfgang Schweer. Closes: #1033451.
+
+ -- Holger Levsen   Mon, 27 Mar 2023 20:40:47 +0200
+
 debian-edu-config (2.12.31) unstable; urgency=medium
 
   * sbin/debian-edu-pxeinstall: adjust for memtest86+ 6.10-4, thanks to
diff -Nru debian-edu-config-2.12.31/sbin/debian-edu-ltsp-install 
debian-edu-config-2.12.32/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.12.31/sbin/debian-edu-ltsp-install  2022-11-13 
14:55:57.0 +0100
+++ debian-edu-config-2.12.32/sbin/debian-edu-ltsp-install  2023-03-27 
20:36:55.0 +0200
@@ -18,7 +18,7 @@
 # Licence: GPL2+
 # first edited:2019-11-21
 
-version=2021-11-18
+version=2023-03-25
 
 set -e
 
@@ -598,7 +598,7 @@
mkdir -p /srv/ltsp/dlw
chmod 755 /srv/ltsp/dlw
# Use BD-ISO if available.
-   if ! mountpoint -q /media/cdrom ; then
+   if [ "true" == "$BD_ISO" ] && ! mountpoint -q /media/cdrom ; then
mount /media/cdrom
fi
if grep -q BD /etc/apt/sources.list && [ -f /media/cdrom/.disk/info ] ; 
then





unblock debian-edu-config/2.12.32

Thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Just 100 companies are responsible for 71% of global emissions.
https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change


signature.asc
Description: PGP signature

Bug#1033378: unblock: debian-security-support/1:12+2023.03.23

2023-03-23 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support, for a trivial, yet adequate
update. Sadly it has no autopkgtest, thus this unblock request.

[ Reason ]
debian-security-support in bookworm lacks a file
security-support-ended.deb12, and thus adequate complains,
though not debian-security-support. still it feels wrong
and it would need to be added in later updates anyway.
thus adding it now and adding a checklist what to do
at the beginning of each release cycle.

[ Impact ]
hardly any, but it's cleaner.

[ Tests ]
https://piuparts.debian.org/sid/broken_symlinks_issue.html
listed debian-security-support/1:12+2023.03.17 yesterdaybut
it does not list debian-security-support/1:12+2023.03.22 anymore today.
\o/

[ Risks ]
I cannot imagine any but I've seen horses puking, so.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
(Anything else the release team should know.)

You are doing an awesome job. Release processes are better documented and
automated than ever, and you still keep improving them while still keeping
"a human touch", "despite also enforcing them". Seriously kudos & thank you.

unblock debian-security-support/1:12+2023.03.23

$ debdiff debian-security-support_12+2023.03.17.dsc 
debian-security-support_12+2023.03.23.dsc|diffstat
 debian/README.source |   16 +++-
 debian/changelog |   13 +
 security-support-ended.deb12 |   13 +
 3 files changed, 41 insertions(+), 1 deletion(-)

$ debdiff debian-security-support_12+2023.03.17.dsc 
debian-security-support_12+2023.03.23.dsc
diff -Nru debian-security-support-12+2023.03.17/debian/changelog 
debian-security-support-12+2023.03.23/debian/changelog
--- debian-security-support-12+2023.03.17/debian/changelog  2023-03-17 
12:27:15.0 +0100
+++ debian-security-support-12+2023.03.23/debian/changelog  2023-03-23 
22:38:23.0 +0100
@@ -1,3 +1,16 @@
+debian-security-support (1:12+2023.03.23) unstable; urgency=medium
+
+  * d/README.source: list steps to be done at the beginning of each release
+cycle to avoid bugs like #1033312.
+
+ -- Holger Levsen   Thu, 23 Mar 2023 22:38:23 +0100
+
+debian-security-support (1:12+2023.03.22) unstable; urgency=medium
+
+  * Add currently empty security-support-ended.deb12 file. Closes: #1033312.
+
+ -- Holger Levsen   Wed, 22 Mar 2023 11:24:28 +0100
+
 debian-security-support (1:12+2023.03.17) unstable; urgency=medium
 
   [ Moritz Muehlenhoff ]
diff -Nru debian-security-support-12+2023.03.17/debian/README.source 
debian-security-support-12+2023.03.23/debian/README.source
--- debian-security-support-12+2023.03.17/debian/README.source  2023-03-05 
20:33:23.0 +0100
+++ debian-security-support-12+2023.03.23/debian/README.source  2023-03-22 
17:00:24.0 +0100
@@ -7,9 +7,23 @@
 All changes should be introduced in unstable first, and then migrate to 
testing.
 To support stable and older releases there are GIT branches.
 
-Usually only support status updates are applied to stable and older branches.
+Only support status updates are applied to stable and older branches.
 
 If in doubt whether something should be committed for unstable,
 please open a MR on salsa.debian.org so the change can be discussed there.
 
 Further improvements to this README are very welcome too.
+
+# ToDo list for a new Debian release
+
+At the beginning of each new Debian release cycle, these steps need to be done:
+
+- create a new git branch for the old release
+- increase the epoch in debian/changelog
+- create security-support-ended.debX based on the previous release
+- debian/rules: increase NEXT_VERSION_ID
+- check-support-status.in:
+  - increase DEB_NEXT_VER_ID
+  - increase DEB_LOWEST_VER_ID and drop security-support-ended.debY
+- update links with release codenames in security-support-limited
+
diff -Nru debian-security-support-12+2023.03.17/security-support-ended.deb12 
debian-security-support-12+2023.03.23/security-support-ended.deb12
--- debian-security-support-12+2023.03.17/security-support-ended.deb12  
1970-01-01 01:00:00.0 +0100
+++ debian-security-support-12+2023.03.23/security-support-ended.deb12  
2023-03-22 10:34:41.0 +0100
@@ -0,0 +1,13 @@
+
+# List of packages whose security support ends before the distribution EOL
+
+# File format: Columns, separated by one or more space characters
+# 1. source package name
+# 2. last version with support
+#Important: If there have been binNMUs, enter the highest version
+#number used
+# 3. Date when support ended or will end, in the form -mm-dd
+# 4. Descriptive text or URL with more details (optional)
+#In the program's output, this is prefixed with "Details:"
+
+# none yet (please remove this

Bug#1032885: unblock: debian-security-support/1:12+2023.03.05

2023-03-17 Thread Holger Levsen

control: retitle -1 unblock: debian-security-support/1:12+2023.03.17
control: tags -1 -moreinfo
thanks

On Fri, Mar 17, 2023 at 09:49:46AM +0100, Moritz Mühlenhoff wrote:
> > openjdk-17  See 
> > https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#openjdk-17
> Ack. I also filed #1033069 to update the release notes.

cool, thanks.
 
> > Are there any further updates expected from the security team's POV?
> I pushed a change to add a note on the legacy Spring classes we only use to
> build some packages, but with by itself are not supported to run anything.

cool, thanks.
 
> With that I think everything is covered for Bookworm I think.

great, I've just uploaded debian-security-support/1:12+2023.03.17, the
updated full debdiff to the version in bookworm is attached.

$ debdiff debian-security-support_12+2022.08.22.dsc 
debian-security-support_12+2023.03.17.dsc|diffstat
 debian/changelog |   36 +
 debian/control   |2 
 debian/debian-security-support.lintian-overrides |6 ++
 debian/po/ro.po  |  100 
+
 po/ro.po |  142 
++
 security-support-limited |8 +--
 6 files changed, 288 insertions(+), 6 deletions(-)


debian-security-support (1:12+2023.03.17) unstable; urgency=medium

  [ Moritz Muehlenhoff ]
  * security-support-limited: add note about libspring-java.

  [ Holger Levsen ]
  * security-support-limited: Add openjdk-21 and drop openjdk-17 as the latter
is the default (and supported) JDK in bookworm.
  * Add lintian override for possibly-insecure-handling-of-tmp-files-in-
maintainer-script after reviewing the postinst script.
  * Add lintian override for unused debconf templates because the templates are
    used, just not by debconf.

 -- Holger Levsen   Fri, 17 Mar 2023 12:27:15 +0100

debian-security-support (1:12+2023.03.05) unstable; urgency=medium

  * security-support-limited:
- for golang and openjdk-17, point to the bookworm manual instead the one
  for bullseye.
- add mozjs102 based on package description (and #959804).
- drop mozjs52 and mozjs60 as they were only present in buster.

 -- Holger Levsen   Sun, 05 Mar 2023 20:39:38 +0100

debian-security-support (1:12+2022.08.23) unstable; urgency=medium

  * Add Romanian translation for debian-security-support debconf templates,
thanks to Remus-Gabriel Chelu. Closes: #1031615.
  * Add Romanian translation for check-support-status, thanks to
Remus-Gabriel Chelu. Closes: #1031617.
  * Fix mismatched lintian override, thanks lintian-brush.
  * Bump standards version to 4.6.2, no changes needed.

 -- Holger Levsen   Sun, 05 Mar 2023 20:06:04 +0100


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The system isn't broken. It was built this way.
diff -Nru debian-security-support-12+2022.08.22/debian/changelog debian-security-support-12+2023.03.17/debian/changelog
--- debian-security-support-12+2022.08.22/debian/changelog	2022-08-22 14:59:42.0 +0200
+++ debian-security-support-12+2023.03.17/debian/changelog	2023-03-17 12:27:15.0 +0100
@@ -1,3 +1,39 @@
+debian-security-support (1:12+2023.03.17) unstable; urgency=medium
+
+  [ Moritz Muehlenhoff ]
+  * security-support-limited: add note about libspring-java.
+
+  [ Holger Levsen ]
+  * security-support-limited: Add openjdk-21 and drop openjdk-17 as the latter
+is the default (and supported) JDK in bookworm.
+  * Add lintian override for possibly-insecure-handling-of-tmp-files-in-
+maintainer-script after reviewing the postinst script.
+  * Add lintian override for unused debconf templates because the templates are
+used, just not by debconf.
+
+ -- Holger Levsen   Fri, 17 Mar 2023 12:27:15 +0100
+
+debian-security-support (1:12+2023.03.05) unstable; urgency=medium
+
+  * security-support-limited:
+- for golang and openjdk-17, point to the bookworm manual instead the one
+  for bullseye.
+- add mozjs102 based on package description (and #959804).
+- drop mozjs52 and mozjs60 as they were only present in buster.
+
+ -- Holger Levsen   Sun, 05 Mar 2023 20:39:38 +0100
+
+debian-security-support (1:12+2022.08.23) unstable; urgency=medium
+
+  * Add Romanian translation for debian-security-support debconf templates,
+thanks to Remus-Gabriel Chelu. Closes: #1031615.
+  * Add Romanian translation for check-support-status, thanks to
+Remus-Gabriel Chelu. Closes: #1031617.
+  * Fix mismatched lintian override, thanks lintian-brush.
+  * Bump standards version to 4.6.2, no changes needed.
+
+ -- Holger Levsen   Sun, 05 Mar 2023 20:06:04 +010

Bug#1032885: unblock: debian-security-support/1:12+2023.03.05

2023-03-13 Thread Holger Levsen

On Mon, Mar 13, 2023 at 03:58:45PM +0100, Moritz Mühlenhoff wrote:
> Am Mon, Mar 13, 2023 at 01:43:11PM +0100 schrieb Holger Levsen:
> >   * security-support-limited:
> > - for golang and openjdk-17, point to the bookworm manual instead the 
> > one
> >   for bullseye.
> That's wrong, though. (And the release notes need updating to, I'll file
> a bug soonish): In Bookworm openjdk-17 is the default Java and fully
> supported, but we need the equivalent note for openjdk-21 now.

thanks, Moritz. I'll happily update d-s-s once the release manual is updated.
or i could update d-s-s now too, if it's really just about replacing 17 with
21 in this line from  security-support-limited :

openjdk-17  See 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#openjdk-17

Are there any further updates expected from the security team's POV?

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

We need to learn to live with cholera. What is the alternative? Breaking up
all streets, building drainage with toilets in every building? (@tadeas_)

signature.asc
Description: PGP signature

Bug#1032885: unblock: debian-security-support/1:12+2023.03.05

2023-03-13 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-security-support, for some updated
information about security-support-limited in bookworm and a new
Romanian translation (plus 2 trivial packaging fixes). The complete
diff is trivial and rather risk-free.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

debian-security-support (1:12+2023.03.05) unstable; urgency=medium

  * security-support-limited:
- for golang and openjdk-17, point to the bookworm manual instead the one
  for bullseye.
- add mozjs102 based on package description (and #959804).
- drop mozjs52 and mozjs60 as they were only present in buster.

 -- Holger Levsen   Sun, 05 Mar 2023 20:39:38 +0100

debian-security-support (1:12+2022.08.23) unstable; urgency=medium

  * Add Romanian translation for debian-security-support debconf templates,
thanks to Remus-Gabriel Chelu. Closes: #1031615.
  * Add Romanian translation for check-support-status, thanks to
Remus-Gabriel Chelu. Closes: #1031617.
  * Fix mismatched lintian override, thanks lintian-brush.
  * Bump standards version to 4.6.2, no changes needed.

 -- Holger Levsen   Sun, 05 Mar 2023 20:06:04 +0100

$ debdiff debian-security-support_12+2022.08.22.dsc 
debian-security-support_12+2023.03.05.dsc|diffstat
 debian/changelog |   21 ++
 debian/control   |2 -
 debian/debian-security-support.lintian-overrides |2 -
 debian/po/ro.po  |  100 
++
 po/ro.po |  142 

 security-support-limited |7 ++
 6 files changed, 268 insertions(+), 6 deletions(-)

see attached full debdiff.

unblock debian-security-support/1:12+2023.03.05


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Right-handed people commit 90% of all crime world-wide.
diff -Nru debian-security-support-12+2022.08.22/debian/changelog debian-security-support-12+2023.03.05/debian/changelog
--- debian-security-support-12+2022.08.22/debian/changelog	2022-08-22 14:59:42.0 +0200
+++ debian-security-support-12+2023.03.05/debian/changelog	2023-03-05 20:39:38.0 +0100
@@ -1,3 +1,24 @@
+debian-security-support (1:12+2023.03.05) unstable; urgency=medium
+
+  * security-support-limited:
+- for golang and openjdk-17, point to the bookworm manual instead the one
+  for bullseye.
+- add mozjs102 based on package description (and #959804).
+- drop mozjs52 and mozjs60 as they were only present in buster.
+
+ -- Holger Levsen   Sun, 05 Mar 2023 20:39:38 +0100
+
+debian-security-support (1:12+2022.08.23) unstable; urgency=medium
+
+  * Add Romanian translation for debian-security-support debconf templates,
+thanks to Remus-Gabriel Chelu. Closes: #1031615.
+  * Add Romanian translation for check-support-status, thanks to
+Remus-Gabriel Chelu. Closes: #1031617.
+  * Fix mismatched lintian override, thanks lintian-brush.
+  * Bump standards version to 4.6.2, no changes needed.
+
+ -- Holger Levsen   Sun, 05 Mar 2023 20:06:04 +0100
+
 debian-security-support (1:12+2022.08.22) unstable; urgency=medium
 
   * Revert "include /var/lib/debian-security-support in package.", thus
diff -Nru debian-security-support-12+2022.08.22/debian/control debian-security-support-12+2023.03.05/debian/control
--- debian-security-support-12+2022.08.22/debian/control	2022-08-22 13:17:16.0 +0200
+++ debian-security-support-12+2023.03.05/debian/control	2023-03-05 20:33:23.0 +0100
@@ -16,7 +16,7 @@
 original-awk,
 po-debconf,
 xmlto,
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 Rules-Requires-Root: no
 Vcs-Git: https://salsa.debian.org/debian/debian-security-support.git
 Vcs-Browser: https://salsa.debian.org/debian/debian-security-support
diff -Nru debian-security-support-12+2022.08.22/debian/debian-security-support.lintian-overrides debian-security-support-12+2023.03.05/debian/debian-security-support.lintian-overrides
--- debian-security-support-12+2022.08.22/debian/debian-security-support.lintian-overrides	2022-08-22 12:33:16.0 +0200
+++ debian-security-support-12+2023.03.05/debian/debian-security-support.lintian-overrides	2023-03-05 20:33:23.0 +0100
@@ -1,3 +1,3 @@
 debian-security-support: no-debconf-config
 debian-security-support: postinst-uses-db-input
-debian-security-support: debconf-is-not-a-registry usr/share/debian-security-support/che

Bug#1026945: bullseye-pu: package guix/1.2.0-4

2023-01-20 Thread Holger Levsen

Hi Vagrant,

On Fri, Jan 20, 2023 at 02:27:19PM -0800, Vagrant Cascadian wrote:
> On 2022-12-24, Vagrant Cascadian wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bullseye
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > X-Debbugs-Cc: g...@packages.debian.org vagr...@debian.org
> > Control: affects -1 + src:guix
> 
> Should I have intead filed this with the intended version
> (e.g. guix/1.2.0-4+deb11u1) ? Should I just go ahead and upload, as this
> fixes a FTBFS issue in bullseye?

yes & yes, you are encouraged to upload if you are certain the upload
will be accepted.

https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions

-> third paragraph there:

If you are confident that the upload will be accepted without changes, please 
feel free to upload at the same time as filing the release.debian.org bug. 
However if you are new to the process, we would recommend getting approval 
before uploading so you get a chance to see if your expectations align with 
ours.

disclaimer: I'm not a stable release manager, but you know that. :)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Every time you see the word "smart" used to describe a device, replace it with
"surveillance." Surveillance watch. Surveillance streetlights. Surveillance
oven. Surveillance toilet. Surveillance car. Surveillance city. (@mollyali)

signature.asc
Description: PGP signature

+1 (Re: SONAME bumps (transitions) always via experimental)

2023-01-05 Thread Holger Levsen

On Thu, Jan 05, 2023 at 12:26:09PM +0100, Paul Gevers wrote in a mail with
the subject "SONAME bumps (transitions) always via experimental)":
> Are there objections against this workflow? (Or voices from people who like
> this?)

I like this. 


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Everyone is entitled to their own opinion, but not their own facts.


signature.asc
Description: PGP signature

Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm

2022-12-17 Thread Holger Levsen

Hi Paul,

On Sat, Dec 17, 2022 at 04:42:43PM +0100, Paul Gevers wrote:
> Well, the key package set is something else than the set we consider for the
> first freeze. 

doh (obviously), sorry for the noise.

> The key package set is a set based on source, so indeed it
> doesn't differ per suite.

right.

> > So now I wonder: how to get this from UDD?
> I think you had the right query.

thanks for confirming! :) and the whole reply despite my error.

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

June 2021 was the hottest on record for the Northern Hemisphere. In fact, 2019,
2020 and 2021 are the three hottest Junes on record for the Northern Hemisphere.
(@ScottDuncanWX)

signature.asc
Description: PGP signature

Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm

2022-12-17 Thread Holger Levsen

On Sat, Dec 17, 2022 at 08:42:18AM +0100, Paul Gevers wrote:
> I just refreshed the list, it's still there. I used a script on udd,
> essentially this:
[...]
> query = "SELECT DISTINCT package FROM packages WHERE release = 'bookworm'
> and essential = 'yes'"
[...]

this made me check what we're using to calculate the set for
https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_key_packages.html
and it turned out to be this:

# key packages (same for all suites)
SQL_QUERY="SELECT source FROM key_packages;"
psql "postgresql://udd-mirror:udd-mir...@udd-mirror.debian.net/udd" -t -c 
"${SQL_QUERY}" > $TMPFILE

which based on this thread seems to be wrong, as the key packages differ
per suite.

So now I wonder: how to get this from UDD?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Be careful when you follow the masses. Sometimes the "m" is silent.


signature.asc
Description: PGP signature

Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23

2022-08-23 Thread Holger Levsen

hi,

I've just uploaded this to buster for the coming point release:

$ debdiff debian-security-support_2020.06.21~deb10u1.dsc 
debian-security-support_10+2022.08.23.dsc|diffstat
 Makefile.PL  |1 +
 debian/changelog |   26 ++
 security-support-ended.deb10 |8 +++-
 security-support-limited |   12 ++--
 4 files changed, 36 insertions(+), 11 deletions(-)

$ debdiff debian-security-support_2020.06.21~deb10u1.dsc 
debian-security-support_10+2022.08.23.dsc
diff -Nru debian-security-support-2020.06.21~deb10u1/debian/changelog 
debian-security-support-10+2022.08.23/debian/changelog
--- debian-security-support-2020.06.21~deb10u1/debian/changelog 2020-07-10 
19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/debian/changelog  2022-08-23 
18:57:12.0 +0200
@@ -1,3 +1,29 @@
+debian-security-support (1:10+2022.08.23) buster; urgency=medium
+
+  * Introduce release based versioning and add an epoch to achieve that.
+See https://lists.debian.org/20200817100153.ga...@layer-acht.org and
+follow-ups. Closes: #988321
+  * Makefile.PL: strip epoch from internal version just like ~deb10u1 etc are
+also dropped.
+  * Update security-support-ended.deb10 from 1:12+2022.08.12 from unstable,
+thus adding these packages to it:
+- chromium
+- ckeditor3
+- gpac
+- libspring-java
+- slurm-llnl
+- xen
+  * Update security-support-limited from 1:12+2022.08.12 from unstable,
+thus adding:
+- golang
+- khtml
+  * Drop libv8-3.14, mosjz, mosjz24, swftools and webkitgtk from
+security-support-limited as they were only present in stretch and earlier.
+  * Also drop glpi, ltp and wine-gecko-2.(21|24) from security-support-limited
+as they were only present in jessie or earlier.
+
+ -- Holger Levsen   Tue, 23 Aug 2022 18:57:12 +0200
+
 debian-security-support (2020.06.21~deb10u1) buster; urgency=medium
 
   * Rebuild for buster.
diff -Nru debian-security-support-2020.06.21~deb10u1/Makefile.PL 
debian-security-support-10+2022.08.23/Makefile.PL
--- debian-security-support-2020.06.21~deb10u1/Makefile.PL  2018-03-16 
15:39:59.0 +0100
+++ debian-security-support-10+2022.08.23/Makefile.PL   2022-08-19 
16:25:59.0 +0200
@@ -12,6 +12,7 @@
 my $VERSION=$changelog->{Version};
 
 $VERSION =~ s/~deb(.*)//;
+$VERSION =~ s/^[0-9]+://;
 
 WriteMakefile (
 'NAME' =>   'debian-security-support',
diff -Nru 
debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10 
debian-security-support-10+2022.08.23/security-support-ended.deb10
--- debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10 
2020-07-10 19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/security-support-ended.deb10  
2022-08-23 18:57:08.0 +0200
@@ -11,4 +11,10 @@
 #In the program's output, this is prefixed with "Details:"
 
 # none yet (please remove this line once this is not true anymore)
-libperlspeak-perl2.01-2  2020-04-16  
https://bugs.debian.org/954238 (CVE-2020-10674) and 
https://bugs.debian.org/954297 and 954298
+libperlspeak-perl2.01-2  2020-04-16  
https://bugs.debian.org/954238 (CVE-2020-10674) and 
https://bugs.debian.org/954297 and 954298
+xen  4.11.4+107-gef32c7afa2-12021-08-28  
https://xenbits.xen.org/docs/4.11-testing/SUPPORT.html#release-support
+chromium 90.0.4430.212-1~deb10u1 2022-01-14  
https://lists.debian.org/debian-security-announce/2022/msg00012.html
+slurm-llnl   18.08.5.2-1+deb10u2 2022-08-01  
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/39
+gpac 0.5.2-426-gc5ad4e4+dfsg5-5  2022-08-03  
https://lists.debian.org/debian-lts/2022/05/msg00043.html
+libspring-java   4.3.5-1+deb9u1  2022-08-09  
https://lists.debian.org/debian-lts/2022/08/msg1.html
+ckeditor33.6.6.1+dfsg-1  2022-08-09  
https://lists.debian.org/debian-lts/2022/08/msg1.html
diff -Nru debian-security-support-2020.06.21~deb10u1/security-support-limited 
debian-security-support-10+2022.08.23/security-support-limited
--- debian-security-support-2020.06.21~deb10u1/security-support-limited 
2020-07-10 19:29:25.0 +0200
+++ debian-security-support-10+2022.08.23/security-support-limited  
2022-08-23 18:57:08.0 +0200
@@ -10,13 +10,9 @@
 binutilsOnly suitable for trusted content; see 
https://lists.debian.org/msgid-search/87lfqsomtg@mid.deneb.enyo.de
 ganglia See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702775
 ganglia-web See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702776
-glpiOnly supported behind an authenticated HTTP zone for trusted 
users
-golang*See 
https://www.deb

Bug#1017987: bullseye-pu: package debian-security-support/1:11+2022.08.23

2022-08-23 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

I've uploaded this now for the next bullseye point release:

$ debdiff debian-security-support_11+2021.03.19.dsc 
debian-security-support_11+2022.08.23.dsc|diffstat
 debian/changelog |   13 +
 security-support-limited |   11 +++
 2 files changed, 16 insertions(+), 8 deletions(-)

$ debdiff debian-security-support_11+2021.03.19.dsc 
debian-security-support_11+2022.08.23.dsc
diff -Nru debian-security-support-11+2021.03.19/debian/changelog 
debian-security-support-11+2022.08.23/debian/changelog
--- debian-security-support-11+2021.03.19/debian/changelog  2021-03-19 
21:58:42.0 +0100
+++ debian-security-support-11+2022.08.23/debian/changelog  2022-08-23 
18:26:34.0 +0200
@@ -1,3 +1,16 @@
+debian-security-support (1:11+2022.08.23) bullseye; urgency=medium
+
+  * Update security-support-limited from 1:12+2022.08.19 from unstable,
+- add khtml. Closes: #1004293.
+- add openjdk-17 and point to the bullseye release notes (as discussed in
+  #975016).
+- for golang, point to the bullseye manual instead the buster one.
+- drop mozjs52 and mozjs60 as they were only present in buster.
+- drop libv8-3.14, mozjs, mozjs24, swftools and webkitgtk as they were
+  only present in stretch and earlier.
+
+ -- Holger Levsen   Tue, 23 Aug 2022 18:26:34 +0200
+
 debian-security-support (1:11+2021.03.19) unstable; urgency=medium
 
   [ Utkarsh Gupta ]
diff -Nru debian-security-support-11+2021.03.19/security-support-limited 
debian-security-support-11+2022.08.23/security-support-limited
--- debian-security-support-11+2021.03.19/security-support-limited  
2021-01-25 13:28:55.0 +0100
+++ debian-security-support-11+2022.08.23/security-support-limited  
2022-08-23 18:24:26.0 +0200
@@ -11,22 +11,17 @@
 cython  Only included for building packages, not running them, #975058
 ganglia See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702775
 ganglia-web See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702776
-golang*See 
https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking
+golang*See 
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#golang-static-linking
 kde4libskhtml has no security support upstream, only for use on 
trusted content
-libv8-3.14  Not covered by security support, only suitable for trusted 
content
-mozjs   Not covered by security support, only suitable for trusted 
content
-mozjs24 Not covered by security support, only suitable for trusted 
content
-mozjs52 Not covered by security support, only suitable for trusted 
content
-mozjs60 Not covered by security support, only suitable for trusted 
content
+khtml   khtml has no security support upstream, only for use on 
trusted content, see #1004293
 mozjs68 Not covered by security support, only suitable for trusted 
content, see #959804
 mozjs78 Not covered by security support, only suitable for trusted 
content, see #959804
 ocsinventory-server Only supported behind an authenticated HTTP zone
+openjdk-17 See 
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#openjdk-17
 python2.7   Only included for building packages, not running them, #975058
 python-stdlib-extensions Only included for building packages, not running 
them, #975058
 qtwebengine-opensource-src No security support upstream and backports not 
feasible, only for use on trusted content
 qtwebkitNo security support upstream and backports not feasible, only 
for use on trusted content
 qtwebkit-opensource-src No security support upstream and backports not 
feasible, only for use on trusted content
 sql-ledger  Only supported behind an authenticated HTTP zone
-swftoolsNot covered by security support, only suitable for trusted 
content
-webkitgtk   No security support upstream and backports not feasible, only 
for use on trusted content
 zoneminder  See README.Debian.security, only supported behind an 
authenticated HTTP zone, #922724

Thanks for all your SRM work!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The system isn't broken. It was built this way.


signature.asc
Description: PGP signature

Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23

2022-08-19 Thread Holger Levsen

On Thu, Aug 18, 2022 at 09:29:15PM +0100, Adam D. Barratt wrote:
> On Mon, 2022-08-15 at 13:50 +0200, Holger Levsen wrote:
> > I'd like to introduce an epoch to debian-security-support in buster,
> > as used everywhere else since stretch-security (as demanded in
> > #988321)
[...]
> > As such, I'd like to use 1:10+2022.08.23 as the version and *not*
> > 1:10+2022.08.23~deb10u2.
> So long as the resulting version strings sort correctly, that seems OK.

it does. thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Make earth cool again.


signature.asc
Description: PGP signature

Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23

2022-08-15 Thread Holger Levsen

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

hi,

I'd like to introduce an epoch to debian-security-support in buster, as
used everywhere else since stretch-security (as demanded in #988321)

 debian-security-support | 2020.06.21~deb9u1  | stretch  | source, all
 debian-security-support | 1:9+2022.06.02 | stretch-security | source, all
 debian-security-support | 2020.06.21~deb10u1 | buster   | source, all
 debian-security-support | 1:11+2021.03.19| bullseye | source, all
 debian-security-support | 1:12+2022.08.06| bookworm | source, all
 debian-security-support | 1:12+2022.08.12| sid  | source, all

As such, I'd like to use 1:10+2022.08.23 as the version and *not*
1:10+2022.08.23~deb10u2.

(modulo the fact that the date in the version string might change. the above
reflects my current planned date for the upload.)

Do you agree that 1:10+2022.08.23 should/can be used here?

The planned debdiff is trivial:

$ git diff 2020.06.21_deb10u1..buster|diffstat
 debian/changelog |7 +++
 security-support-ended.deb10 |8 +++-
 2 files changed, 14 insertions(+), 1 deletion(-)

I'll update this bug with the actual debdiff when appropriate. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

You cannot ban abortion. You can only ban safe abortions.


signature.asc
Description: PGP signature

Bug#1014659: logrotate: error: state file /var/lib/logrotate/status is world-readable

2022-07-09 Thread Holger Levsen

Package: logrotate
Version: 3.18.0-2+deb11u1
Severity: normal
X-Debbugs-Cc: debian-release@lists.debian.org
affects: release.debian.org

Dear Maintainer,

after the bullseye 11.4 point release I started to see the following mails
from logcheck:

Jul 10 00:00:24 mainframe logrotate[37314]: error: state file 
/var/lib/logrotate/status is world-readable and thus can be locked from other 
unprivileged users. Skipping lock acquisition...

I suspect the severity of this bug should be higher, but I will leave this to
you.

Thanks for maintaining logrotate!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

So what CAN we actually do? Well, individual decisions (eating less meat,
taking public transport, buying less fast fashion) are all important, but we
also need to change the system. As you may know, just 100 companies are
responsible for 71% of global emissions. (@JessicaTheLaw)
https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change


signature.asc
Description: PGP signature

Re: #975016 - OpenJDK 17 support state for Bullseye

2022-02-03 Thread Holger Levsen

hi,

almost exactly a year ago...

On Sun, Feb 07, 2021 at 11:59:23AM +0100, Matthias Klose wrote:
> So I'm going with option 1, preparing for an openjdk-17 in bullseye, and
> preparing release notes and notes for security support.  This is more
> conservative than option 2, but allows to do better than the commitment made.
> 
> The option also has the advantage that approval is only needed by the security
> team.  openjdk-17 already is in testing.  granting unblock requests for new
> snapshot builds by the release team would be appreciated, but isn't strictly
> necessary as long as we can build newer snapshots. And that can be checked in
> unstable.

so, as I see it, openjdk-17 is in bullseye and now I'm wondering what
I should do with  #975016 titled "OpenJDK 17 support state for Bullseye"
and filed against src:debian-security-support, as openjdk-17 seems to be
supported and src:debian-security-support's purpose is to documented what's
unsupported.

so, should I just close this bug?

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

A ship is always safe at shore, but that is not what it's built for.
(Albert Einstein)

signature.asc
Description: PGP signature

Re: Propose update of Telegram Desktop in Bullseye

2021-12-04 Thread Holger Levsen

Hi Nicholas,

On Sat, Dec 04, 2021 at 01:16:32PM +0300, Nicholas Guriev wrote:
> In this email, I would like to discuss the situation with updates of the
> telegram-desktop package in stable releases.

please don't do this. As in: please use a bug to have this discussion.

running 'reportbug release.debian.org' and then choosing 'bullseye proposed
updates requests' will make sure the right meta data is set for the bug, so
the stable release team will this request when they deal with these kinds of
request.

debian-release@lists.debian.org has too much traffic to deal with such kind
of requests without properly filed bugs.

HTH and thank you for maintaining telegram-desktop!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"I know what you're thinking" used to be an idiom but now it's a business model.

signature.asc
Description: PGP signature

Bug#1000811: bullseye-pu: package debian-edu-doc/2.11.26+deb11u1

2021-12-03 Thread Holger Levsen

On Mon, Nov 29, 2021 at 01:38:19PM +0100, Wolfgang Schweer wrote:
> Holger Levsen will do the upload.

this has been done now.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

:wq


signature.asc
Description: PGP signature

Bug#1000511: bullseye-pu: package debian-edu-config/2.11.56+deb11u2

2021-12-02 Thread Holger Levsen

tags 1000511 - moreinfo
fixed 995610 2.12.5 
thanks

On Tue, Nov 30, 2021 at 11:21:56PM +0100, Wolfgang Schweer wrote:
> > The metadata for the first bug implies that it affects unstable and is
> > not yet fixed there. Could you please confirm the status?
> Yes, the bug is also fixed in unstable, please see the first changelog entry:
> https://tracker.debian.org/news/1266906/accepted-debian-edu-config-2125-source-into-unstable/

that changelog entry misses the Closes: statement, thus Adams observation
was correct, though I've now fixed the metadata, after confirming that

 df44fe85e (in the bullseye branch)
 411b5a4bf (in the master branch)

are identical except for that missing Closes: statement. I'll not do further
git archeology to investigate how that happened :)

long story short: #995610 has been fixed in sid since Oct 13th 2021.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

&fff


signature.asc
Description: PGP signature

Bug#1000511: bullseye-pu: package debian-edu-config/2.11.56+deb11u2

2021-11-28 Thread Holger Levsen

On Wed, Nov 24, 2021 at 01:29:50PM +0100, Wolfgang Schweer wrote:
> The package will be uploaded soonish by Holger Levsen.

I've done this now.



-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The greatest danger in times of turbulence is not the turbulence;
it is to act with yesterdays logic. (Peter Drucker)


signature.asc
Description: PGP signature

Bug#995341: Highly inappropriate behavior which the RT should be aware of

2021-10-03 Thread Holger Levsen

On Fri, Oct 01, 2021 at 11:48:48AM +0200, Diederik de Haas wrote:
> I want to make sure that you're aware of what I consider HIGHLY inappropriate 
> behavior by Chuck where he is trying to sidestep/override the Xen maintainers 
> by filing this bug directly to the release.debian.org pseudo package.

why don't you give Chuck more slack and assume he filed this bug the way he did
with the best intentions? really.

and even if that would be wrong, treating it this way would not be wrong. :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Fischers Fritz fischt Plastik.


signature.asc
Description: PGP signature

Bug#994627: bullseye-pu: package debian-edu-config/2.11.56+deb11u1

2021-09-28 Thread Holger Levsen

On Sun, Sep 19, 2021 at 12:16:28AM +0200, Wolfgang Schweer wrote:
> [ Other info ]
> Holger Levsen will upload the package in case of approval.

Given a certain three year old^wnew policy I've went ahead and uploaded this 
now.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The upcoming clima apocalypse is the big elephant in every room now.


signature.asc
Description: PGP signature

Re: BUG: "bookworm" netboot image still references "bullseye" release

2021-08-31 Thread Holger Levsen

hi,

On Tue, Aug 31, 2021 at 10:29:04PM +0200, Paul Gevers wrote:
> On 31-08-2021 22:10, Christoph Sarnowski wrote:
> > Thanks for your reply! I will give it a little more time, then use
> > "reportbug debian-installer" to report it. I wasn't sure if reporting on
> > the netboot image should go that way, as it is not part of an
> > installable debian package.
> 
> Sorry, you're right. I should probably go to
> debian-installer-netboot-images (aka dini or d-i-n-i).

no, netboot.tar.gz is not part of any d-i-n-i.deb.

I'm not sure what creates
https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz
but I cc:ed kibi who very probably knows.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Plastic bottles: made to last forever, designed to throw away.


signature.asc
Description: PGP signature

Bug#991852: unblock: debian-edu-doc/2.11.26

2021-08-03 Thread Holger Levsen

On Tue, Aug 03, 2021 at 02:50:27PM +0300, Adrian Bunk wrote:
> Please unblock package debian-edu-doc
[...]
> unblock debian-edu-doc/2.11.26

thanks for filing this unblock request, Adrian!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"A developed country is not a place where the poor have cars. It's where the
rich use public transportation." (quote attributed to several people)

signature.asc
Description: PGP signature

Bug#991535: marked as done (unblock: developers-reference/11.0.21)

2021-07-27 Thread Holger Levsen

Hi Paul,

On Tue, Jul 27, 2021 at 02:03:02PM +, Debian Bug Tracking System wrote:
> On 27-07-2021 03:17, Holger Levsen wrote:
> > Please unblock package developers-reference 11.0.21, which is a 
> > documentation
> > and translation only update:
> Unblocked.

thank you.

> However, next time I'd love to see less strings becoming fuzzy for only
> a buster -> bullseye, stretch -> buster update. It's not going to be
> time well spent for translators to only find such renames. Also, it will
> mean some untranslated (because fuzzy) strings that are not really
> needed in my opinion (IIUC).

while I agree I'm also guilty of not unfuzzying the strings, mostly due to
unhappyness about having lost a working translation workflow and because of
the translations being out of date already anyway...

fwiw, here's what I said about this on #-policy yesterday:

< h01ger> how do you call for translations? do you?
< h01ger> (of policy.md :)
< h01ger> asking because of dev-ref..
< someone> | h01ger: we did in a bits from the policy team at one point
< someone> iirc
< h01ger> so, just by writing a mail "please help translating" ? 
< h01ger> or could you communicate translation stati etc like this
< h01ger> "german translation status is 67%, french t status is 77%" etc
< someone> that sounds useful :)
< someone> we have no translations to report on..
< h01ger> ah!
< h01ger> in the past there was one xml file and thus one pot file for 
translations
< h01ger> now we have several md files for the source and thus several pot 
files to translate
< h01ger> thus they need to be concatted and then the overall language status 
needs to be calculated
< h01ger> to write a mail saying 'please translate  the remaining 3% of strings 
to german and the remaining 23% to french" or whatever 
< someone> that does sound like a useful way to encourage people
< someone> including the remaining percentages, I mean
< h01ger> https://lists.debian.org/debian-edu/2021/07/msg0.html
< h01ger> https://lists.debian.org/debian-edu/2021/07/msg2.html
< h01ger> :)
< h01ger> (for bullseye) every other week, automatically.
< someone> very cool
< h01ger> for d-edu-doc also weblate is involved, which does attract some 
people...
< h01ger> and yes, i want something similar for dev-ref.. will share once its 
there! :)
< h01ger> might take 2 years or so, help much welcome, MR even more so :)
< h01ger> could also be a gsoc project, happy to mentor

> Paul, who sometimes refrains from making minor improvements in
> release-notes (at this stage) unless he can fix it in the translations too.

I've decided for an up2date english src:dev-ref for bullseye, shipped in 
bullseye,
and for future updated and better translated src:dev-ref there's unstable and
bookworm :)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Nach wieviel Einzelfällen wird ein Einzelfall zum Normalfall?
(Jan Böhmermann)

signature.asc
Description: PGP signature

Bug#991535: unblock: developers-reference/11.0.21

2021-07-26 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package developers-reference 11.0.21, which is a documentation
and translation only update:

developers-reference (11.0.21) unstable; urgency=medium

  * best-pkging-practices: replace 'atter' with 'other', with thanks to
Jeremy Bicha. Closes: #991291
  * pkgs: update releases used in examples for the time when bullseye is
stable.
  * resources: update 'dak ls evince' example output.
  * Update all .po files for changed strings in the English original.

 -- Holger Levsen   Tue, 20 Jul 2021 15:20:35 +0200

debdiff developers-reference_11.0.20.dsc developers-reference_11.0.21.dsc 
|diffstat
 debian/changelog   |   17 -
 source/best-pkging-practices.rst   |2 
 source/locales/de/LC_MESSAGES/best-pkging-practices.po |5 -
 source/locales/de/LC_MESSAGES/pkgs.po  |   14 ++--
 source/locales/fr/LC_MESSAGES/best-pkging-practices.po |   57 -
 source/locales/fr/LC_MESSAGES/pkgs.po  |   14 ++--
 source/locales/it/LC_MESSAGES/best-pkging-practices.po |   15 +++-
 source/locales/it/LC_MESSAGES/pkgs.po  |   34 --
 source/locales/ja/LC_MESSAGES/best-pkging-practices.po |   15 +++-
 source/locales/ja/LC_MESSAGES/pkgs.po  |   34 --
 source/locales/ru/LC_MESSAGES/best-pkging-practices.po |   15 +++-
 source/locales/ru/LC_MESSAGES/pkgs.po  |   34 --
 source/pkgs.rst|4 -
 source/resources.rst   |   16 ++--
 14 files changed, 198 insertions(+), 78 deletions(-)

The full debdiff is attached.

unblock developers-reference/11.0.21

Thanks for your work on bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Bottled water companies don't produce water, they produce plastic bottles.
diff -Nru developers-reference-11.0.20/debian/changelog developers-reference-11.0.21/debian/changelog
--- developers-reference-11.0.20/debian/changelog	2021-06-18 23:50:52.0 +0200
+++ developers-reference-11.0.21/debian/changelog	2021-07-20 15:20:35.0 +0200
@@ -1,12 +1,23 @@
+developers-reference (11.0.21) unstable; urgency=medium
+
+  * best-pkging-practices: replace 'atter' with 'other', with thanks to
+Jeremy Bicha. Closes: #991291
+  * pkgs: update releases used in examples for the time when bullseye is
+stable.
+  * resources: update 'dak ls evince' example output.
+  * Update all .po files for changed strings in the English original.
+
+ -- Holger Levsen   Tue, 20 Jul 2021 15:20:35 +0200
+
 developers-reference (11.0.20) unstable; urgency=medium
 
   [ Judit Foglszinger ]
-  * removing freenode and moving reference to cloaks to Debian wiki.
-Closes: 990054.
+  * ressources: Remove freenode and move reference to cloaks to Debian wiki.
+Closes: #990054.
 
   [ Holger Levsen ]
   * Update all .po files for changed strings in the English original.
-  * fix typo in previous d/changelog entry
+  * Fix typo in previous d/changelog entry.
 
  -- Holger Levsen   Fri, 18 Jun 2021 23:50:52 +0200
 
diff -Nru developers-reference-11.0.20/source/best-pkging-practices.rst developers-reference-11.0.21/source/best-pkging-practices.rst
--- developers-reference-11.0.20/source/best-pkging-practices.rst	2021-01-17 22:22:11.0 +0100
+++ developers-reference-11.0.21/source/best-pkging-practices.rst	2021-07-20 14:58:54.0 +0200
@@ -1466,7 +1466,7 @@
point).
 
 4. **may** use *packagename*\ ``-``\ *upstream-version*\ ``+dfsg``
-   (or any atter suffix which is added to the tarball name) as
+   (or any other suffix which is added to the tarball name) as
the name of the top-level directory in its tarball. This makes it
possible to distinguish pristine tarballs from repackaged ones.
 
diff -Nru developers-reference-11.0.20/source/locales/de/LC_MESSAGES/best-pkging-practices.po developers-reference-11.0.21/source/locales/de/LC_MESSAGES/best-pkging-practices.po
--- developers-reference-11.0.20/source/locales/de/LC_MESSAGES/best-pkging-practices.po	2021-01-17 23:28:02.0 +0100
+++ developers-reference-11.0.21/source/locales/de/LC_MESSAGES/best-pkging-practices.po	2021-07-20 15:01:41.0 +0200
@@ -3,7 +3,7 @@
 msgstr ""
 "Project-Id-Version:  developers-reference\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-01-17 22:27+\n"
+"POT-Creation-Date: 2021-07-20 13:01+\n"
 "PO-Revision-Date: 2020-03-02 19:51+0100\n"
 "Last-Translator: Carsten Schoenert \n"
 "Language: de\n"
@@ -2760,9 +2760,10 @@
 "Originaldistribution zu suchen)."
 
 #

Bug#991318: unblock: munin/2.0.67-2

2021-07-20 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package munin 2.0.67-2 as it fixes a serious bug with a oneline 
fix:

$ debdiff munin_2.0.67-1.dsc munin_2.0.67-2.dsc
diff -Nru munin-2.0.67/debian/changelog munin-2.0.67/debian/changelog
--- munin-2.0.67/debian/changelog   2021-02-26 13:24:19.0 +0100
+++ munin-2.0.67/debian/changelog   2021-07-20 14:40:08.0 +0200
@@ -1,3 +1,11 @@
+munin (2.0.67-2) unstable; urgency=medium
+
+  [ Kentaro Hayashi ]
+  * debian/munin-node.service: ensure /run/munin directory exists.
+Closes: #990371.
+
+ -- Holger Levsen   Tue, 20 Jul 2021 14:40:08 +0200
+
 munin (2.0.67-1) unstable; urgency=medium
 
   [ Holger Levsen ]
diff -Nru munin-2.0.67/debian/munin-node.service 
munin-2.0.67/debian/munin-node.service
--- munin-2.0.67/debian/munin-node.service  2021-01-17 23:34:32.0 
+0100
+++ munin-2.0.67/debian/munin-node.service  2021-07-20 14:39:29.0 
+0200
@@ -7,6 +7,7 @@
 EnvironmentFile=-/etc/default/munin-node
 Type=notify
 Restart=always
+RuntimeDirectory=munin
 ExecStart=/usr/sbin/munin-node --foreground $DAEMON_ARGS
 PIDFile=/run/munin/munin-node.pid
 # Plugins like "smart_" require access to devices


I've uploaded it and just saw the source package appear in unstable, though it
hasn't been built yet.

unblock munin/2.0.67-2

Thanks for your work on bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

No future.


signature.asc
Description: PGP signature

Bug#991285: unblock: strip-nondeterminism/1.12-0.1

2021-07-19 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
x-debbugs-cc: reproducible-bui...@lists.alioth.debian.org

Hi,

I'm wondering whether it makes sense to unblock strip-nondeterminism 1.12.0-1,
which has been uploaded on 2021-05-07 and which since then (or rather shortly 
after)
has been used on the buildds when building packages. There haven't been any bugs
filed since the upload and the changes are pretty small:

strip-nondeterminism (1.12.0-1) unstable; urgency=medium

  [ Chris Lamb ]
  * Support normalising Python "pyzip" files -- ie. zip-compressed .py files
with a regular Python shebang. (Closes: 
reproducible-builds/strip-nondeterminism#18)
  * Drop single-debian-patch, etc.

  [ Bernhard M. Wiedemann ]
  * Move exception handling closer to call using perl's "//" operator.

The debdiffstat is:

 debdiff strip-nondeterminism_1.11.0-1.dsc 
strip-nondeterminism_1.12.0-1.dsc|diffstat
 debian/changelog   |   12 ++
 debian/source/options  |1 
 debian/source/patch-header |   17 
 lib/File/StripNondeterminism.pm|   11 ++
 lib/File/StripNondeterminism/handlers/pyzip.pm |  106 +
 5 files changed, 128 insertions(+), 19 deletions(-)

and the full debdiff is attached.

Rather obviously this more or less against the freeze guidelines but given the
fact that it's been used in many bullseye builds during the freeze I thought
I'd ask.
And I decided to ask via a bug report. Feel free to close or unblock :)

(And before you ask: I don't really know why I didn't file this unblock request
earlier. I guess it's because the change is not soo relevant but then I somehow
continued to be bothered by the fact that bullseye is build with packages from
out of bullseye and so I finally decided to ask anyway.)

unblock strip-nondeterminism/1.12-0.1

and thank you for releasing bullseye and dealing with requests like these! ;)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

"A developed country is not a place where the poor have cars. It's where the
rich use public transportation." (quote attributed to several people)
diff -Nru strip-nondeterminism-1.11.0/debian/changelog strip-nondeterminism-1.12.0/debian/changelog
--- strip-nondeterminism-1.11.0/debian/changelog	2021-02-05 13:04:06.0 +0100
+++ strip-nondeterminism-1.12.0/debian/changelog	2021-05-07 13:36:57.0 +0200
@@ -1,3 +1,15 @@
+strip-nondeterminism (1.12.0-1) unstable; urgency=medium
+
+  [ Chris Lamb ]
+  * Support normalising Python "pyzip" files -- ie. zip-compressed .py files
+with a regular Python shebang. (Closes: reproducible-builds/strip-nondeterminism#18)
+  * Drop single-debian-patch, etc.
+
+  [ Bernhard M. Wiedemann ]
+  * Move exception handling closer to call using perl's "//" operator.
+
+ -- Chris Lamb   Fri, 07 May 2021 12:36:57 +0100
+
 strip-nondeterminism (1.11.0-1) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru strip-nondeterminism-1.11.0/debian/source/options strip-nondeterminism-1.12.0/debian/source/options
--- strip-nondeterminism-1.11.0/debian/source/options	2021-02-05 13:04:06.0 +0100
+++ strip-nondeterminism-1.12.0/debian/source/options	1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-single-debian-patch
diff -Nru strip-nondeterminism-1.11.0/debian/source/patch-header strip-nondeterminism-1.12.0/debian/source/patch-header
--- strip-nondeterminism-1.11.0/debian/source/patch-header	2021-02-05 13:04:06.0 +0100
+++ strip-nondeterminism-1.12.0/debian/source/patch-header	1970-01-01 01:00:00.0 +0100
@@ -1,17 +0,0 @@
-Subject: Collected Debian patches for strip-nondeterminism
-Author: Andrew Ayer 
-
-Since I am also upstream for this package, there will normally not be
-any patches to apply to the upstream source.  However, occasionally
-I'll pull up specific upstream commits prior to making an upstream
-release.  When this happens, this patch will collect all of those
-modifications.
-
-I use Git to maintain both the upstream source and the Debian
-packages, and generating individual patches rather than using git
-cherry-pick takes extra work for no gain.  Since I'm also upstream,
-there's no need to separate the patches for later upstream submission.
-Hence, I take this approach with a unified patch when it's necessary.
-
-For full commit history and separated commits, see the upstream Git
-repository.
diff -Nru strip-nondeterminism-1.11.0/lib/File/StripNondeterminism/handlers/pyzip.pm strip-nondeterminism-1.12.0/lib/File/StripNondeterminism/handlers/pyzip.pm
--- strip-nondeterminism-1.11.0/lib/File/StripNondeterminism/handlers/pyzip.pm	1970-01-01 01:00:00.0 +0100
+++ strip-nondeterminism-1.12.0/lib/File/StripNondeterminism/handlers/pyzip.pm	2021-05-07 13:35:16.0 +0200
@@ -0,0 +1,106 @@

Re: youtube-dl: needs version update to 2021.05.16 to continue working with youtube

2021-07-05 Thread Holger Levsen

Hi Andreas,

[diclaimer: i'm not a release team member.]

On Fri, Jul 02, 2021 at 05:31:48AM +0200, Andreas Tille wrote:
> Hi release team,
[...]
> I do not want to do an upload to unstable without your agreement and I
> hope you can come up with some good advise what to do.
[...]

a.) since about 10 years or so the release team asks for bugs to be filed for 
such
requests, as debian-release is a too busy mailing list so things are likely to
fall under the carpet if not.

b.) if *you* think the changes are suitable for bullseye, you can upload to 
unstable.

c.) if you are unsure, you can always upload to experimental.

d.) if no diff is provided, either here in a bug or via an upload, how should 
the
release team evaluate your request? So, please either upload or attach the diff
here^win a bug against release.debian.org which is yet to be filed.

> PS: Please be so kind to CC me in your replies.

done.

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

In Europe there are people prosecuted by courts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.

signature.asc
Description: PGP signature

Bug#990171: unblock: apparmor-profiles-extra/1.34

2021-06-22 Thread Holger Levsen

On Tue, Jun 22, 2021 at 09:57:02AM +0800, Paul Wise wrote:
> [ Reason ]
> The autoremoval will be before the fix for RC bug #989193 migrates.

(I dont think so, but that's beside my point here.)
 
> [ Impact ]
> The package will not be available in the bullseye release and so
> various apps will not have AppArmor security restrictions.

I'm wondering whether apparmor-profiles-extra should be a key package, after
all apparmor is installed by default these days...


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The system isn't broken. It was built this way.


signature.asc
Description: PGP signature

Bug#990142: unblock: debian-edu/2.11.37

2021-06-21 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu bringing a rather trival improvement to Debian
Edu, which I'd still consider worthwhile having. The potential (bad) impact is
low and definitly limited to Debian Edu...

The full diff:

$ debdiff debian-edu_2.11.36.dsc debian-edu_2.11.37.dsc
diff -Nru debian-edu-2.11.36/debian/changelog 
debian-edu-2.11.37/debian/changelog
--- debian-edu-2.11.36/debian/changelog 2021-03-28 12:35:03.0 +0200
+++ debian-edu-2.11.37/debian/changelog 2021-06-09 23:14:40.0 +0200
@@ -1,3 +1,11 @@
+debian-edu (2.11.37) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * tasks/common: Recommend plocate as preferred locate. (Closes: #989518)
+Thanks to Paul Wise for informing us.
+
+ -- Holger Levsen   Wed, 09 Jun 2021 23:14:40 +0200
+
 debian-edu (2.11.36) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-2.11.36/debian/control debian-edu-2.11.37/debian/control
--- debian-edu-2.11.36/debian/control   2021-03-28 12:34:58.0 +0200
+++ debian-edu-2.11.37/debian/control   2021-06-09 23:14:40.0 +0200
@@ -116,7 +116,6 @@
 lsscsi,
 mc,
 memtest86+,
-mlocate,
 mtools,
 mtr-tiny | mtr,
 ncftp,
@@ -124,6 +123,7 @@
 nullidentd | ident-server,
 openbsd-inetd,
 pciutils,
+plocate | mlocate,
 procinfo,
 procmail,
 psmisc,
diff -Nru debian-edu-2.11.36/tasks/common debian-edu-2.11.37/tasks/common
--- debian-edu-2.11.36/tasks/common 2021-02-07 11:47:11.0 +0100
+++ debian-edu-2.11.37/tasks/common 2021-06-09 18:04:22.0 +0200
@@ -35,7 +35,7 @@
  lsscsi,
  sysfsutils,
  etherwake,
- mlocate,
+ plocate | mlocate,
 
 Recommends:
  iputils-arping | arping,


unblock debian-edu/2.11.37

Thanks for your work on bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Not everything was bad during capitalism.


signature.asc
Description: PGP signature

Bug#990139: unblock: debian-edu-config/2.11.56

2021-06-21 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-config 2.11.56 containing three small and 
targeded fixes
for three bugs concerning Debian Edu only, thus with no impact outside Debian 
Edu.

The diff is:

$ debdiff debian-edu-config_2.11.55.dsc debian-edu-config_2.11.56.dsc|diffstat
 cf3/cf.exim   |6 +++
 debian/changelog  |   24 ++
 sbin/debian-edu-ltsp-install  |7 ++--
 share/debian-edu-config/isc-dhcp-server.service   |2 -
 share/debian-edu-config/isc-dhcp-server.service.eth1_only |2 -
 5 files changed, 36 insertions(+), 5 deletions(-)
$ debdiff debian-edu-config_2.11.55.dsc debian-edu-config_2.11.56.dsc
diff -Nru debian-edu-config-2.11.55/debian/changelog 
debian-edu-config-2.11.56/debian/changelog
--- debian-edu-config-2.11.55/debian/changelog  2021-04-29 15:27:17.0 
+0200
+++ debian-edu-config-2.11.56/debian/changelog  2021-06-05 00:06:13.0 
+0200
@@ -1,3 +1,27 @@
+debian-edu-config (2.11.56) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Adjust workaround for isc-dhcp-server-ldap bug #971275. (Closes: #989340)
+- share/debian-edu-config/isc-dhcp-server.{service,service.eth1_only}:
+  Use ExecStartPre command inspired by the isc-dhcp-server init script
+  instead of a sleep command.
+  * Adjust Exim configuration on client systems. (Closes: #989338)
+- cf3/cf.exim:
+  Use exim-ldap-client-v4.conf file as exim4.conf on client machines 
instead
+  of preseeded configuration. This way sending system emails to the main
+  server is working again after the exim4 4.94 changes.
+  * Adjust sbin/debian-edu-ltsp-install. (Closes: #989342)
+- Drop line containing the cp command (/var/cache/apt doesn't contain .bin
+  files in all use cases and the benefit is minimal if they exist; also, 
the
+  pkgcache.bin and srcpkgcache.bin files might contain outdated data).
+- Use the BD ISO image to setup X2Go thin client support only if the script
+  is run inside the Debian Installer environment. There are too many ways
+  to install a combined server (with or without Internet connection, with
+  or without adjusting the sources list, with or without running apt 
update)
+  to cover all these cases.
+
+ -- Holger Levsen   Sat, 05 Jun 2021 00:06:13 +0200
+
 debian-edu-config (2.11.55) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-config-2.11.55/cf3/cf.exim 
debian-edu-config-2.11.56/cf3/cf.exim
--- debian-edu-config-2.11.55/cf3/cf.exim   2019-02-15 11:58:02.0 
+0100
+++ debian-edu-config-2.11.56/cf3/cf.exim   2021-06-02 14:00:53.0 
+0200
@@ -10,6 +10,12 @@
   move_obstructions => "true";
 "/etc/default/exim4"
   edit_line => exim_default;
+
+  debian.!server.(workstation|minimal).installation::
+
+"/etc/exim4/exim4.conf"
+  link_from => ln_s("/etc/exim4/exim-ldap-client-v4.conf"),
+  move_obstructions => "true";
 }
 
 bundle edit_line exim_default
diff -Nru debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install 
debian-edu-config-2.11.56/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install  2021-04-26 
23:38:21.0 +0200
+++ debian-edu-config-2.11.56/sbin/debian-edu-ltsp-install  2021-06-02 
23:20:03.0 +0200
@@ -341,8 +341,10 @@
 show=false
 EOF
 
-# Specific settings needed if BD ISO image is used for installation.
-if grep -q BD /etc/apt/sources.list ; then
+# Specific settings needed if BD ISO image is used for installation inside d-i.
+# First part of next condition: Looking for file created by base-installer and
+# removed at the end of the d-i run.
+if [ -e /etc/apt/apt.conf.d/00IgnoreTimeConflict ] && grep -q BD 
/etc/apt/sources.list ; then
BD_ISO="true";
device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)"
mirror="file:///media/cdrom/"
@@ -365,7 +367,6 @@
if [ "true" == "$BD_ISO" ] ; then
mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
mount $device /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
-   cp /var/cache/apt/*.bin 
/srv/ltsp/thin/"$thin_type"-"$arch"/var/cache/apt/
echo "deb [trusted=yes] $mirror $dist main" > 
/srv/ltsp/thin/"$thin_type"-"$arch"/etc/apt/sources.list
fi
chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt -y -qq install 
education-thin-client p910nd
diff -Nru 
debian-edu-config-2.11.55/share/debian-edu-config/isc-dhcp-server.service 
debian-edu-config-2.11.56/share/debian-e

Bug#989865: unblock: debian-installer-netboot-images/20210606+fixed1

2021-06-14 Thread Holger Levsen

On Tue, Jun 15, 2021 at 12:16:03AM +0200, Holger Levsen wrote:
> A full diff is attached.

a classic, now!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

We are done with ‘world leaders’. Countries are on fire. Cities are drowning.
People are dying. This is what scientists and activists have been warning the
world and politicians about. It’s here. We ARE facing the impacts of the
climate crisis. Forget about the future, it’s now.
fridays for future - https://nitter.net/fff_digital/status/1304520941012242432
diff -Nru debian-installer-netboot-images-20210415/debian/changelog debian-installer-netboot-images-20210606+fixed1/debian/changelog
--- debian-installer-netboot-images-20210415/debian/changelog	2021-04-15 13:23:35.0 +0200
+++ debian-installer-netboot-images-20210606+fixed1/debian/changelog	2021-06-10 06:50:59.0 +0200
@@ -1,3 +1,23 @@
+debian-installer-netboot-images (20210606+fixed1) unstable; urgency=medium
+
+  * Fix regression introduced while fixing error reporting in the previous
+upload (oh, the irony), fixing the FTBFS.
+  * Strip +fixed.* suffix when setting VERSION in debian/rules, to cope
+with this follow-up upload for the same D-I version (20210606).
+
+ -- Cyril Brulebois   Thu, 10 Jun 2021 06:50:59 +0200
+
+debian-installer-netboot-images (20210606) unstable; urgency=medium
+
+  * Update for D-I Bullseye RC 2.
+  * Fix error reporting when no fallback suite is defined: exit
+immediately instead of building empty packages.
+  * Drop unused shared-lib-without-dependency-information lintian
+overrides.
+  * Add myself to Uploaders.
+
+ -- Cyril Brulebois   Mon, 07 Jun 2021 17:47:04 +0200
+
 debian-installer-netboot-images (20210415) unstable; urgency=medium
 
   * Team upload.
diff -Nru debian-installer-netboot-images-20210415/debian/control debian-installer-netboot-images-20210606+fixed1/debian/control
--- debian-installer-netboot-images-20210415/debian/control	2021-04-15 13:22:35.0 +0200
+++ debian-installer-netboot-images-20210606+fixed1/debian/control	2021-06-07 17:46:51.0 +0200
@@ -8,7 +8,7 @@
 Section: misc
 Priority: optional
 Maintainer: Debian Install System Team 
-Uploaders: Didier Raboud 
+Uploaders: Didier Raboud , Cyril Brulebois 
 Build-Depends: debhelper-compat (= 13),
  wget,
  debian-archive-keyring,
diff -Nru debian-installer-netboot-images-20210415/debian/control.in debian-installer-netboot-images-20210606+fixed1/debian/control.in
--- debian-installer-netboot-images-20210415/debian/control.in	2021-04-15 13:22:35.0 +0200
+++ debian-installer-netboot-images-20210606+fixed1/debian/control.in	2021-06-07 17:45:11.0 +0200
@@ -2,7 +2,7 @@
 Section: misc
 Priority: optional
 Maintainer: Debian Install System Team 
-Uploaders: Didier Raboud 
+Uploaders: Didier Raboud , Cyril Brulebois 
 Build-Depends: debhelper-compat (= 13),
  wget,
  debian-archive-keyring,
diff -Nru debian-installer-netboot-images-20210415/debian/lintian-overrides.in debian-installer-netboot-images-20210606+fixed1/debian/lintian-overrides.in
--- debian-installer-netboot-images-20210415/debian/lintian-overrides.in	2021-02-15 18:47:48.0 +0100
+++ debian-installer-netboot-images-20210606+fixed1/debian/lintian-overrides.in	2021-06-07 17:31:06.0 +0200
@@ -3,7 +3,6 @@
 debian-installer-##IDENTIFIER##: statically-linked-binary
 debian-installer-##IDENTIFIER##: unstripped-binary-or-object
 debian-installer-##IDENTIFIER##: embedded-library
-debian-installer-##IDENTIFIER##: shared-lib-without-dependency-information
 debian-installer-##IDENTIFIER##: library-not-linked-against-libc
 debian-installer-##IDENTIFIER##: shlib-with-executable-stack
 debian-installer-##IDENTIFIER##: missing-depends-line
diff -Nru debian-installer-netboot-images-20210415/debian/rules debian-installer-netboot-images-20210606+fixed1/debian/rules
--- debian-installer-netboot-images-20210415/debian/rules	2021-02-15 18:59:29.0 +0100
+++ debian-installer-netboot-images-20210606+fixed1/debian/rules	2021-06-10 06:50:56.0 +0200
@@ -4,7 +4,7 @@
 export DISTRIBUTION_FALLBACK?=
 export KFREEBSD_KERNEL_MAJOR?=11
 
-export VERSION?=$(shell dpkg-parsechangelog | sed -n 's/^Version: //p')
+export VERSION?=$(shell dpkg-parsechangelog | sed -n 's/^Version: //p' | sed 's/+fixed.*//')
 
 # Don't forget to recreate debian/control after editing these lines: $ debian/rules debian/control
 export MAJOR_VERSION=11
@@ -17,12 +17,17 @@
 override_dh_auto_install: $(SUPPORTED_ARCHITECTURES:%=get-images-%)
 
 get-images-%:
-	if ! ./get-images.sh $* && [ -n "$(DISTRIBUTION_FALLBACK)" ]; then\
-		echo; echo; echo; \
-		echo "Version not found in $(DISTRIBUTION), falling back to $(DISTRIBUTION_FALLBACK)"; \
-		echo; echo; echo; \
-		sleep 5; \
-		DISTRIBUTION=$(DISTRIBUTION_FALLBACK)

Bug#989865: unblock: debian-installer-netboot-images/20210606+fixed1

2021-06-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-installer-netboot-images, it includes the images
to netboot bullseye d-i RC2, it's used by the education-main-server package at
least ;)

 I'm not planning on unblocking my own upload, so reportbug is likely the 
safest bet.

debian-installer-netboot-images (20210606+fixed1) unstable; urgency=medium

  * Fix regression introduced while fixing error reporting in the previous
upload (oh, the irony), fixing the FTBFS.
  * Strip +fixed.* suffix when setting VERSION in debian/rules, to cope
with this follow-up upload for the same D-I version (20210606).

 -- Cyril Brulebois   Thu, 10 Jun 2021 06:50:59 +0200

debian-installer-netboot-images (20210606) unstable; urgency=medium

  * Update for D-I Bullseye RC 2.
  * Fix error reporting when no fallback suite is defined: exit
immediately instead of building empty packages.
  * Drop unused shared-lib-without-dependency-information lintian
overrides.
  * Add myself to Uploaders.

 -- Cyril Brulebois   Mon, 07 Jun 2021 17:47:04 +0200

$ debdiff debian-installer-netboot-images_20210415.dsc 
debian-installer-netboot-images_20210606+fixed1.dsc|diffstat
 changelog|   20 
 control  |2 +-
 control.in   |2 +-
 lintian-overrides.in |1 -
 rules|   19 ---
 5 files changed, 34 insertions(+), 10 deletions(-)

A full diff is attached.

unblock debian-installer-netboot-images/20210606+fixed1

Thanks for your work on releasing bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

In Europe there are people prosecuted by courts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.


signature.asc
Description: PGP signature

d-e-install: drop powerpc recipes

2021-06-04 Thread Holger Levsen

package: debian-edu-install
x-debbugs-cc: debian-...@lists.debian.org
version: 1.916

On Sat, Jun 05, 2021 at 12:59:51AM +0200, Holger Levsen wrote:
>  debian-edu-install (2.11.13) unstable; urgency=medium
[...]
> [auto-generated below]
[...]
>  lib/partman/recipes-powerpc-powermac_newworld/90edumain   |   15 -
>  lib/partman/recipes-powerpc-powermac_newworld/91edumain+ltsp  |   15 -
>  lib/partman/recipes-powerpc-powermac_newworld/92edumain+ws|   15 -
>  lib/partman/recipes-powerpc-powermac_newworld/94edultsp   |   15 -
>  lib/partman/recipes-powerpc-powermac_newworld/96eduwork   |   15 -
>  lib/partman/recipes-powerpc-powermac_newworld/97minimal   |   15 -
>  lib/partman/recipes-powerpc-powermac_newworld/98edustandalone |   15 -
>  lib/partman/recipes-powerpc-prep/90edumain|   15 -
>  lib/partman/recipes-powerpc-prep/91edumain+ltsp   |   15 -
>  lib/partman/recipes-powerpc-prep/92edumain+ws |   15 -
>  lib/partman/recipes-powerpc-prep/94edultsp|   15 -
>  lib/partman/recipes-powerpc-prep/96eduwork|   15 -
>  lib/partman/recipes-powerpc-prep/97minimal|   15 -
>  lib/partman/recipes-powerpc-prep/98edustandalone  |   15 -

wait, what? why do we still have powerpc recipes in Debian Edu? We dropped
powerpc support some time ago :)

(not fully sure we want this change for bullseye but then I also don't see
how it could hurt to drop those properly.)

(and in any case this shouldn't be a blocker for #989483, the current
d-e-install unblock request...)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Stop saying that we are all in the same boat.
We’re all in the same storm.
But we’re not all in the same boat.


signature.asc
Description: PGP signature

Bug#989484: unblock: debian-edu-doc/2.11.24

2021-06-04 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-doc 2.11.24, it just contains documentation
and translation updates.

 debian-edu-doc (2.11.24) unstable; urgency=medium
 .
   * Update Debian Edu Bullseye manual from the wiki.
   * Update Debian Edu Buster manual from the wiki.
 .
   [ Translation updates ]
   * Bullseye manual:
 - Portuguese: Silvério Santos
 - Portuguese (Brazil): José Vieira, Barbara Tostes, Paulo Henrique de
   Lima Santana, Fred Maranhão, Mario Gerson Miranda Magno Junior and
   Thiago Pezzo
 - Spanish: Adolfo Jayme Barrientos
   * Buster manual:
 - Portuguese (Portugal): José Vieira
 - Portuguese (Brazil): José Vieira, Barbara Tostes, Paulo Henrique de
   Lima Santana, Fred Maranhão, Mario Gerson Miranda Magno Junior and
   Thiago Pezzo
 - Spanish: Adolfo Jayme Barrientos
 .
   [ Wolfgang Schweer ]
   * documentation/debian-edu-bullseye/images/pt-pt/: Use (pt-pt) specific image
 10-Participate_in_the_package_usage_survey_1.png instead of accidentally
 added (nl) one. Thanks to Andreas Beckmann. (Closes: #988682).
 .
   [ Frans Spiesschaert ]
   * Replace ssantos with his real name (Silvério Santos) in various places.


This last change from Frans is the reason there's a change in
documentation/audacity, while the rest is in in documenation/debian-edu-b... :)

$ debdiff debian-edu-doc_2.11.23.dsc  debian-edu-doc_2.11.24.dsc | diffstat
 debian/changelog   
  |   45 
 documentation/audacity/audacity-manual.pt-pt.add   
  |2 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml  
  |   14 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po 
  |   52 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po 
  |   53 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.add
  |1 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po 
  |  400 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po 
  |   55 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po 
  |   53 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po 
  |   53 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po  
  |   53 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po 
  |   55 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po 
  |   33 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot   
  |   25 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.add 
  |   11 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-br.po  
  | 9396 ++
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.add 
  |2 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po  
  |   60 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.add
  |2 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po 
  |  150 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po 
  |   31 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po 
  |   28 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml   
  |   14 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po  
  |   52 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po  
  |   28 
 
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
 |3 
 documentation/debian-edu-buster/debian-edu-buster-manual-stripped.xml  
  |8 
 documentation/debian-edu-buster/debian-edu-buster-manual.da.po 
  |   38 
 documentation/debian-edu-buster/debian-edu-buster-manual.de.po 
  |   39 
 documentation/debian-edu-buster/debian-edu-buster-manual.es.add
  |1 
 documentation/debian-edu-buster/debian-edu-buster-manual.es.po 
  |  248 
 documentation/debian-edu-buster/debian-edu-buster-manual.fr.po 
  |   41 
 documentation/debian-edu-buster/debian-edu-buster-manual.it.po 
  |   39 
 documentation/debian-edu-buster/debian-edu-buster-manual.ja.po 
  |   39 
 documentation/debian-edu-buster/debian-edu-buster-manual.nb-no.po  
  |   53 
 documentation/debian-edu-buster/debian-edu-buster-manual.nl.po 
  |   41 
 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po 
  |   17 
 documentation/debian-edu-buster/debian-edu-buster-manual.pot   
  |   17 
 document

Bug#989483: unblock: debian-edu-install/2.11.13

2021-06-04 Thread Holger Levsen

rts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.
diff -Nru debian-edu-install-2.11.12/debian/changelog debian-edu-install-2.11.13/debian/changelog
--- debian-edu-install-2.11.12/debian/changelog	2021-04-20 15:46:08.0 +0200
+++ debian-edu-install-2.11.13/debian/changelog	2021-05-24 12:43:46.0 +0200
@@ -1,3 +1,21 @@
+debian-edu-install (2.11.13) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Add partitioning recipes to support UEFI systems. (Closes: #988396)
+Thanks to Cyril Etcheverria for detecting the bug and for providing useful
+additional information.
+- lib/partman/: Add EFI partition related configuration file
+  'recipes-amd64-efi-specific' and directory 'recipes-amd64-efi'.
+- lib/partman/common/*: Adjust common recipes concerning the /boot partition
+  to match the UEFI related change.
+  (Code for both /boot and EFI partitions taken from src:d-i/partman-auto.)
+- Generate / update recipes via running 'make update-partman-recipes'.
+- Adjust debian/debian-edu-profile-udeb.dirs and Makefile.
+  * debian-edu-profile: Adjust case statement to let the EFI recipes take effect
+during installation.
+
+ -- Holger Levsen   Mon, 24 May 2021 12:43:46 +0200
+
 debian-edu-install (2.11.12) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-install-2.11.12/debian/debian-edu-profile-udeb.dirs debian-edu-install-2.11.13/debian/debian-edu-profile-udeb.dirs
--- debian-edu-install-2.11.12/debian/debian-edu-profile-udeb.dirs	2017-03-02 20:20:10.0 +0100
+++ debian-edu-install-2.11.13/debian/debian-edu-profile-udeb.dirs	2021-05-24 12:41:43.0 +0200
@@ -7,6 +7,7 @@
 usr/lib/debian-edu-install
 usr/lib/pre-pkgsel.d
 lib/partman/recipes
+lib/partman/recipes-amd64-efi
 lib/partman/recipes-powerpc-powermac_newworld
 lib/partman/recipes-powerpc-prep
 lib/partman/not-enough-space.d
diff -Nru debian-edu-install-2.11.12/debian-edu-profile debian-edu-install-2.11.13/debian-edu-profile
--- debian-edu-install-2.11.12/debian-edu-profile	2020-01-21 18:23:14.0 +0100
+++ debian-edu-install-2.11.13/debian-edu-profile	2021-05-24 12:41:43.0 +0200
@@ -278,10 +278,14 @@
 log "Detected subarch : $subarch"
 
 case "$arch-$subarch" in
-	"i386-generic") #unset both use the default
+	"amd64-generic"|"i386-generic") #unset both use the default
 		arch=
 		subarch=
 	;;
+		"amd64-efi"|"i386-efi") #set (same recipes; src:d-i uses symlink)
+		arch=-amd64
+		subarch=-efi
+	;;
 	"powerpc-powermac_newworld") #set
 		arch=-powerpc
 		subarch=-powermac_newworld
diff -Nru debian-edu-install-2.11.12/lib/partman/common/90edumain debian-edu-install-2.11.13/lib/partman/common/90edumain
--- debian-edu-install-2.11.12/lib/partman/common/90edumain	2021-04-20 14:25:55.0 +0200
+++ debian-edu-install-2.11.13/lib/partman/common/90edumain	2021-05-24 12:41:43.0 +0200
@@ -2,14 +2,13 @@
 
 >>>ARCH SPECIFIC<<<
 
-256 5000 1024 ext4
-$primary{ }
-$bootable{ }
-method{ format }
-format{ }
-use_filesystem{ }
-filesystem{ ext4 }
-mountpoint{ /boot } .
+512 512 768 ext2
+	$defaultignore{ }
+	method{ format }
+	format{ }
+	use_filesystem{ }
+	filesystem{ ext2 }
+	mountpoint{ /boot } .
 
 256 1 1024 ext4
 	$lvmok{ }
diff -Nru debian-edu-install-2.11.12/lib/partman/common/91edumain+ltsp debian-edu-install-2.11.13/lib/partman/common/91edumain+ltsp
--- debian-edu-install-2.11.12/lib/partman/common/91edumain+ltsp	2021-04-20 14:25:55.0 +0200
+++ debian-edu-install-2.11.13/lib/partman/common/91edumain+ltsp	2021-05-24 12:41:43.0 +0200
@@ -2,14 +2,13 @@
 
 >>>ARCH SPECIFIC<<<
 
-256 5000 1024 ext4
-$primary{ }
-$bootable{ }
-method{ format }
-format{ }
-use_filesystem{ }
-filesystem{ ext4 }
-mountpoint{ /boot } .
+512 512 768 ext2
+	$defaultignore{ }
+	method{ format }
+	format{ }
+	use_filesystem{ }
+	filesystem{ ext2 }
+	mountpoint{ /boot } .
 
 640 1 1536 ext4
 	$lvmok{ }
diff -Nru debian-edu-install-2.11.12/lib/partman/common/92edumain+ws debian-edu-install-2.11.13/lib/partman/common/92edumain+ws
--- debian-edu-install-2.11.12/lib/partman/common/92edumain+ws	2021-04-20 14:25:55.0 +0200
+++ debian-edu-install-2.11.13/lib/partman/common/92edumain+ws	2021-05-24 12:41:43.0 +0200
@@ -2,14 +2,13 @@
 
 >>>ARCH SPECIFIC<<<
 
-256 5000 1024 ext4
-$primary{ }
-$bootable{ }
-method{ format }
-format{ }
-use_filesystem{ }
-filesystem{ ext4 }
-mountpoint{ /boot } .
+512 512 768 ext2
+	$defaultignore{ }
+	method{ format }
+	fo

Bug#988372: closed by Paul Gevers (Re: Bug#988372: unblock: debian-edu-config/2.11.55)

2021-05-15 Thread Holger Levsen

On Fri, May 14, 2021 at 08:06:06PM +, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the release.debian.org package:
> #988372: unblock: debian-edu-config/2.11.55
[...]
> On 11-05-2021 15:22, Holger Levsen wrote:
> > Please unblock package debian-edu-config 2.11.54.
> I assume this was a typo here. Nevertheless, unblocked.

yes, the subject was correct. Thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Bug#988372: unblock: debian-edu-config/2.11.55

2021-05-11 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-config 2.11.54. It fixes 3 important bugs
for Debian Edu and has no impact outside of Debian Edu, yet it's a key package
and thus needs an unblock. It's been in unstable for 12 days and has been
tested successfully. The diff is small and rather straughtforward too:

$ debdiff debian-edu-config_2.11.54.dsc debian-edu-config_2.11.55.dsc | diffstat
 debian/changelog|   17 
 sbin/debian-edu-ltsp-install|   33 
 share/debian-edu-config/tools/kerberos-kdc-init |8 -
 share/debian-edu-config/tools/run-at-firstboot  |   16 +++
 4 files changed, 67 insertions(+), 7 deletions(-)

The full debdiff is attached and d/changelog has these entries:

debian-edu-config (2.11.55) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Create first user's Samba account at first boot of a main server when all
required information is available via LDAP and debconf.  Closes: #987632.
- Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
  required password from debconf and let tools/run-at-firstboot create the
  Samba account.
  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
- Fix LTSP Initrd specific path component construction in case a 32-bit
  combined server is installed.
- Provide a full name for diskless workstation to show up in the iPXE menu.
- Use BD ISO image as mirror to enable complete offline installations of a
  combined server.

 -- Holger Levsen   Thu, 29 Apr 2021 15:27:17 +0200


unblock debian-edu-config/2.11.55

Thanks for your work on releasing bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If nothing saves us from death, may love at least save us from life.
diff -Nru debian-edu-config-2.11.54/debian/changelog debian-edu-config-2.11.55/debian/changelog
--- debian-edu-config-2.11.54/debian/changelog	2021-04-07 01:03:15.0 +0200
+++ debian-edu-config-2.11.55/debian/changelog	2021-04-29 15:27:17.0 +0200
@@ -1,3 +1,20 @@
+debian-edu-config (2.11.55) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Create first user's Samba account at first boot of a main server when all
+required information is available via LDAP and debconf.  Closes: #987632.
+- Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
+  required password from debconf and let tools/run-at-firstboot create the
+  Samba account.
+  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
+- Fix LTSP Initrd specific path component construction in case a 32-bit
+  combined server is installed.
+- Provide a full name for diskless workstation to show up in the iPXE menu.
+- Use BD ISO image as mirror to enable complete offline installations of a
+  combined server.
+
+ -- Holger Levsen   Thu, 29 Apr 2021 15:27:17 +0200
+
 debian-edu-config (2.11.54) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install	2021-02-07 11:27:28.0 +0100
+++ debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install	2021-04-26 23:38:21.0 +0200
@@ -17,7 +17,7 @@
 # Author/Copyright:	Wolfgang Schweer 
 # Licence:		GPL2+
 # first edited:	2019-11-21
-# last edited:	2021-02-04
+# last edited:	2021-04-26
 
 set -e
 
@@ -137,6 +137,8 @@
 
 # Provide a full menu name for x86_64.img
 IPXE_X86_64_IMG="Diskless Workstation (64-Bit)"
+# Provide a full menu name for x86_32.img
+IPXE_X86_32_IMG="Diskless Workstation (32-Bit)"
 
 # Set default boot value ##
 # Default value is x86_64 or x86_32 (arch specific, Diskless Workstation)
@@ -339,18 +341,33 @@
 show=false
 EOF
 
+# Specific settings needed if BD ISO image is used for installation.
+if grep -q BD /etc/apt/sources.list ; then
+	BD_ISO="true";
+	device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)"
+	mirror="file:///media/cdrom/"
+else
+	mirror="http://deb.debian.org/debian";
+fi
+
 # Create thin client chroot and generate image.
 export DEBIAN_FRONTEND=noninteractive
 if ! [ "" == "$thin_type" ] && [ ! -d /srv/ltsp/thin/"$thin_type"-"$arch"/etc/ltsp ] ; then
 	mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"
 	# Install common thin client packages.
-debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch" \
-	"$dist" /srv/ltsp/thin/"$thin_type"-"$arch" http://deb.debian.org/

Bug#988192: unblock: debian-cd/3.1.34

2021-05-07 Thread Holger Levsen

: Prevent custom splash images from being modified.
+The related code seems to have been useful a long time ago (the need to use
+an RLE file and to reduce the number of colours to 16 has been dropped as of
+syslinux version 3.62). So replace obsolete code with a simple cp command.
+  * debian/control: Drop Recommends: on netpbm and syslinux-utils. These are no
+longer needed now that custom splash images are used unmodified.
+
+  [ Petter Reinholdtse ]
+  * Include eatmydata deb for d-i to use offline. Closes: #986772
+
+  [ Steve McIntyre ]
+  * Shorten "ppc64el" to "p64el" in the volume ID. The bullseye d-i
+RC1 build failed as the volume ID was too long.
+
+ -- Holger Levsen   Tue, 20 Apr 2021 01:03:35 +0200
+
 debian-cd (3.1.33) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-cd-3.1.33/debian/control debian-cd-3.1.34/debian/control
--- debian-cd-3.1.33/debian/control	2021-01-19 14:56:03.0 +0100
+++ debian-cd-3.1.34/debian/control	2021-03-22 15:20:37.0 +0100
@@ -16,7 +16,7 @@
 Package: debian-cd
 Architecture: all
 Depends: ${misc:Depends}, curl, perl, dpkg-dev, cpp, libdigest-md5-perl, libdigest-sha-perl, tofrodos, apt, make, xorriso | genisoimage, lynx, grep-dctrl, bc, libcompress-zlib-perl, bzip2, libdpkg-perl, wget
-Recommends: hfsutils, netpbm, isolinux, syslinux-common, syslinux-utils, mtools, dosfstools
+Recommends: hfsutils, isolinux, syslinux-common, mtools, dosfstools
 Description: Tools for building (Official) Debian CD set
  Debian-cd is the official tool for building Debian CD set since the potato
  release. It was formerly called YACS (for Yet Another CD Script).
diff -Nru debian-cd-3.1.33/easy-build.sh debian-cd-3.1.34/easy-build.sh
--- debian-cd-3.1.33/easy-build.sh	2018-07-29 05:22:33.0 +0200
+++ debian-cd-3.1.34/easy-build.sh	2021-03-22 15:20:37.0 +0100
@@ -18,7 +18,6 @@
 export CF=./CONF.sh
 . $CF
 export DEBIAN_CD_CONF_SOURCED=true
-unset UPDATE_LOCAL
 
 
 ## Parse the parameters passed to the script
diff -Nru debian-cd-3.1.33/tasks/bullseye/forcd1 debian-cd-3.1.34/tasks/bullseye/forcd1
--- debian-cd-3.1.33/tasks/bullseye/forcd1	2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/bullseye/forcd1	2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
 /* #861288 - make it easier for users to report installation problems */
 reportbug
 
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/kali-dev/forcd1 debian-cd-3.1.34/tasks/kali-dev/forcd1
--- debian-cd-3.1.33/tasks/kali-dev/forcd1	2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/kali-dev/forcd1	2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
 /* #861288 - make it easier for users to report installation problems */
 reportbug
 
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/kali-last-snapshot/forcd1 debian-cd-3.1.34/tasks/kali-last-snapshot/forcd1
--- debian-cd-3.1.33/tasks/kali-last-snapshot/forcd1	2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/kali-last-snapshot/forcd1	2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
 /* #861288 - make it easier for users to report installation problems */
 reportbug
 
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/kali-rolling/forcd1 debian-cd-3.1.34/tasks/kali-rolling/forcd1
--- debian-cd-3.1.33/tasks/kali-rolling/forcd1	2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/kali-rolling/forcd1	2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
 /* #861288 - make it easier for users to report installation problems */
 reportbug
 
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tasks/sid/forcd1 debian-cd-3.1.34/tasks/sid/forcd1
--- debian-cd-3.1.33/tasks/sid/forcd1	2019-07-07 17:52:46.0 +0200
+++ debian-cd-3.1.34/tasks/sid/forcd1	2021-04-14 10:45:37.0 +0200
@@ -23,3 +23,6 @@
 /* #861288 - make it easier for users to report installation problems */
 reportbug
 
+/* ensure eatmydata-udeb can speed up offline installs too */
+eatmydata
+libeatmydata1
diff -Nru debian-cd-3.1.33/tools/boot/bullseye/boot-x86 debian-cd-3.1.34/tools/boot/bullseye/boot-x86
--- debian-cd-3.1.33/tools/boot/bullseye/boot-x86	2020-05-26 15:32:38.0 +0200
+++ debian-cd-3.1.34/tools/boot/bullseye/boot-x86	2021-03-22 15:20:37.0 +0100
@@ -380,11 +380,7 @@
 fi
 
 if [ "$SPLASHPNG" ] ; then
-# Insert our own splash screen.  Color index 0 is background, and
-# index 7 is foreground.  Set to black and white respecively
-pngtopnm < $SPLASHPNG | ppmquant 16 | \
-ppmtolss16 "#ff=7" "#00=0" > boot$N/isolinux/splash.rle
-pngtopnm < $SPLASHPNG | ppmquant 16 | pnmtopng  > boot$N/isolinux/splash.png
+cp

Re: Finding a tentative bullseye release date follow up and possible confirmation

2021-05-06 Thread Holger Levsen

hi,

On Thu, May 06, 2021 at 02:23:07AM +0200, jorkanof...@tutanota.com wrote:
> As stated in a previous email, there was a tentative release date for
> Bullseye scheduled on May 22 2021, as stated in this mailing list post:
> https://lists.debian.org/debian-release/2021/04/msg00552.html. It is
> likely for Debian to be released on May 22 2021, in late May or in
> June 2021 aka end of Q2 2021?

we don't know yet.

> Can you confirm whether the tentative release would be on May 22 or not?

no.

> If not could you propose another day for a proposed release date?

no.
 

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not the lockdown which is unbearable, but the virus.


signature.asc
Description: PGP signature

Bug#987992: unblock: debian-edu-doc/2.11.23

2021-05-03 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-doc it just contains documentation and 
translation updates and a little enhancement to Suggests: in d/control:

diff -Nru debian-edu-doc-2.11.22/debian/changelog 
debian-edu-doc-2.11.23/debian/changelog
--- debian-edu-doc-2.11.22/debian/changelog 2021-03-28 11:34:53.0 
+0200
+++ debian-edu-doc-2.11.23/debian/changelog 2021-04-25 10:43:28.0 
+0200
@@ -1,3 +1,26 @@
+debian-edu-doc (2.11.23) unstable; urgency=medium
+
+  * Update Debian Edu Bullseye manual from the wiki.
+  * Update Debian Edu Buster manual from the wiki.
+
+  [ Translation updates ]
+  * Bullseye manual:
+- Polish: WaldiS
+- Portuguese (Portugal): José Vieira
+- Portuguese: José Vieira
+- Dutch: Frans Spiesschaert
+
+  * Buster manual:
+- Polish: WaldiS
+- Portuguese (Portugal): José Vieira
+
+  [ Wolfgang Schweer ]
+  * debian/control: add Suggests: on the related legacy counterpart to
+debian-edu-doc-{fr,ja,nb-no,nl,pt-pt,zh-cn}. This completes the fix for
+Bug #985703. Thanks again to Andreas Beckmann.
+
+ -- Holger Levsen   Sun, 25 Apr 2021 10:43:28 +0200
+
 debian-edu-doc (2.11.22) unstable; urgency=medium
 
   [ Translation updates ]
diff -Nru debian-edu-doc-2.11.22/debian/control 
debian-edu-doc-2.11.23/debian/control
--- debian-edu-doc-2.11.22/debian/control   2021-03-24 13:29:56.0 
+0100
+++ debian-edu-doc-2.11.23/debian/control   2021-04-07 16:33:19.0 
+0200
@@ -85,6 +85,7 @@
 
 Package: debian-edu-doc-fr
 Depends: debian-edu-doc-en, ${misc:Depends}
+Suggests: debian-edu-doc-legacy-fr
 Architecture: all

And then the same change in d/control for 5 other packages...

$ debdiff debian-edu-doc_2.11.22.dsc debian-edu-doc_2.11.23.dsc | diffstat
 debian/changelog   
  |   23 
 debian/control 
  |6 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml  
  |   28 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.da.po 
  | 2363 ---
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.de.po 
  |  164 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.es.po 
  |  100 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.po 
  |  151 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.po 
  | 1014 -
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ja.po 
  |  169 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nb-no.po  
  |  154 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.nl.po 
  | 7842 ++
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pl.po 
  |  118 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot   
  |   71 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.po  
  |  395 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.po 
  |  783 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.ro.po 
  |  112 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.sv.po 
  |   71 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml   
  |   28 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-cn.po  
  |  162 
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.zh-tw.po  
  |   76 
 
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
 |5 
 documentation/debian-edu-buster/debian-edu-buster-manual-stripped.xml  
  |2 
 documentation/debian-edu-buster/debian-edu-buster-manual.da.po 
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.de.po 
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.es.po 
  |4 
 documentation/debian-edu-buster/debian-edu-buster-manual.fr.po 
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.it.po 
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.ja.po 
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.nb-no.po  
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.nl.po 
  |6 
 documentation/debian-edu-buster/debian-edu-buster-manual.pl.po 
  |   14 
 documentation/debian-edu-buster/debian-edu-buster-manual.pot   
  |4 
 documentation/debian-edu-buster/debian-edu-buster-manual.pt-pt.po  
  |  420 
 documentation/debian-edu-buster/debian-edu-buster-manual.ro.po 
  |4 
 documentation/debian

Bug#987783: unblock: debian-edu-install/2.11.12

2021-04-29 Thread Holger Levsen

On Thu, Apr 29, 2021 at 02:21:07PM +0200, Holger Levsen wrote:
> Please unblock package debian-edu-install 2.11.12 which fixes a bug by
> increasing partitioning sizes preventing installation in certain situations.

I forgot to mention the package contains an udeb, which is not used by
the default d-i, only when using the special Debian Edu images.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

&fff


signature.asc
Description: PGP signature

Bug#987783: unblock: debian-edu-install/2.11.12

2021-04-29 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-install 2.11.12 which fixes a bug by
increasing partitioning sizes preventing installation in certain situations.

+debian-edu-install (2.11.12) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Adjust partman recipes in lib/partman/common/*: Closes: #987225)
+- Increase minimum by 0.5GiB for / (workstation profile) resp. /var
+  (other profiles). This ensures enough space for (temporarily) caching 
debs
+  in case the netinst ISO image is used or installation happens via PXE.
+  Thanks to Philip Hands for spotting this on https://openqa.debian.net.
+  * Update after running 'make update-partman-recipes'.
+
+ -- Holger Levsen   Tue, 20 Apr 2021 15:46:08 +0200

The change is entirely trivial and tested on openqa.debian.net, the full
debdiff is attached, this is the diffstat:
 debian/changelog  |   12 ++
 lib/partman/common/90edumain  |2 -
 lib/partman/common/91edumain+ltsp |2 -
 lib/partman/common/92edumain+ws   |2 -
 lib/partman/common/94edultsp  |2 -
 lib/partman/common/96eduwork  |2 -
 lib/partman/common/97minimal  |2 -
 lib/partman/common/98edustandalone|2 -
 lib/partman/recipes-powerpc-powermac_newworld/90edumain   |2 -
 lib/partman/recipes-powerpc-powermac_newworld/91edumain+ltsp  |2 -
 lib/partman/recipes-powerpc-powermac_newworld/92edumain+ws|2 -
 lib/partman/recipes-powerpc-powermac_newworld/94edultsp   |2 -
 lib/partman/recipes-powerpc-powermac_newworld/96eduwork   |2 -
 lib/partman/recipes-powerpc-powermac_newworld/97minimal   |2 -
 lib/partman/recipes-powerpc-powermac_newworld/98edustandalone |2 -
 lib/partman/recipes-powerpc-prep/90edumain|2 -
 lib/partman/recipes-powerpc-prep/91edumain+ltsp   |2 -
 lib/partman/recipes-powerpc-prep/92edumain+ws |2 -
 lib/partman/recipes-powerpc-prep/94edultsp|2 -
 lib/partman/recipes-powerpc-prep/96eduwork|2 -
 lib/partman/recipes-powerpc-prep/97minimal|2 -
 lib/partman/recipes-powerpc-prep/98edustandalone  |2 -
 lib/partman/recipes/90edumain |2 -
 lib/partman/recipes/91edumain+ltsp|2 -
 lib/partman/recipes/92edumain+ws  |2 -
 lib/partman/recipes/94edultsp |2 -
 lib/partman/recipes/96eduwork |2 -
 lib/partman/recipes/97minimal |2 -
 lib/partman/recipes/98edustandalone   |2 -
 update-partman-recipes|4 +--
 30 files changed, 42 insertions(+), 30 deletions(-)


unblock debian-edu-install/2.11.12

Thanks for your work on bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Not everything was bad during capitalism.
diff -Nru debian-edu-install-2.11.11/debian/changelog debian-edu-install-2.11.12/debian/changelog
--- debian-edu-install-2.11.11/debian/changelog	2020-12-15 12:13:05.0 +0100
+++ debian-edu-install-2.11.12/debian/changelog	2021-04-20 15:46:08.0 +0200
@@ -1,3 +1,15 @@
+debian-edu-install (2.11.12) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Adjust partman recipes in lib/partman/common/*: Closes: #987225)
+- Increase minimum by 0.5GiB for / (workstation profile) resp. /var
+  (other profiles). This ensures enough space for (temporarily) caching debs
+  in case the netinst ISO image is used or installation happens via PXE.
+  Thanks to Philip Hands for spotting this on https://openqa.debian.net.
+  * Update after running 'make update-partman-recipes'.
+
+ -- Holger Levsen   Tue, 20 Apr 2021 15:46:08 +0200
+
 debian-edu-install (2.11.11) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-install-2.11.11/lib/partman/common/90edumain debian-edu-install-2.11.12/lib/partman/common/90edumain
--- debian-edu-install-2.11.11/lib/partman/common/90edumain	2017-03-02 20:20:10.0 +0100
+++ debian-edu-install-2.11.12/lib/partman/common/90edumain	2021-04-20 14:25:55.0 +0200
@@ -27,7 +27,7 @@
 	filesystem{ ext4 }
 	mountpoint{ /usr } .
 
-2048 3000 15360 ext4
+2560 3000 15360 ext4
 	$lvmok{ }
 	method{ format }
 	format{ }
diff -Nru debian-edu-install-2.11.11/lib/partman/common/91edumain+ltsp debian-edu-install-2.11.12/lib/partman/c

Bug#986984: unblock: debian-edu-doc/2.11.22

2021-04-21 Thread Holger Levsen

Hi Paul,

On Mon, Apr 19, 2021 at 09:56:01PM +0200, Paul Gevers wrote:
> I guess that's about the best we can do for such -doc packages. I
> realize it's slightly "unfair" because of the different treatment we
> have in the current freeze, but I wonder if adding autopkgtest (to test
> as-installed packages) is really worth it for such packages.
> Documentation changes and translations have always been on the exception
> list, even very explicitly this time around [1], so I think we're happy
> to just unblock manually. Having said that, I'll not stop you from
> adding the test. :)

thanks for your comments! TBH I was hoping for some prior art in some
other doc package, not primarily to ease testing migration but rather
to make sure the contents are as we would like them to be. we've had
failures to build pdf|epub|html versions of some languages in the past
and it would be nice to catch those automatically. I'll guess I'll invent
something myself then...

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

There are no jobs on a dead planet. (Also many other things but people mostly
seem to care about jobs.)

signature.asc
Description: PGP signature

Bug#986984: unblock: debian-edu-doc/2.11.22

2021-04-19 Thread Holger Levsen

Hi Paul,

On Sat, Apr 17, 2021 at 09:57:38PM +0200, Paul Gevers wrote:
> On Thu, 15 Apr 2021 02:23:22 +0200 Holger Levsen  wrote:
> > Please unblock package debian-edu-doc 2.11.22, it adds a new translation 
> > and thus
> > a new binary package and won't migrate on its own:
> The excuses says it's blocked because it "does not have autopkgtest".

speaking of which, what would be a non superficial autopkgtest for 
debian-edu-doc? would be running "file" on all created html, pdf and 
epub files be enough? (and checking that those are indeed html, pdf
and epub files :)

> You *should* be right though, it should *also* be blocked because it has
> a new package.
> 
> Anyways, unblocked.

thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Bug#986985: unblock: fonts-liberation2/2.1.3-1

2021-04-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fonts-liberation2 2.1.3-1, it's a key package,
and it's also a maintenance release and the changes have been 31 days in
unstable and the (deb)diff is reasonable:

$ debdiff  fonts-liberation2_2.1.2-2.dsc fonts-liberation2_2.1.3-1.dsc|diffstat
 .gitignore |2 -
 ChangeLog  |5 
 Makefile   |8 +--
 debian/changelog   |6 +
 scripts/fontfile_version_update.py |   40 +
 src/LiberationMono-Bold.sfd|   19 +++--
 src/LiberationMono-BoldItalic.sfd  |   19 +++--
 src/LiberationMono-Italic.sfd  |   19 +++--
 src/LiberationMono-Regular.sfd |   35 ++--
 src/LiberationSans-Bold.sfd|4 +--
 src/LiberationSans-BoldItalic.sfd  |4 +--
 src/LiberationSans-Italic.sfd  |4 +--
 src/LiberationSans-Regular.sfd |4 +--
 src/LiberationSerif-Bold.sfd   |4 +--
 src/LiberationSerif-BoldItalic.sfd |4 +--
 src/LiberationSerif-Italic.sfd |4 +--
 src/LiberationSerif-Regular.sfd|4 +--
 17 files changed, 114 insertions(+), 71 deletions(-)

$ # the full diff is attached and the new script is not used yet at all.

unblock fonts-liberation2/2.1.3-1

Thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀   OpenPGP: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

We live in a world where teenagers get more and more desperate trying to
convince adults to behave like grown ups.


fonts-liberation2_2.1.3-1.diff.gz
Description: application/gzip


signature.asc
Description: PGP signature

Bug#986984: Acknowledgement (unblock: debian-edu-doc/2.11.22)

2021-04-14 Thread Holger Levsen

hi,

it seems this bug report didn't make it through to the lists
because of the attachment's size:

Subject: unblock: debian-edu-doc/2.11.22

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-doc 2.11.22, it adds a new translation and 
thus
a new binary package and won't migrate on its own:

+Package: debian-edu-doc-pt-pt
+Depends: debian-edu-doc-en, ${misc:Depends}
+Architecture: all
+Multi-Arch: foreign
+Description: Portuguese (Portugal) documentation from the Debian Edu project
+ The Portuguese (Portugal) version of the manual for the Bullseye and Buster
+ based releases of the Debian Edu / Skolelinux project is included in this
+ package.
+ .
+ Debian Edu is a Debian project to make the best distribution for educational
+ purposes. Skolelinux is the name of the Debian Pure Blend which is produced
  by the Debian Edu project.

Besides that, there are a very few documentation changes and translation updates
(see the full attached debdiff for those).

$  debdiff --exclude *.po debian-edu-doc_2.11.20.dsc 
debian-edu-doc_2.11.22.dsc|diffstat
 Makefile   
  |3
 debian/changelog   
  |   64 +-
 debian/control 
  |   14 ++
 debian/copyright   
  |   15 +-
 debian/debian-edu-doc-pt-pt.links  
  |1
 documentation/common/Makefile.common   
  |2
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual-stripped.xml  
  |4
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.fr.add
  |6
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.it.add
  |2
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pot   
  |   19 +-
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt-pt.add 
  |4
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.pt.add
  |7 +
 documentation/debian-edu-bullseye/debian-edu-bullseye-manual.xml   
  |4
 
documentation/debian-edu-bullseye/source/AllInOne-debian-edu-bullseye-manual.xml
 |3
 documentation/debian-edu-buster/debian-edu-buster-manual-stripped.xml  
  |2
 documentation/debian-edu-buster/debian-edu-buster-manual.nl.add
  |2
 documentation/debian-edu-buster/debian-edu-buster-manual.pot   
  |6
 documentation/debian-edu-buster/debian-edu-buster-manual.pt-pt.add 
  |1
 documentation/debian-edu-buster/debian-edu-buster-manual.xml   
  |2
 documentation/debian-edu-buster/source/AllInOne-debian-edu-buster-manual.xml   
  |2
 20 files changed, 126 insertions(+), 37 deletions(-)


unblock debian-edu-doc/2.11.22

Thanks!



signature.asc
Description: PGP signature

Bug#986983: unblock: debian-edu-config/2.11.54

2021-04-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
x-debbugs: debian-...@lists.debian.org

Please unblock package debian-edu-config, which (like d-e-artwork in the
previous bugreport) is a key package and as such wont migrate itself.

The changes are all minor, only relevant to Debian Edu and reasonable in 
the first place ;)

So this is the translation stripped output (but how to do this properly /
better?) and the full output is attached:

$ debdiff --exclude=*po --exclude=*index.* debian-edu-config_2.11.51.dsc 
debian-edu-config_2.11.54.dsc
diff -Nru --exclude '*po' --exclude '*index.*' 
debian-edu-config-2.11.51/debian/changelog 
debian-edu-config-2.11.54/debian/changelog
--- debian-edu-config-2.11.51/debian/changelog  2021-03-05 19:58:03.0 
+0100
+++ debian-edu-config-2.11.54/debian/changelog  2021-04-07 01:03:15.0 
+0200
@@ -1,3 +1,31 @@
+debian-edu-config (2.11.54) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Set existing
+mate-panel layout file for the panel to show up. Closes: #986448.
+
+ -- Holger Levsen   Wed, 07 Apr 2021 01:03:15 +0200
+
+debian-edu-config (2.11.53) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Improve GOsa² hooks: explicitly create Samba account using gosa-create
+(before changing the password via gosa-sync). Closes: #986122.
+- tools/gosa-create: Add code to create the user's Samba account.
+- tools/gosa-sync: Adjust log message accordingly.
+
+ -- Holger Levsen   Wed, 31 Mar 2021 10:44:04 +0200
+
+debian-edu-config (2.11.52) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Adjust internal web page related files. (Closes: #985902)
+- www/index.html.en: Use pt-pt for European Portuguese, adjust PO files,
+  generate language specific index files.
+- www/{es-es,nb-no,pt-br}.po: Fix blends page link and related translation.
+
+ -- Holger Levsen   Sun, 28 Mar 2021 11:04:27 +0200
+
 debian-edu-config (2.11.51) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru --exclude '*po' --exclude '*index.*' 
debian-edu-config-2.11.51/Makefile debian-edu-config-2.11.54/Makefile
--- debian-edu-config-2.11.51/Makefile  2021-02-07 11:27:28.0 +0100
+++ debian-edu-config-2.11.54/Makefile  2021-03-28 11:01:09.0 +0200
@@ -197,7 +197,7 @@
index.html.ja \
index.html.nb-no \
index.html.nl \
-   index.html.pt \
+   index.html.pt-pt \
index.html.pt-br \
index.html.ro \
index.html.ru \
diff -Nru --exclude '*po' --exclude '*index.*' 
debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-create 
debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-create
--- debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-create 
2021-01-25 17:46:26.0 +0100
+++ debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-create 
2021-03-30 13:17:37.0 +0200
@@ -45,6 +45,8 @@
 chown -R $USERID:$GROUPID $HOMEDIR
 kadmin.local -q "add_principal -policy users -randkey -x 
\"$USERDN\" $USERID"
 logger -t gosa-create -p notice Home directory \'$HOMEDIR\' and 
principal \'$USERID\' created.
+smbpasswd -a -n -s $USERID
+logger -t gosa-sync -p notice "Samba account '$USERID' created."
 ## send a welcome-email:
 cat << EOF | /usr/lib/sendmail $USERID
 Subject: Welcome to the mail-system
diff -Nru --exclude '*po' --exclude '*index.*' 
debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-sync 
debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-sync
--- debian-edu-config-2.11.51/share/debian-edu-config/tools/gosa-sync   
2021-01-31 18:38:48.0 +0100
+++ debian-edu-config-2.11.54/share/debian-edu-config/tools/gosa-sync   
2021-03-30 13:17:37.0 +0200
@@ -48,7 +48,7 @@
 
 if [ "$IAM" = "dn:$USERDN" ] ; then
(echo $EUSERPASSWORD; echo $EUSERPASSWORD) | smbpasswd -a -s $USERID
-   logger -t gosa-sync -p notice "Sucessfully added / changed Samba acount 
for '$USERID'."
+   logger -t gosa-sync -p notice "Sucessfully changed Samba password for 
'$USERID'."
 cat > "$TMPFILE" <

debian-edu-config_2.11.54.diff.gz
Description: application/gzip


signature.asc
Description: PGP signature

Bug#986982: unblock: debian-edu-artwork/2.11.5-3

2021-04-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-artwork it fixes an important policy
violation flagged by piuparts:

$ debdiff debian-edu-artwork_2.11.5-2.dsc debian-edu-artwork_2.11.5-3.dsc
diff -Nru debian-edu-artwork-2.11.5/debian/changelog 
debian-edu-artwork-2.11.5/debian/changelog
--- debian-edu-artwork-2.11.5/debian/changelog  2021-02-21 09:50:19.0 
+0100
+++ debian-edu-artwork-2.11.5/debian/changelog  2021-04-07 20:56:21.0 
+0200
@@ -1,3 +1,10 @@
+debian-edu-artwork (2.11.5-3) unstable; urgency=medium
+
+  [ Andreas Beckmann ]
+  * Clean up obsolete ldm-theme alternative on upgrades.  (Closes: #986535)
+
+ -- Holger Levsen   Wed, 07 Apr 2021 20:56:21 +0200
+
 debian-edu-artwork (2.11.5-2) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst 
debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst
--- debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst  
1970-01-01 01:00:00.0 +0100
+++ debian-edu-artwork-2.11.5/debian/debian-edu-artwork-buster.preinst  
2021-04-07 20:54:54.0 +0200
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+set -e
+
+#DEBHELPER#
+
+EDUTHEME="buster"
+
+if [ "$1" = "upgrade" ]; then
+   if dpkg --compare-versions "$2" lt-nl "2.11.5-3~" ; then
+   # no longer managed by update-debian-edu-artwork-$EDUTHEME
+   update-alternatives --remove ldm-theme 
/usr/share/ldm/themes/debian-edu-$EDUTHEME
+   fi
+fi
diff -Nru debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst 
debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst
--- debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst   
1970-01-01 01:00:00.0 +0100
+++ debian-edu-artwork-2.11.5/debian/debian-edu-artwork-softwaves.preinst   
2021-04-07 20:54:54.0 +0200
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+set -e
+
+#DEBHELPER#
+
+EDUTHEME="softwaves"
+
+if [ "$1" = "upgrade" ]; then
+   if dpkg --compare-versions "$2" lt-nl "2.11.5-3~" ; then
+   # no longer managed by update-debian-edu-artwork-$EDUTHEME
+   update-alternatives --remove ldm-theme 
/usr/share/ldm/themes/debian-edu-$EDUTHEME
+   fi
+fi


unblock debian-edu-artwork/2.11.5-3

Thanks!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀   OpenPGP: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

There are many ways to kill. You can stab someone in the guts, take their bread
away,  not heal someone from disease,  put someone in a bad living space,  work
someone to death,  drive them to suicide, lead someone to war etc.  Only few of
these are prohibited in our state." (Bertolt Brecht)


signature.asc
Description: PGP signature

Bug#986980: unblock: debian-edu/2.11.36

2021-04-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu 2.11.36 which just changes a few meta
packaging relationships but needs a manual unblock because it's a key
package.

$ debdiff debian-edu_2.11.35.dsc  debian-edu_2.11.36.dsc
diff -Nru debian-edu-2.11.35/debian/changelog 
debian-edu-2.11.36/debian/changelog
--- debian-edu-2.11.35/debian/changelog 2021-02-10 12:36:20.0 +0100
+++ debian-edu-2.11.36/debian/changelog 2021-03-28 12:35:03.0 +0200
@@ -1,3 +1,16 @@
+debian-edu (2.11.36) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * tasks/music: Recommend musescore3 instead of musescore. (Closes: #985079)
+- Also add Suggests on musescore, thanks to Thorsten Glaser.
+
+  [ Holger Levsen ]
+  * Move currently unavailable debian-installer-11-netboot-(amd64|i386)
+packages from suggests to recommends so we don't need another upload once
+they become available in bullseye.
+
+ -- Holger Levsen   Sun, 28 Mar 2021 12:35:03 +0200
+
 debian-edu (2.11.35) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-2.11.35/debian/control debian-edu-2.11.36/debian/control
--- debian-edu-2.11.35/debian/control   2021-02-10 12:34:28.0 +0100
+++ debian-edu-2.11.36/debian/control   2021-03-28 12:34:58.0 +0200
@@ -714,6 +714,8 @@
 cups,
 cups-bsd,
 cups-pdf,
+debian-installer-11-netboot-amd64,
+debian-installer-11-netboot-i386,
 dovecot-gssapi,
 dovecot-imapd,
 education-networked,
@@ -772,8 +774,6 @@
 tftpd-hpa
 Suggests: apache2-doc,
   calamaris,
-  debian-installer-11-netboot-amd64,
-  debian-installer-11-netboot-i386,
   default-mysql-client,
   dlint,
   dnswalk,
@@ -867,7 +867,7 @@
 lingot,
 lmms,
 mcp-plugins,
-musescore,
+musescore3,
 nted,
 pianobooster,
 qsynth,
@@ -878,7 +878,8 @@
 timgm6mb-soundfont,
 tuxguitar
 Suggests: festival,
-  lilypond
+  lilypond,
+  musescore
 Description: Debian Edu music and sound applications
  This metapackage depends on various applications that can be used to
  teach music.
diff -Nru debian-edu-2.11.35/tasks/music debian-edu-2.11.36/tasks/music
--- debian-edu-2.11.35/tasks/music  2020-10-03 00:51:23.0 +0200
+++ debian-edu-2.11.36/tasks/music  2021-03-14 10:49:05.0 +0100
@@ -27,6 +27,7 @@
 Suggests:
  lilypond,
  festival,
+ musescore,
 
 Recommends:
  rosegarden,
@@ -37,6 +38,6 @@
 NeedConfig: yes - configure the midi configuration
 
 Recommends:
- musescore,
+ musescore3,
  timgm6mb-soundfont,
 


unblock debian-edu/2.11.36

Thanks!

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀   OpenPGP: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

This is the year of gpg on the desktop! (Gunnar Wolf)


signature.asc
Description: PGP signature

Bug#986979: unblock: libdnf/0.55.2-6

2021-04-14 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libdnf, 0.55.2-6 fixes #986802 / CVE-2021-3445.

$ * debdiff libdnf_0.55.2-5.dsc libdnf_0.55.2-6.dsc
diff -Nru libdnf-0.55.2/debian/changelog libdnf-0.55.2/debian/changelog
--- libdnf-0.55.2/debian/changelog  2021-02-04 01:17:07.0 +0100
+++ libdnf-0.55.2/debian/changelog  2021-04-14 21:26:57.0 +0200
@@ -1,3 +1,9 @@
+libdnf (0.55.2-6) unstable; urgency=high
+
+  * Add patch for signature check with rpmcliVerifySignatures. Closes: #986802.
+
+ -- Frédéric Pierret   Wed, 14 Apr 2021 
21:26:57 +0200
+
 libdnf (0.55.2-5) unstable; urgency=medium
 
   * Team upload.
diff -Nru 
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
 
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
--- 
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
1970-01-01 01:00:00.0 +0100
+++ 
libdnf-0.55.2/debian/patches/0014-Hardening-add-signature-check-with-rpmcliVerifySigna.patch
2021-04-14 21:26:57.0 +0200
@@ -0,0 +1,119 @@
+From 930f2582f91077b3f338b84cf9567559d52713de Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= 
+Date: Mon, 29 Mar 2021 09:22:09 +0200
+Subject: [PATCH] Hardening: add signature check with rpmcliVerifySignatures
+
+This api is not ideal but works for now. We don't have to set
+installroot for the used transaction because we set keyring which is
+used to retrieve the keys.
+
+= changelog =
+msg: Hardening: add signature check with rpmcliVerifySignatures
+type: security
+resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
+
+CVE-2021-3445
+RhBug:1932079
+RhBug:1932089
+RhBug:1932090
+
+Related: CVE-2021-3421, CVE-2021-20271
+---
+ libdnf/dnf-keyring.cpp | 52 --
+ 1 file changed, 50 insertions(+), 2 deletions(-)
+
+diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
+index eec58c69..62a6248c 100644
+--- a/libdnf/dnf-keyring.cpp
 b/libdnf/dnf-keyring.cpp
+@@ -34,6 +34,8 @@
+ #include 
+ #include 
+ #include 
++#include 
++#include 
+ 
+ #include "catch-error.hpp"
+ #include "dnf-types.h"
+@@ -216,6 +218,26 @@ dnf_keyring_add_public_keys(rpmKeyring keyring, GError 
**error) try
+ return TRUE;
+ } CATCH_TO_GERROR(FALSE)
+ 
++static int
++rpmcliverifysignatures_log_handler_cb(rpmlogRec rec, rpmlogCallbackData data)
++{
++GString **string =(GString **) data;
++
++/* create string if required */
++if (*string == NULL)
++*string = g_string_new("");
++
++/* if text already exists, join them */
++if ((*string)->len > 0)
++g_string_append(*string, ": ");
++g_string_append(*string, rpmlogRecMessage(rec));
++
++/* remove the trailing /n which rpm does */
++if ((*string)->len > 0)
++g_string_truncate(*string,(*string)->len - 1);
++return 0;
++}
++
+ /**
+  * dnf_keyring_check_untrusted_file:
+  */
+@@ -232,6 +254,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
+ rpmtd td = NULL;
+ rpmts ts = NULL;
+ 
++char *path = g_strdup(filename);
++char *path_array[2] = {path, NULL};
++g_autoptr(GString) rpm_error = NULL;
++
+ /* open the file for reading */
+ fd = Fopen(filename, "r.fdio");
+ if (fd == NULL) {
+@@ -252,9 +278,27 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
+ goto out;
+ }
+ 
+-/* we don't want to abort on missing keys */
+ ts = rpmtsCreate();
+-rpmtsSetVSFlags(ts, _RPMVSF_NOSIGNATURES);
++
++if (rpmtsSetKeyring(ts, keyring) < 0) {
++g_set_error_literal(error, DNF_ERROR, DNF_ERROR_INTERNAL_ERROR, 
"failed to set keyring");
++goto out;
++}
++rpmtsSetVfyLevel(ts, RPMSIG_SIGNATURE_TYPE);
++rpmlogSetCallback(rpmcliverifysignatures_log_handler_cb, &rpm_error);
++
++// rpm doesn't provide any better API call than rpmcliVerifySignatures 
(which is for CLI):
++// - use path_array as input argument
++// - gather logs via callback because we don't want to print anything if 
check is successful
++if (rpmcliVerifySignatures(ts, (char * const*) path_array)) {
++g_set_error(error,
++DNF_ERROR,
++DNF_ERROR_GPG_SIGNATURE_INVALID,
++"%s could not be verified.\n%s",
++filename,
++(rpm_error ? rpm_error->str : "UNKNOWN ERROR"));
++goto out;
++}
+ 
+ /* read in the file */
+ rc = rpmReadPackageFile(ts, fd, filename, &hdr);
+@@ -318,6 +362,10 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
+ g_debug("%s has been verified as trusted", filename);
+ ret = TRUE;
+ out:
++rpmlogSetCallback(NULL, NULL);
++
++if (path != NULL)
++g_free(path);
+ if (dig != NULL)
+ pgpFreeDig(dig);
+ if (td != NULL) {
+-- 
+2.31.0
+
diff -Nru

Bug#984605: unblock: debian-edu-config/2.11.51

2021-03-05 Thread Holger Levsen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
x-debbugs-cc: debian-...@lists.debian.org

Hi,

please unblock package debian-edu-config, the debdiff is small and self 
explaining
and fixes an important bug:

$ debdiff debian-edu-config_2.11.50.dsc debian-edu-config_2.11.51.dsc
diff -Nru debian-edu-config-2.11.50/cf3/cf.dhcpserver 
debian-edu-config-2.11.51/cf3/cf.dhcpserver
--- debian-edu-config-2.11.50/cf3/cf.dhcpserver 2021-01-31 18:38:48.0 
+0100
+++ debian-edu-config-2.11.51/cf3/cf.dhcpserver 2021-03-05 18:52:59.0 
+0100
@@ -32,6 +32,8 @@
 
 "/usr/bin/systemctl enable isc-dhcp-server.service"
   contain => in_shell;
+"/usr/bin/touch /var/lib/dhcp/dhcpd.leases"
+  contain => in_shell;
 "/usr/bin/systemctl restart isc-dhcp-server.service"
   contain => in_shell;
 }
diff -Nru debian-edu-config-2.11.50/debian/changelog 
debian-edu-config-2.11.51/debian/changelog
--- debian-edu-config-2.11.50/debian/changelog  2021-02-16 15:39:04.0 
+0100
+++ debian-edu-config-2.11.51/debian/changelog  2021-03-05 19:58:03.0 
+0100
@@ -1,3 +1,11 @@
+debian-edu-config (2.11.51) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * cf3/cf.dhcpserver: Make sure the dhcpd.leases file exists. Closes: #984596.
+(Without a leases file, isc-dhcp-server remains in starting stage forever.)
+
+ -- Holger Levsen   Fri, 05 Mar 2021 19:58:03 +0100
+

unblock debian-edu-config/2.11.51

Thanks for all your work on bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes... (Greta Thunberg)


signature.asc
Description: PGP signature

Re: golang-github-revel-revel: Depends on network in tests

2021-02-15 Thread Holger Levsen

On Mon, Feb 15, 2021 at 07:23:19PM +0100, Paul Gevers wrote:
> There's multiple things to say.
[...] 
> 2) if possible, those tests should be in a separate autopkgtest
> paragraph, such then when needs-internet tests are skipped (e.g. because
> the infra doesn't provide access, like in Ubuntu) the rest of the tests
> are still run.

the build results also should be identical whether these tests are run
or not. It would be a pity not being able to reproduce these packages in
a future where such an external service is down or gone.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

Never waste a crisis.


signature.asc
Description: PGP signature

Bug#982598: incomplete logs for autopkg tests

2021-02-12 Thread Holger Levsen

On Fri, Feb 12, 2021 at 08:35:11PM +0100, Paul Gevers wrote:
> Unfortunately, we're hitting infrastructure issues if we don't cap the
> logs [1]. However, I think we should save the last part (and not the
> first part) if we have to cap, because normally the failure happens in
> the end.

I'd keep a bit from the beginning and a bigger bit from the end. Often the
beginning is useful too.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Bug#982399: unblock: adequate/0.15.4

2021-02-10 Thread Holger Levsen

On Tue, Feb 09, 2021 at 06:51:57PM +0100, Andreas Beckmann wrote:
> As adequate is actively being used by piuparts, I'd like to see it in
> bullseye. 

shouldn't adequate be a key package given it's used on piuparts.d.o as well?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

No future.


signature.asc
Description: PGP signature

Re: from >3500 down to 11 (packages in bullseye not built on buildds)

2021-01-30 Thread Holger Levsen

Hi Paul,

On Sat, Jan 30, 2021 at 07:18:42PM +0100, Paul Gevers wrote:
> https://release.debian.org/bullseye/freeze_policy.html#soft mentions
> """
> Please note that packages that are in bullseye at the start of the soft
> freeze can still be removed if they are buggy. This can happen manually
> or by the auto-removals.
> """
> autoremoval is enabled until we release.

cool!

& thanks for the clarification. what confused me was the table on the top of
https://release.debian.org/bullseye/freeze_policy.html which has a row 
saying "Adding/removing binary packages || Standard automatic migration || No"
which I now understand to be refering to packaging changes of a given
source package and not source packages themselves.

Sadly I have no idea how to improve that table now, maybe just explicitly
state somewhere "autoremovals are enabled until we release"?

> Thanks for you great work on making bullseye reproducible.

with pleasure! :)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

signature.asc
Description: PGP signature

from >3500 down to 11 (packages in bullseye not built on buildds)

2021-01-30 Thread Holger Levsen

hi,

so, after me doing 540 no-source-change source-only NMUploads in December 2020
and 2940 in January 2021 we've come down from >3500 binary packages in bullseye
which were not built on buildds to 11. That's pretty awesome! [1]

(It also means that currently I have uploaded >10% of all of Debian, which is 
pretty
insane, IMNSHO. This was of course only possible because of all YOUR awesome 
work!)

And I still would like to get this number (11) down to *zero* for the release, 
so
please continue to help!

The eleven source packages are:

(I've bcced the maintainers and uploaders.)


- autobahn-cpp: has a FTBFS bug which is #978201 and which is titled "FTBFS: 
wamp_websocketpp_websocket_transport.ipp: error: ‘::_1’ has not been 
declared"
It is marked marked for autoremoval on February 8th, so if nothing
happens this package will not be released with bullseye.

- bsdowl: has a trivial piuparts issue which is described nicely in #980793
but fixing wasn't trivial for me. bsdowl installs files in 
/usr/share/mk,
but that is now a symlink (shipped by bmake), pointing to
/usr/share/bmake/mk-netbsd. debian/rules is basically empty so some
understanding of bmake is needed... (debian/*.install files do not 
exist.)
bsdowl is marked for autoremoval on Februay 20th but the autoremoval
will not happen as that date is after the soft freeze, after which 
autoremovals
will not ahappen anymore.

- qdjango: FTBFS on buildds / #980267. I believe a variable might get 
incorrectly
expanded? It's marked for autoremoval on February 14th, which will
not happen, so something needs to be done here.

- golang-rsc-qr: marked for autoremoval on February 8th due to #978296 which is
FTBFS bug about dh_auto_test failing. Seems fixable, even if only by
disabling some test...

- golang-github-cznic-lldb: is affected by #980573 and #980668 but the 
autoremoval 
will not happen as it's marked for February 18th, which is after the 
soft freeze,
after which autoremovals will not happen. So something needs to be done 
here.

- golang-github-cznic-ql: is affected by #980572 and #980706 but the autoremoval
is scheduled for March 3rd, so will not happen. So something needs to 
be done
here as well.
  Both golang-github-cznic-(lldb|ql) depend on golang-github-cznic-sortutil,
which is marked for autoremoval on March 5th due to #980698...

- trapperkeeper-scheduler-clojure: maintainer accidently(?) did a binary upload 
5 days
ago. I've already pinged pollo on irc and will keep an eye on the 
situation :)

- trapperkeeper-authorization-clojure: should migrate in 3 days once 
rbac-client-clojure
migrated. Thanks Louis-Philippe for all those clojure fixes!

- udunits: had a recent maintainer upload and should migrate in 4 days. Thanks, 
Alastair!

- namazu2: NMU has been uploaded to DELAYED/5, should enter sid in 2 days and 
then
hopefully migrate. Thanks, Andreas!

- afew: had a recent maintainer upload and should migrate in 4 days. Thanks, 
Håvard!


Thank you for reading this far! And keep rocking! :)


[1] 
http://layer-acht.org/thinking/blog/20201231-no-source-change-source-uploads/


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

Moral, truth, long term- and holistic thinking seem to mean nothing to us. The
emperors are naked. Every single one. It turns out our whole society is just
one big nudist party. (Greta Thunberg about the world reacting to the corona
crisis but not reacting appropriatly to the climate crisis.)


signature.asc
Description: PGP signature

source-only uploads for future point releases (Re: Bug#980962: buster-pu: package intel-microcode/3.20201118.1~deb10u1)

2021-01-30 Thread Holger Levsen

On Fri, Jan 29, 2021 at 04:32:27PM -0300, Henrique de Moraes Holschuh wrote:
> > Please feel free to upload, bearing in mind that the window for 10.8
> > closes during this weekend.
> Uploaded (source, i386, amd64).
 
one can do source only uploads to stable(-security) and oldstable() too.

Can we have source-only uploads for future point releases please?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Re: Bug#975016: OpenJDK 15 support state for Bullseye

2021-01-26 Thread Holger Levsen

On Tue, Jan 26, 2021 at 06:30:25PM +0100, Matthias Klose wrote:
> On 1/26/21 5:55 PM, Holger Levsen wrote:
> > On Tue, Jan 26, 2021 at 04:36:13PM +0100, Matthias Klose wrote:
> >>>> :) note however that "#975016: OpenJDK 15 support state for Bullseye" is 
> >>>> still
> >>> ping, has there been any progress on this?
> >> chatting with Moritz from the security team, we found four options:
> >> 1) Ship a snapshot of OpenJDK 17 in bullseye. [...]
> > 
> > I'm confused, the bug title is about OpenJDK 15?!
> > 
> > So besides OpenJDK 17, what about 15 and 16? 
> 
> see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975016#10

thanks
 
> the bug title is about one, and only one more, additional openjdk-N version,
> which is supposed to be an openjdk LTS version again: 17.

so if 17 were shipped, 15 would not be shipped?!? (and 16 neither)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

There are no jobs on a dead planet. (Also many other things but people mostly
seem to care about jobs.)


signature.asc
Description: PGP signature

1 2 3 4 5 6 7 8 >

1 - 100 of 750 matches

Mail list logo