Re: Bug#855282: debsign: support .buildinfo files
Hi! On Mon, 2017-03-13 at 00:02:26 -0400, James McCoy wrote: > On Mon, Mar 06, 2017 at 11:45:20PM -0500, James McCoy wrote: > > This was merged and uploaded in 2.17.2. However, now I see that > > buildinfo files may be arch-qualified even with a _source.changes (e.g., > > by using "sbuild -A --source-only-changes"). That's not currently > > handled properly since "debsign foo_ver_source.changes" expects > > "foo_ver_source.buildinfo" to exist. > > > > Should debsign be deriving the path for the buildinfo from the contents > > of the changes file? Sorry for not chiming in sooner! > I've changed all of the "child file" handling to use this approach in > 4a4238dbf1e789e998cf047ea0f006e982fba56b. That seems cleaner than > debsign replicating logic to determine the names of related files. Yeah, thanks, that sounds best. Not even scripts in dpkg-dev are assuming any specific name for the buildinfo file, they are always getting it from the .changes file. Thanks, Guillem ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
On Mon, Mar 06, 2017 at 11:45:20PM -0500, James McCoy wrote: > On Thu, Feb 16, 2017 at 05:23:00PM +, Ximin Luo wrote: > > I've done an initial implementation here: > > > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo > > > > Please review! > > This was merged and uploaded in 2.17.2. However, now I see that > buildinfo files may be arch-qualified even with a _source.changes (e.g., > by using "sbuild -A --source-only-changes"). That's not currently > handled properly since "debsign foo_ver_source.changes" expects > "foo_ver_source.buildinfo" to exist. > > Should debsign be deriving the path for the buildinfo from the contents > of the changes file? I've changed all of the "child file" handling to use this approach in 4a4238dbf1e789e998cf047ea0f006e982fba56b. That seems cleaner than debsign replicating logic to determine the names of related files. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
On Thu, Feb 16, 2017 at 05:23:00PM +, Ximin Luo wrote: > I've done an initial implementation here: > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo > > Please review! This was merged and uploaded in 2.17.2. However, now I see that buildinfo files may be arch-qualified even with a _source.changes (e.g., by using "sbuild -A --source-only-changes"). That's not currently handled properly since "debsign foo_ver_source.changes" expects "foo_ver_source.buildinfo" to exist. Should debsign be deriving the path for the buildinfo from the contents of the changes file? Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
On Wed, Mar 01, 2017 at 02:58:29AM +0100, Guillem Jover wrote: > Hi! > > On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote: > > On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote: > > > Control: tags + patch > > > > > I've done an initial implementation here: > > > > > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo > > > > > > Please review! > > > > I think something like the attached patch on top of your branch HEAD > > is also needed. > > Here's another patch to support the finalized format 1.0 sitting now > in dpkg's git master, pending upload to unstable. Merged. Thanks! Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
Hi! On Fri, 2017-02-17 at 06:08:25 +0100, Guillem Jover wrote: > On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote: > > Control: tags + patch > > > I've done an initial implementation here: > > > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo > > > > Please review! > > I think something like the attached patch on top of your branch HEAD > is also needed. Here's another patch to support the finalized format 1.0 sitting now in dpkg's git master, pending upload to unstable. Thanks, Guillem From d21172ba5d15f920929892e72ccc7bd83024628f Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Tue, 28 Feb 2017 00:13:52 +0100 Subject: [PATCH] Add support for finalized .buildinfo format 1.0 --- scripts/debsign.sh | 2 +- scripts/dscverify.pl | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/debsign.sh b/scripts/debsign.sh index 4b2b22cb..2eb23df5 100755 --- a/scripts/debsign.sh +++ b/scripts/debsign.sh @@ -462,7 +462,7 @@ fixup_control() { } fixup_buildinfo() { -fixup_control '$major != 0 or $minor > 2' dsc buildinfo "$@" +fixup_control '($major != 0 or $minor > 2) and ($major != 1 or $minor > 0)' dsc buildinfo "$@" } fixup_changes() { diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl index 381ebff5..45f2c605 100755 --- a/scripts/dscverify.pl +++ b/scripts/dscverify.pl @@ -208,7 +208,8 @@ sub process_file { $major += 0; $minor += 0; if ($file =~ /\.changes$/ and ($major != 1 or $minor > 8) or - $file =~ /\.buildinfo$/ and ($major != 0 or $minor > 2)) { + $file =~ /\.buildinfo$/ and (($major != 0 or $minor > 2) and + ($major != 1 or $minor > 0))) { xwarn "$file is an unsupported format: $format\n"; return; } -- 2.12.0.rc1.440.g5b76565f74 ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
Hi! On Thu, 2017-02-16 at 17:23:00 +, Ximin Luo wrote: > Control: tags + patch > I've done an initial implementation here: > > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo > > Please review! I think something like the attached patch on top of your branch HEAD is also needed. Thanks, Guillem From 8ccb601c3e3f1cb16db923b8464e8a73b4cf03df Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Fri, 17 Feb 2017 06:04:27 +0100 Subject: [PATCH] Improve .buildinfo support --- scripts/debsign.sh | 19 +-- scripts/dscverify.pl | 7 --- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/scripts/debsign.sh b/scripts/debsign.sh index ede3aa79..4b2b22cb 100755 --- a/scripts/debsign.sh +++ b/scripts/debsign.sh @@ -418,7 +418,7 @@ fixup_control() { '" \$file=\"$child\"; \$md5=\"$md5\"; "' '" \$sha1=\"$sha1\"; \$sha256=\"$sha256\"; "' $size=(-s $file); ($base=$file) =~ s|.*/||; -$infiles=0; $insha1=0; $insha256=0; $format=""; +$infiles=0; $inmd5=0; $insha1=0; $insha256=0; $format=""; } if(/^Format:\s+(.*)/) { $format=$1; @@ -429,19 +429,26 @@ fixup_control() { die "Unsupported .$parenttype format: $format\n" if('"$filter_out"'); } -/^Files:/i && ($infiles=1,$insha1=0,$insha256=0); -if(/^Checksums-Sha1:/i) {$insha1=1;$infiles=0;$insha256=0;} +/^Files:/i && ($infiles=1,$inmd5=0,$insha1=0,$insha256=0); +if(/^Checksums-Sha1:/i) {$insha1=1;$infiles=0;$inmd5=0;$insha256=0;} elsif(/^Checksums-Sha256:/i) { - $insha256=1;$infiles=0;$insha1=0; + $insha256=1;$infiles=0;$inmd5=0;$insha1=0; +} elsif(/^Checksums-Md5:/i) { + $inmd5=1;$infiles=0;$insha1=0;$insha256=0; } elsif(/^Checksums-.*?:/i) { die "Unknown checksum format: $_\n"; } -/^\s*$/ && ($infiles=0,$insha1=0,$insha256=0); +/^\s*$/ && ($infiles=0,$inmd5=0,$insha1=0,$insha256=0); if ($infiles && /^ (\S+) (\d+) (\S+) (\S+) \Q$base\E\s*$/) { $_ = " $md5 $size $3 $4 $base\n"; $infiles=0; } +if ($inmd5 && + /^ (\S+) (\d+) \Q$base\E\s*$/) { +$_ = " $md5 $size $base\n"; +$inmd5=0; +} if ($insha1 && /^ (\S+) (\d+) \Q$base\E\s*$/) { $_ = " $sha1 $size $base\n"; @@ -455,7 +462,7 @@ fixup_control() { } fixup_buildinfo() { -fixup_control '$major < 1 and $minor < 2' dsc buildinfo "$@" +fixup_control '$major != 0 or $minor > 2' dsc buildinfo "$@" } fixup_changes() { diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl index 8bc0857c..381ebff5 100755 --- a/scripts/dscverify.pl +++ b/scripts/dscverify.pl @@ -198,7 +198,7 @@ sub process_file { } } -if ($file =~ /\.changes$/ and $out =~ /^Format:\s*(.*)$/mi) { +if ($file =~ /\.(changes|buildinfo)$/ and $out =~ /^Format:\s*(.*)$/mi) { my $format = $1; unless ($format =~ /^(\d+)\.(\d+)$/) { xwarn "$file has an unrecognised format: $format\n"; @@ -207,7 +207,8 @@ sub process_file { my ($major, $minor) = split /\./, $format; $major += 0; $minor += 0; - unless ($major == 1 and $minor <= 8) { + if ($file =~ /\.changes$/ and ($major != 1 or $minor > 8) or + $file =~ /\.buildinfo$/ and ($major != 0 or $minor > 2)) { xwarn "$file is an unsupported format: $format\n"; return; } @@ -220,7 +221,7 @@ sub process_file { } my @checksums = map { split /\n/ } $out =~ /^Checksums-(\S+):\s*\n/mgi; -@checksums = grep {!/^Sha(1|256)$/i} @checksums; +@checksums = grep {!/^(Md5|Sha(1|256))$/i} @checksums; if (@checksums) { xwarn "$file contains unsupported checksums:\n" . join (", ", @checksums) . "\n"; -- 2.11.0.483.g087da7b7c ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
Control: tags + patch Hi all, I've done an initial implementation here: https://anonscm.debian.org/cgit/collab-maint/devscripts.git/log/?h=pu/debsign-buildinfo Please review! I haven't yet updated debrsign but I think that program is a bit pointless anyway, and have documented this in debsign(1): "note that it is probably safer to have your trusted signing machine use \fBdebsign\fR to connect to the untrusted non-signing machine, rather than using \fBdebrsign\fR to make the connection in the reverse direction." X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Bug#855282: debsign: support .buildinfo files
user reproducible-builds@lists.alioth.debian.org usertag 855282 toolchain thanks -- cheers, Holger signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Bug#855282: debsign: support .buildinfo files
Package: devscripts Version: 2.17.1 Severity: wishlist Dear Maintainer, dpkg since version 1.18.19 has been signing buildinfo files by default. debsign at the moment will ignore these and leave them unsigned. It would be good to support them. Ximin -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- Not present -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages devscripts depends on: ii dpkg-dev 1.18.22 ii libc62.24-9 ii perl 5.24.1-1 pn python3:any Versions of packages devscripts recommends: ii apt 1.4~rc1 ii at 3.1.20-3 ii curl7.52.1-2 ii dctrl-tools 2.24-2 ii debian-keyring 2017.01.20 ii dput0.12.0 ii equivs 2.0.9+nmu1 ii fakeroot1.21-3.1 ii file1:5.29-3 ii gnupg 2.1.18-3 ii gnupg2 2.1.18-3 ii libdistro-info-perl 0.14 ii libdpkg-perl1.18.22 ii libencode-locale-perl 1.05-1 ii libgit-wrapper-perl 0.047-1 ii liblist-compare-perl0.53-1 ii liblwp-protocol-https-perl 6.06-2 ii libsoap-lite-perl 1.20-1 ii liburi-perl 1.71-1 ii libwww-perl 6.15-1 ii licensecheck3.0.29-1 ii lintian 2.5.50.1 ii man-db 2.7.6.1-2 ii patch 2.7.5-1 ii patchutils 0.3.4-2 ii python3-debian 0.1.30 ii python3-magic 1:5.29-3 ii sensible-utils 0.0.9 ii strace 4.15-2 ii unzip 6.0-21 ii wdiff 1.2.2-2 ii wget1.18-4 ii xz-utils5.2.2-1.2 Versions of packages devscripts suggests: ii adequate 0.15.1 ii autopkgtest 4.3 pn bls-standalone ii bsd-mailx [mailx]8.1.2-0.20160123cvs-3 ii build-essential 12.3 pn check-all-the-things pn cvs-buildpackage pn devscripts-el ii diffoscope 67 ii disorderfs 0.5.1-1 pn dose-extra pn duck ii faketime 0.9.6-7 ii gnuplot 5.0.5+dfsg1-5 ii gpgv 2.1.18-3 pn how-can-i-help ii libauthen-sasl-perl 2.1600-1 ii libfile-desktopentry-perl0.22-1 pn libnet-smtps-perl pn libterm-size-perl ii libtimedate-perl 2.3000-2 ii libyaml-syck-perl1.29-1+b2 pn mozilla-devscripts ii mutt 1.7.2-1 ii openssh-client [ssh-client] 1:7.4p1-6 ii piuparts 0.75 pn ratt ii reprotest0.6 pn svn-buildpackage pn w3m -- no debconf information ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds