from:"jochen"


Hi Santiago,

thanks for the report. This seems to be due to git 1:2.30.2-1+deb11u1 as 
it works with the version before (1:2.30.2-1). Give that it is a 
security fix and a testing only problem that could worked around easily, 
I would leave this as is.


Cheers Jochen

* Santiago Vila  [2024-05-11 21:53]:

Package: src:ros-vcstools
Version: 0.1.42-3
Severity: serious
Control: close -1 0.1.42-7
Tags: ftbfs bullseye

Dear maintainer:

During a rebuild of all packages in bullseye, your package failed to build:


[...]
debian/rules binary
dh binary --with python3 --buildsystem=pybuild
  dh_update_autotools_config -O--buildsystem=pybuild
  dh_autoreconf -O--buildsystem=pybuild
  dh_auto_configure -O--buildsystem=pybuild
I: pybuild base:232: python3.9 setup.py config
/<>/setup.py:3: DeprecationWarning: the imp module is deprecated 
in favour of importlib; see the module's documentation for alternative uses
 import imp
running config
  dh_auto_build -O--buildsystem=pybuild
I: pybuild base:232: /usr/bin/python3 setup.py build
/<>/setup.py:3: DeprecationWarning: the imp module is deprecated 
in favour of importlib; see the module's documentation for alternative uses
 import imp

[... snipped ...]

6 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_checkout_into_subdir_without_existing_parent (test.test_hg.HGClientTest) 
... updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_checkout_specific_version_and_update (test.test_hg.HGClientTest) ... 
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_current_version_label (test.test_hg.HGClientTest) ... updating to 
branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 5 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
5 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_environment_metadata (test.test_hg.HGClientTest) ... ok
test_get_remote_version (test.test_hg.HGClientTest) ... updating to branch 
default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
abort: destination '/tmp/tmp18ac112f/local' is not empty
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_type_name (test.test_hg.HGClientTest) ... ok
test_get_url_by_reading (test.test_hg.HGClientTest) ... updating to branch 
default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_url_nonexistant (test.test_hg.HGClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
testStatusUntracked (test.test_hg.HGDiffStatClientTest) ... ok
test_diff (test.test_hg.HGDiffStatClientTest) ... ok
test_diff_relpath (test.test_hg.HGDiffStatClientTest) ... ok
test_get_version_modified (test.test_hg.HGDiffStatClientTest) ... ok
test_hg_diff_path_change_None (test.test_hg.HGDiffStatClientTest) ... ok
test_status (test.test_hg.HGDiffStatClientTest) ... ok
test_status_relpath (test.test_hg.HGDiffStatClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
test_export_repository (test.test_hg.HGExportRepositoryClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
test_get_branches (test.test_hg.HGGetBranchesClientTest) ...

Bug#1070952: ros-vcstools: FTBFS in bullseye


Hi Santiago,

thanks for the report. This seems to be due to git 1:2.30.2-1+deb11u1 as 
it works with the version before (1:2.30.2-1). Give that it is a 
security fix and a testing only problem that could worked around easily, 
I would leave this as is.


Cheers Jochen

* Santiago Vila  [2024-05-11 21:53]:

Package: src:ros-vcstools
Version: 0.1.42-3
Severity: serious
Control: close -1 0.1.42-7
Tags: ftbfs bullseye

Dear maintainer:

During a rebuild of all packages in bullseye, your package failed to build:


[...]
debian/rules binary
dh binary --with python3 --buildsystem=pybuild
  dh_update_autotools_config -O--buildsystem=pybuild
  dh_autoreconf -O--buildsystem=pybuild
  dh_auto_configure -O--buildsystem=pybuild
I: pybuild base:232: python3.9 setup.py config
/<>/setup.py:3: DeprecationWarning: the imp module is deprecated 
in favour of importlib; see the module's documentation for alternative uses
 import imp
running config
  dh_auto_build -O--buildsystem=pybuild
I: pybuild base:232: /usr/bin/python3 setup.py build
/<>/setup.py:3: DeprecationWarning: the imp module is deprecated 
in favour of importlib; see the module's documentation for alternative uses
 import imp

[... snipped ...]

6 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_checkout_into_subdir_without_existing_parent (test.test_hg.HGClientTest) 
... updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_checkout_specific_version_and_update (test.test_hg.HGClientTest) ... 
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_current_version_label (test.test_hg.HGClientTest) ... updating to 
branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 5 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
5 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_environment_metadata (test.test_hg.HGClientTest) ... ok
test_get_remote_version (test.test_hg.HGClientTest) ... updating to branch 
default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
abort: destination '/tmp/tmp18ac112f/local' is not empty
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_type_name (test.test_hg.HGClientTest) ... ok
test_get_url_by_reading (test.test_hg.HGClientTest) ... updating to branch 
default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_url_nonexistant (test.test_hg.HGClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
testStatusUntracked (test.test_hg.HGDiffStatClientTest) ... ok
test_diff (test.test_hg.HGDiffStatClientTest) ... ok
test_diff_relpath (test.test_hg.HGDiffStatClientTest) ... ok
test_get_version_modified (test.test_hg.HGDiffStatClientTest) ... ok
test_hg_diff_path_change_None (test.test_hg.HGDiffStatClientTest) ... ok
test_status (test.test_hg.HGDiffStatClientTest) ... ok
test_status_relpath (test.test_hg.HGDiffStatClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
test_export_repository (test.test_hg.HGExportRepositoryClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
test_get_branches (test.test_hg.HGGetBranchesClientTest) ...

Bug#1070952: ros-vcstools: FTBFS in bullseye


Hi Santiago,

thanks for the report. This seems to be due to git 1:2.30.2-1+deb11u1 as 
it works with the version before (1:2.30.2-1). Give that it is a 
security fix and a testing only problem that could worked around easily, 
I would leave this as is.


Cheers Jochen

* Santiago Vila  [2024-05-11 21:53]:

Package: src:ros-vcstools
Version: 0.1.42-3
Severity: serious
Control: close -1 0.1.42-7
Tags: ftbfs bullseye

Dear maintainer:

During a rebuild of all packages in bullseye, your package failed to build:


[...]
debian/rules binary
dh binary --with python3 --buildsystem=pybuild
  dh_update_autotools_config -O--buildsystem=pybuild
  dh_autoreconf -O--buildsystem=pybuild
  dh_auto_configure -O--buildsystem=pybuild
I: pybuild base:232: python3.9 setup.py config
/<>/setup.py:3: DeprecationWarning: the imp module is deprecated 
in favour of importlib; see the module's documentation for alternative uses
 import imp
running config
  dh_auto_build -O--buildsystem=pybuild
I: pybuild base:232: /usr/bin/python3 setup.py build
/<>/setup.py:3: DeprecationWarning: the imp module is deprecated 
in favour of importlib; see the module's documentation for alternative uses
 import imp

[... snipped ...]

6 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_checkout_into_subdir_without_existing_parent (test.test_hg.HGClientTest) 
... updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_checkout_specific_version_and_update (test.test_hg.HGClientTest) ... 
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 2 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
2 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_current_version_label (test.test_hg.HGClientTest) ... updating to 
branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 5 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
5 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_environment_metadata (test.test_hg.HGClientTest) ... ok
test_get_remote_version (test.test_hg.HGClientTest) ... updating to branch 
default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
abort: destination '/tmp/tmp18ac112f/local' is not empty
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
pulling from /tmp/tmp18ac112f/remote
searching for changes
no changes found
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_type_name (test.test_hg.HGClientTest) ... ok
test_get_url_by_reading (test.test_hg.HGClientTest) ... updating to branch 
default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
ok
test_get_url_nonexistant (test.test_hg.HGClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
testStatusUntracked (test.test_hg.HGDiffStatClientTest) ... ok
test_diff (test.test_hg.HGDiffStatClientTest) ... ok
test_diff_relpath (test.test_hg.HGDiffStatClientTest) ... ok
test_get_version_modified (test.test_hg.HGDiffStatClientTest) ... ok
test_hg_diff_path_change_None (test.test_hg.HGDiffStatClientTest) ... ok
test_status (test.test_hg.HGDiffStatClientTest) ... ok
test_status_relpath (test.test_hg.HGDiffStatClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
test_export_repository (test.test_hg.HGExportRepositoryClientTest) ... ok
marked working directory as branch test_branch
(branches are permanent and global, did you want a bookmark?)
updating to branch default
6 files updated, 0 files merged, 0 files removed, 0 files unresolved
test_get_branches (test.test_hg.HGGetBranchesClientTest) ...

Bug#1070973: Please add a include_optional to /etc/mpd.conf

Package: mpd
Version: 0.23.14-2+b2
Severity: wishlist
Tags: patch

Hi,

can you please add a include_optional to simplify local modifications?

Something like this should do:

echo 'include_optional "mpd_local.conf"' >> debian/mpd.conf

Thanks!

Jochen

[Qt-creator] Unclear requirement in setting "Skip clean whitespace for file types"

2024-05-09 Thread Jochen Becher via Qt-creator

Hi,

I wondered why "Skip clean whitespace for file types" does not work: If
I edit a makefile named "Makefile" the tabs are still translated to
spaces on save.

There seems to be some unclear requirements here: the label of the
checkbox is "Skip clean whitespace for file types" but the
implementation names this checkbox "skipTrailingWhitespace" and this is
really the implemented functionality.

I would like to fix that. Renaming the label to "Skip removing trailing
whitespaces for file types" doesn't make much sense to me. I would
prefer renaming the checkbox to "skipCleanupWhitespaceForFileTypes" and
implement it that way.

I could also add another checkbox "skipTrailingWhitespace" with that
label but no text edit box for specific file types.

On the long term, most of the TextEditor settings should be mappable to
user selectable file types.

What do you think?

-- 
Qt-creator mailing list
Qt-creator@qt-project.org
https://lists.qt-project.org/listinfo/qt-creator

Bug#1070332: Wont fix

2024-05-06 Thread Jochen Sprickerhof


Hi Thomas,

* Thomas Goirand  [2024-05-06 08:21]:
I already explained this: I am *NOT* interested in addressing this 
type of failure. Designate is "OpenStack DNS as a Service", therefore, 
it is expected that it's going to check/use /etc/resolv.conf. If you 
carefully look at what's going on, you'll see that it's not even doing 
DNS queries to the outside, it's simply testing itself.


Removing the test would mean less Q/A, which is not desirable.
"Fixing" the test would mean more work, which isn't needed in this 
case (the package works perfectly).


Feel free to bug upstream and resolve it there if you think that's 
valuable, though I am of the opinion it's a loss of time.


Also, note that the package builds perfectly fine in the current 
buildd environment (and on my laptop's sbuild setup). If that was 
going to change, of course, I'd review my opinion. In the mean time, I 
see no point in this bug. Fix your build env...


Note that the buildds started switching to the unshare backend so the 
package will FTBFS soon.


Cheers Jochen


signature.asc
Description: PGP signature

Bug#1070436: autopkgtest-virt-schroot: error when using 'unshare --net' even though schroot allows this


Hi Richard,

* Richard Lewis  [2024-05-05 11:32]:

If i try and run tests that use 'unshare --net' with a
schroot backend they fail inside autopkgtest even though
this works in the schroot being used.

This works fine in a 'plain schroot' (I expect i allowed
the calling user to run the schroot as root in the schroot
in /etc/schroot):

$ schroot --chroot chroot:unstable-amd64-sbuild --directory / --user root -- 
unshare --net --map-root-user ls
bin  boot  build  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  
sbin  srv  sys  tmp  usr  var


I can't reproduce this. Testing in a fresh debvm:

$ debvm-create --size=2G --release=stable -- \
--include=sbuild,schroot,debootstrap,autopkgtest \
--hook-dir=/usr/share/mmdebstrap/hooks/useradd
$ debvm-run
# echo "inside debvm"
# sbuild-createchroot unstable /srv/chroot/unstable-amd64-sbuild \
http://deb.debian.org/debian
# sbuild-adduser user
# su - user
$ schroot --chroot chroot:unstable-amd64-sbuild --directory / --user root -- 
unshare --net --map-root-user ls
unshare: unshare failed: Operation not permitted

Do you have any idea why it works for you?


But if i have an autopkgtest with eg a debian/tests/control with

Test-Command: unshare --map-root-user --net ./debian/tests/foo
Depends: @
Features: test-name=foo
Restrictions: needs-root


This looks odd. If you only want to unshare the network, as stated in 
the bug title, you neither need --map-root-user nor needs-root. Indeed 
dropping both makes it work for me. Can you give some background what 
you actually want to do here?



then even adding '--user root' doesnt work:

$ /usr/bin/autopkgtest package.changes --user root -- schroot 
unstable-amd64-sbuild


I guess this is due to autopkgtest-virt-schroot starts an schroot 
session but I can't verify without reproducing your example without a 
session.



i get errors like

unshare: unshare failed: Operation not permitted


This maps to unshare(2) returning EPERM. From the manpage:

| CLONE_NEWUSER was specified in flags and the caller is in a chroot 
| environment (i.e., the caller's root directory does not match the root 
| directory of the mount namespace in which it resides).


I think this is what happens here.

Over all I think using unshare --map-root-user in 
autopkgtest-virt-schroot is not supported and I don't think there is a 
way around that except using a different autopkgtest backend.


Cheers Jochen


signature.asc
Description: PGP signature

Bug#1070415: runc fails to build as a normal user due to cgroups access

Source: runc
Version: 1.1.12+ds1-2
Severity: important
X-Debbugs-Cc: debian-wb-team@lists.debian.org
Usertags: unshare

Hi,

runc tries to write cgroups files during the build which fails as a
normal user:

=== RUN   TestDevicesSetAllow
--- FAIL: TestDevicesSetAllow (0.00s)
panic: runtime error: index out of range [0] with length 0 [recovered]
panic: runtime error: index out of range [0] with length 0

goroutine 63 [running]:
testing.tRunner.func1.2({0x5e12c0, 0xc0001ed2c0})
/usr/lib/go-1.22/src/testing/testing.go:1631 +0x24a
testing.tRunner.func1()
/usr/lib/go-1.22/src/testing/testing.go:1634 +0x377
panic({0x5e12c0?, 0xc0001ed2c0?})
/usr/lib/go-1.22/src/runtime/panic.go:770 +0x132
github.com/opencontainers/runc/libcontainer/cgroups/fs.TestDevicesSetAllow(0xc0001fcd00)

/<>/_build/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices_test.go:42
 +0x45e
testing.tRunner(0xc0001fcd00, 0x607748)
/usr/lib/go-1.22/src/testing/testing.go:1689 +0xfb
created by testing.(*T).Run in goroutine 1
/usr/lib/go-1.22/src/testing/testing.go:1742 +0x390
FAILgithub.com/opencontainers/runc/libcontainer/cgroups/fs  0.044s


https://salsa.debian.org/go-team/packages/runc/-/blob/debian/1.1.5+ds1-1/libcontainer/cgroups/fs/devices_test.go?ref_type=tags#L42

This also fails with the sbuild unshare backend.

Cheers Jochen

Bug#1070415: runc fails to build as a normal user due to cgroups access

Source: runc
Version: 1.1.12+ds1-2
Severity: important
X-Debbugs-Cc: debian-wb-t...@lists.debian.org
Usertags: unshare

Hi,

runc tries to write cgroups files during the build which fails as a
normal user:

=== RUN   TestDevicesSetAllow
--- FAIL: TestDevicesSetAllow (0.00s)
panic: runtime error: index out of range [0] with length 0 [recovered]
panic: runtime error: index out of range [0] with length 0

goroutine 63 [running]:
testing.tRunner.func1.2({0x5e12c0, 0xc0001ed2c0})
/usr/lib/go-1.22/src/testing/testing.go:1631 +0x24a
testing.tRunner.func1()
/usr/lib/go-1.22/src/testing/testing.go:1634 +0x377
panic({0x5e12c0?, 0xc0001ed2c0?})
/usr/lib/go-1.22/src/runtime/panic.go:770 +0x132
github.com/opencontainers/runc/libcontainer/cgroups/fs.TestDevicesSetAllow(0xc0001fcd00)

/<>/_build/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices_test.go:42
 +0x45e
testing.tRunner(0xc0001fcd00, 0x607748)
/usr/lib/go-1.22/src/testing/testing.go:1689 +0xfb
created by testing.(*T).Run in goroutine 1
/usr/lib/go-1.22/src/testing/testing.go:1742 +0x390
FAILgithub.com/opencontainers/runc/libcontainer/cgroups/fs  0.044s


https://salsa.debian.org/go-team/packages/runc/-/blob/debian/1.1.5+ds1-1/libcontainer/cgroups/fs/devices_test.go?ref_type=tags#L42

This also fails with the sbuild unshare backend.

Cheers Jochen

Bug#1070414: fails to build when not build inside schroot

Source: kel-agent
Version: 0.4.6-2
Severity: important
X-Debbugs-Cc: debian-wb-team@lists.debian.org
Usertags: unshare

Hi,

kel-agent hard codes to skip a test when build inside schroot:

https://sources.debian.org/src/kel-agent/0.4.6-2/integration/suite_test.go/#L27

But the test also fails in other environments for me, for example as a
local user or in the sbuild unshare backend. Please either fix or
disable the test.

Cheers Jochen

Bug#1070414: fails to build when not build inside schroot

Source: kel-agent
Version: 0.4.6-2
Severity: important
X-Debbugs-Cc: debian-wb-t...@lists.debian.org
Usertags: unshare

Hi,

kel-agent hard codes to skip a test when build inside schroot:

https://sources.debian.org/src/kel-agent/0.4.6-2/integration/suite_test.go/#L27

But the test also fails in other environments for me, for example as a
local user or in the sbuild unshare backend. Please either fix or
disable the test.

Cheers Jochen

Bug#1070413: sogo fails to build when test succeeds

Source: sogo
Version: 5.10.0-2
Severity: important

Hi,

the sogo package contains a patch that hard coded the number of failing
tests to two:

https://sources.debian.org/src/sogo/5.10.0-2/debian/patches/0006-Update-unit-test-expected-failures.patch/

This makes the package FTBFS when more tests succeeds, for example in a
local build or in sbuild with the unshare backend. Please drop this
patch and fix or disable the failing tests instead.

Cheers Jochen

Bug#1070412: Fails to build due to hard coded OS platform

Source: golang-github-kardianos-service
Version: 1.2.0-2
Severity: important
X-Debbugs-Cc: debian-wb-team@lists.debian.org
Usertags: unshare

Hi,

golang-github-kardianos-service fails to build when it can't detect the
OS platform:

=== RUN   TestPlatformName
name_test.go:15: Platform is unix-systemv
name_test.go:18: Platform() want: /^linux-.*$/, got: unix-systemv
--- FAIL: TestPlatformName (0.00s)


This happens for example in the sbuild unshare bachend.

The problem is that in the test:

https://sources.debian.org/src/golang-github-kardianos-service/1.2.1-1/name_test.go/?hl=13#L13

runtime.GOOS is hard coded to linux.

Cheers Jochen

Bug#1070412: Fails to build due to hard coded OS platform

Source: golang-github-kardianos-service
Version: 1.2.0-2
Severity: important
X-Debbugs-Cc: debian-wb-t...@lists.debian.org
Usertags: unshare

Hi,

golang-github-kardianos-service fails to build when it can't detect the
OS platform:

=== RUN   TestPlatformName
name_test.go:15: Platform is unix-systemv
name_test.go:18: Platform() want: /^linux-.*$/, got: unix-systemv
--- FAIL: TestPlatformName (0.00s)


This happens for example in the sbuild unshare bachend.

The problem is that in the test:

https://sources.debian.org/src/golang-github-kardianos-service/1.2.1-1/name_test.go/?hl=13#L13

runtime.GOOS is hard coded to linux.

Cheers Jochen

Bug#1070411: containerd fails to build as a normal user due to sysctl

Source: containerd
Version: 1.6.20~ds1-1
Severity: important
X-Debbugs-Cc: debian-wb-team@lists.debian.org
Usertags: unshare

Hi,

containerd uses sysctl during the build which fails as a normal user:

=== RUN   TestLinuxSandboxContainerSpec
sandbox_run_linux_test.go:241: TestCase "spec should reflect original 
config"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:124:
Error Trace:
/<>/_build/src/github.com/containerd/containerd/pkg/cri/server/sandbox_run_linux_test.go:124

/<>/_build/src/github.com/containerd/containerd/pkg/cri/server/sandbox_run_linux_test.go:259
Error:  "" does not contain "0 2147483647"
Test:   TestLinuxSandboxContainerSpec
sandbox_run_linux_test.go:241: TestCase "host namespace"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "should set supplemental groups 
correctly"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "should overwrite default sysctls"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "sandbox sizing annotations should 
be set if LinuxContainerResources were provided"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "sandbox sizing annotations should 
not be set if LinuxContainerResources were not provided"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "sandbox sizing annotations are 
zero if the resources are set to 0"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
--- FAIL: TestLinuxSandboxContainerSpec (0.00s)

https://salsa.debian.org/go-team/packages/containerd/-/blob/debian/sid/pkg/cri/server/sandbox_run_linux_test.go#L124

This make the build fail for example in the sbuild unshare backend.

Cheers Jochen

Bug#1070411: containerd fails to build as a normal user due to sysctl

Source: containerd
Version: 1.6.20~ds1-1
Severity: important
X-Debbugs-Cc: debian-wb-t...@lists.debian.org
Usertags: unshare

Hi,

containerd uses sysctl during the build which fails as a normal user:

=== RUN   TestLinuxSandboxContainerSpec
sandbox_run_linux_test.go:241: TestCase "spec should reflect original 
config"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:124:
Error Trace:
/<>/_build/src/github.com/containerd/containerd/pkg/cri/server/sandbox_run_linux_test.go:124

/<>/_build/src/github.com/containerd/containerd/pkg/cri/server/sandbox_run_linux_test.go:259
Error:  "" does not contain "0 2147483647"
Test:   TestLinuxSandboxContainerSpec
sandbox_run_linux_test.go:241: TestCase "host namespace"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "should set supplemental groups 
correctly"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "should overwrite default sysctls"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "sandbox sizing annotations should 
be set if LinuxContainerResources were provided"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "sandbox sizing annotations should 
not be set if LinuxContainerResources were not provided"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
sandbox_run_linux_test.go:241: TestCase "sandbox sizing annotations are 
zero if the resources are set to 0"
sandbox_run_linux_test.go:71: Check PodSandbox annotations
--- FAIL: TestLinuxSandboxContainerSpec (0.00s)

https://salsa.debian.org/go-team/packages/containerd/-/blob/debian/sid/pkg/cri/server/sandbox_run_linux_test.go#L124

This make the build fail for example in the sbuild unshare backend.

Cheers Jochen

Bug#1070410: golang-github-pion-webrtc.v3 accesses the internet during build

Source: golang-github-pion-webrtc.v3
Version: 3.1.56-2
Severity: serious
Justification: Policy 4.9
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

golang-github-pion-webrtc.v3 attempts network access during build.
This is forbidden by Policy 4.9:

  For packages in the main archive, required targets must not attempt
  network access, except, via the loopback interface, to services on the
  build host that have been started by the build.

This can be tested with the sbuild unshare backend:

=== NAME  TestDataChannelParamters_Go
util.go:41: Unexpected routines on test end:
goroutine 34 [select]:

github.com/pion/interceptor/pkg/nack.(*GeneratorInterceptor).loop(0xc240a0, 
{0x9f4b80, 0xc3ec30})

/<>/_build/src/github.com/pion/interceptor/pkg/nack/generator_interceptor.go:139
 +0x12d
created by 
github.com/pion/interceptor/pkg/nack.(*GeneratorInterceptor).BindRTCPWriter in 
goroutine 16

/<>/_build/src/github.com/pion/interceptor/pkg/nack/generator_interceptor.go:74
 +0x115

goroutine 35 [select]:

github.com/pion/interceptor/pkg/report.(*ReceiverInterceptor).loop(0xc0001303c0,
 {0x9f4b80, 0xc3ec30})

/<>/_build/src/github.com/pion/interceptor/pkg/report/receiver_interceptor.go:97
 +0x19c
created by 
github.com/pion/interceptor/pkg/report.(*ReceiverInterceptor).BindRTCPWriter in 
goroutine 16

/<>/_build/src/github.com/pion/interceptor/pkg/report/receiver_interceptor.go:86
 +0x115

goroutine 36 [select]:

github.com/pion/interceptor/pkg/report.(*SenderInterceptor).loop(0xc000130420, 
{0x9f4b80, 0xc3ec30})

/<>/_build/src/github.com/pion/interceptor/pkg/report/sender_interceptor.go:98
 +0x19c
created by 
github.com/pion/interceptor/pkg/report.(*SenderInterceptor).BindRTCPWriter in 
goroutine 16

/<>/_build/src/github.com/pion/interceptor/pkg/report/sender_interceptor.go:87
 +0x115

[...]

Cheers Jochen

Bug#1070410: golang-github-pion-webrtc.v3 accesses the internet during build

Source: golang-github-pion-webrtc.v3
Version: 3.1.56-2
Severity: serious
Justification: Policy 4.9
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

golang-github-pion-webrtc.v3 attempts network access during build.
This is forbidden by Policy 4.9:

  For packages in the main archive, required targets must not attempt
  network access, except, via the loopback interface, to services on the
  build host that have been started by the build.

This can be tested with the sbuild unshare backend:

=== NAME  TestDataChannelParamters_Go
util.go:41: Unexpected routines on test end:
goroutine 34 [select]:

github.com/pion/interceptor/pkg/nack.(*GeneratorInterceptor).loop(0xc240a0, 
{0x9f4b80, 0xc3ec30})

/<>/_build/src/github.com/pion/interceptor/pkg/nack/generator_interceptor.go:139
 +0x12d
created by 
github.com/pion/interceptor/pkg/nack.(*GeneratorInterceptor).BindRTCPWriter in 
goroutine 16

/<>/_build/src/github.com/pion/interceptor/pkg/nack/generator_interceptor.go:74
 +0x115

goroutine 35 [select]:

github.com/pion/interceptor/pkg/report.(*ReceiverInterceptor).loop(0xc0001303c0,
 {0x9f4b80, 0xc3ec30})

/<>/_build/src/github.com/pion/interceptor/pkg/report/receiver_interceptor.go:97
 +0x19c
created by 
github.com/pion/interceptor/pkg/report.(*ReceiverInterceptor).BindRTCPWriter in 
goroutine 16

/<>/_build/src/github.com/pion/interceptor/pkg/report/receiver_interceptor.go:86
 +0x115

goroutine 36 [select]:

github.com/pion/interceptor/pkg/report.(*SenderInterceptor).loop(0xc000130420, 
{0x9f4b80, 0xc3ec30})

/<>/_build/src/github.com/pion/interceptor/pkg/report/sender_interceptor.go:98
 +0x19c
created by 
github.com/pion/interceptor/pkg/report.(*SenderInterceptor).BindRTCPWriter in 
goroutine 16

/<>/_build/src/github.com/pion/interceptor/pkg/report/sender_interceptor.go:87
 +0x115

[...]

Cheers Jochen

Bug#1070409: golang-github-pion-ice.v2: accesses the internet during build

v2/transport_test.go:219
#   0x746424
github.com/pion/ice/v2.TestConnectionStateCallback+0x344
/<>/_build/src/github.com/pion/ice/v2/agent_test.go:653
#   0x4fa01atesting.tRunner+0xfa
/usr/lib/go-1.22/src/testing/testing.go:1689

1 @ 0x43f36e 0x4510c5 0x73a965 0x766d45 0x766d46 0x476061
#   0x73a964github.com/pion/ice/v2.(*Agent).connect+0x124   
/<>/_build/src/github.com/pion/ice/v2/transport.go:53
#   0x766d44github.com/pion/ice/v2.(*Agent).Accept+0x64 
/<>/_build/src/github.com/pion/ice/v2/transport.go:21
#   0x766d45github.com/pion/ice/v2.connect.func1+0x65   
/<>/_build/src/github.com/pion/ice/v2/transport_test.go:213

panic: timeout

goroutine 195 [running]:
github.com/pion/ice/v2.TestConnectionStateCallback.TimeOut.func2()
/<>/_build/src/github.com/pion/transport/test/util.go:24 
+0x8c
created by time.goFunc
/usr/lib/go-1.22/src/time/sleep.go:177 +0x2d
FAILgithub.com/pion/ice/v2  8.728s

Cheers Jochen

Bug#1070409: golang-github-pion-ice.v2: accesses the internet during build

v2/transport_test.go:219
#   0x746424
github.com/pion/ice/v2.TestConnectionStateCallback+0x344
/<>/_build/src/github.com/pion/ice/v2/agent_test.go:653
#   0x4fa01atesting.tRunner+0xfa
/usr/lib/go-1.22/src/testing/testing.go:1689

1 @ 0x43f36e 0x4510c5 0x73a965 0x766d45 0x766d46 0x476061
#   0x73a964github.com/pion/ice/v2.(*Agent).connect+0x124   
/<>/_build/src/github.com/pion/ice/v2/transport.go:53
#   0x766d44github.com/pion/ice/v2.(*Agent).Accept+0x64 
/<>/_build/src/github.com/pion/ice/v2/transport.go:21
#   0x766d45github.com/pion/ice/v2.connect.func1+0x65   
/<>/_build/src/github.com/pion/ice/v2/transport_test.go:213

panic: timeout

goroutine 195 [running]:
github.com/pion/ice/v2.TestConnectionStateCallback.TimeOut.func2()
/<>/_build/src/github.com/pion/transport/test/util.go:24 
+0x8c
created by time.goFunc
/usr/lib/go-1.22/src/time/sleep.go:177 +0x2d
FAILgithub.com/pion/ice/v2  8.728s

Cheers Jochen

Bug#1070334: libnet-frame-device-perl needs network access during build

Source: libnet-frame-device-perl
Version: 1.12-1
Severity: serious
Justification: Policy 4.9
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

libnet-frame-device-perl fails to build with no network connection:

1..1
# Running under perl version 5.038002 for linux
# Current time local: Sat Apr 27 12:53:04 2024
# Current time GMT:   Sat Apr 27 12:53:04 2024
# Using Test.pm version 1.31
ok 1 # skip Test::Pod 1.00 required for testing
ok
Net::Frame::Device: updateFromDefault: unable to get dnet

This can be tested with the sbuild unshare backend.

Cheers Jochen

Bug#1070334: libnet-frame-device-perl needs network access during build

Source: libnet-frame-device-perl
Version: 1.12-1
Severity: serious
Justification: Policy 4.9
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

libnet-frame-device-perl fails to build with no network connection:

1..1
# Running under perl version 5.038002 for linux
# Current time local: Sat Apr 27 12:53:04 2024
# Current time GMT:   Sat Apr 27 12:53:04 2024
# Using Test.pm version 1.31
ok 1 # skip Test::Pod 1.00 required for testing
ok
Net::Frame::Device: updateFromDefault: unable to get dnet

This can be tested with the sbuild unshare backend.

Cheers Jochen

Bug#1070333: python-eventlet fails to build with an empty /etc/resolv.conf

Source: python-eventlet
Version: 0.35.1-1
Severity: normal
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

python-eventlet fails to build with no nameserver specified in
/etc/resolv.conf:

=== FAILURES ===
_ TestProxyResolver.test_clear _

self = 

def test_clear(self):
rp = greendns.ResolverProxy()
assert rp._cached_resolver is None
>   resolver = rp._resolver

tests/greendns_test.py:304:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
eventlet/support/greendns.py:347: in _resolver
self.clear()
eventlet/support/greendns.py:355: in clear
self._resolver = dns.resolver.Resolver(filename=self._filename)
/usr/lib/python3/dist-packages/dns/resolver.py:944: in __init__
self.read_resolv_conf(filename)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = 
f = <_io.TextIOWrapper name='/etc/resolv.conf' mode='r' encoding='UTF-8'>

def read_resolv_conf(self, f: Any) -> None:
"""Process *f* as a file in the /etc/resolv.conf format.  If f is
a ``str``, it is used as the name of the file to open; otherwise it
is treated as the file itself.

Interprets the following items:

- nameserver - name server IP address

- domain - local domain name

- search - search list for host-name lookup

- options - supported options are rotate, timeout, edns0, and ndots

"""

nameservers = []
if isinstance(f, str):
try:
cm: contextlib.AbstractContextManager = open(f)
except OSError:
# /etc/resolv.conf doesn't exist, can't be read, etc.
raise NoResolverConfiguration(f"cannot open {f}")
else:
cm = contextlib.nullcontext(f)
with cm as f:
for l in f:
if len(l) == 0 or l[0] == "#" or l[0] == ";":
continue
tokens = l.split()

# Any line containing less than 2 tokens is malformed
if len(tokens) < 2:
continue

if tokens[0] == "nameserver":
nameservers.append(tokens[1])
elif tokens[0] == "domain":
self.domain = dns.name.from_text(tokens[1])
# domain and search are exclusive
self.search = []
elif tokens[0] == "search":
# the last search wins
self.search = []
for suffix in tokens[1:]:
self.search.append(dns.name.from_text(suffix))
# We don't set domain as it is not used if
# len(self.search) > 0
   elif tokens[0] == "options":
for opt in tokens[1:]:
if opt == "rotate":
self.rotate = True
elif opt == "edns0":
self.use_edns()
elif "timeout" in opt:
try:
self.timeout = int(opt.split(":")[1])
except (ValueError, IndexError):
pass
elif "ndots" in opt:
try:
self.ndots = int(opt.split(":")[1])
except (ValueError, IndexError):
pass
if len(nameservers) == 0:
>   raise NoResolverConfiguration("no nameservers")
E   dns.resolver.NoResolverConfiguration: no nameservers

/usr/lib/python3/dist-packages/dns/resolver.py:1038: NoResolverConfiguration


This fails in sbuild with the unshare backend.

Cheers Jochen

Bug#1070332: designate fails to build with no nameserver specified in /etc/resolv.conf

Source: designate
Version: 1:18.0.0-1
Severity: normal
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

designate fails to build with no nameserver specified in
/etc/resolv.conf:

==
FAIL: designate.tests.unit.mdns.test_handler.MdnsHandleTest.test_notify
designate.tests.unit.mdns.test_handler.MdnsHandleTest.test_notify
--
testtools.testresult.real._StringException: Traceback (most recent call last):
  File "/usr/lib/python3.12/unittest/mock.py", line 1390, in patched
return func(*newargs, **newkeywargs)
   ^
  File "/<>/designate/tests/unit/mdns/test_handler.py", line 79, 
in test_notify
self.assertEqual(dns.rcode.NOERROR, tuple(response)[0].rcode())
^^^
  File "/<>/designate/mdns/handler.py", line 142, in _handle_notify
resolver = dns.resolver.Resolver()
   ^^^
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 944, in __init__
self.read_resolv_conf(filename)
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1038, in 
read_resolv_conf
raise NoResolverConfiguration("no nameservers")
dns.resolver.NoResolverConfiguration: no nameservers


This fails in sbuild with the unshare backend. Please disable the
failing tests:

designate.tests.unit.mdns.test_handler.MdnsHandleTest.test_notify
designate.tests.unit.mdns.test_handler.MdnsHandleTest.test_notify_same_serial

Cheers Jochen

Bug#1070325: fails to build without a non local IP

Source: servefile
Version: 0.5.4-3
Severity: normal
Tags: patch
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

servefile fails to build when self.getIPs() does not return an IP:

Traceback (most recent call last):
  File "", line 198, in _run_module_as_main
  File "", line 88, in _run_code
  File 
"/<>/.pybuild/cpython3_3.12_servefile/build/servefile/__main__.py",
 line 3, in 
servefile.main()
  File 
"/<>/.pybuild/cpython3_3.12_servefile/build/servefile/servefile.py",
 line 1289, in main
server.serve()
  File 
"/<>/.pybuild/cpython3_3.12_servefile/build/servefile/servefile.py",
 line 1008, in serve
self.server.append(self._createServer(self.handler))
   
  File 
"/<>/.pybuild/cpython3_3.12_servefile/build/servefile/servefile.py",
 line 982, in _createServer
self.genKeyPair()
  File 
"/<>/.pybuild/cpython3_3.12_servefile/build/servefile/servefile.py",
 line 927, in genKeyPair
for ip in self.getIPs() + ["127.0.0.1", "::1"]:
  ~~^~
TypeError: unsupported operand type(s) for +: 'NoneType' and 'list'


This fails in sbuild with the unshare backend. A simple fix would be:

--- servefile-0.5.4.orig/servefile/servefile.py
+++ servefile-0.5.4/servefile/servefile.py
@@ -890,7 +890,7 @@ class ServeFile():
 ips = [ip for ip in ips if ':' in ip]

 return ips
-return None
+return []

 def setSSLKeys(self, cert, key):
 """ Set SSL cert/key. Can be either path to file or pyopenssl 
X509/PKey object. """


Cheers Jochen

Bug#1070324: fails to build when no local ssh server is running

Source: python-scrapli
Version: 2023.7.30-2
Severity: normal
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

python-scrapli has a test that tries to connect to localhost port 22:

https://sources.debian.org/src/python-scrapli/2023.7.30-2/tests/unit/transport/base/test_base_socket.py/#L6

This fails in sbuild with the unshare backend:


=== FAILURES ===
 test_socket_open_close_isalive 

self = 
socket_address_families = {}

def _connect(self, socket_address_families: Set["socket.AddressFamily"]) -> 
None:
"""
Try to open socket to host using all possible address families

It seems that very occasionally when resolving a hostname (i.e. 
localhost during functional
tests against vrouter devices), a v6 address family will be the first 
af the socket
getaddrinfo returns, in this case, because the qemu hostfwd is not 
listening on ::1, instead
only listening on 127.0.0.1 the connection will fail. Presumably this 
is something that can
happen in real life too... something gets resolved with a v6 address 
but is denying
connections or just not listening on that ipv6 address. This little 
connect wrapper is
intended to deal with these weird scenarios.

Args:
socket_address_families: set of address families available for the 
provided host
really only should ever be v4 AND v6 if providing a hostname 
that resolves with
both addresses, otherwise if you just provide a v4/v6 address 
it will just be a
single address family for that type of address

Returns:
None

Raises:
ScrapliConnectionNotOpened: if socket refuses connection on all 
address families
ScrapliConnectionNotOpened: if socket connection times out on all 
address families

"""
for address_family_index, address_family in 
enumerate(socket_address_families, start=1):
self.sock = socket.socket(address_family, socket.SOCK_STREAM)
self.sock.settimeout(self.timeout)

try:
>   self.sock.connect((self.host, self.port))
E   ConnectionRefusedError: [Errno 111] Connection refused

scrapli/transport/base/base_socket.py:82: ConnectionRefusedError

The above exception was the direct cause of the following exception:

socket_transport = 

def test_socket_open_close_isalive(socket_transport):
"""Test socket initialization/opening"""
assert socket_transport.host == "localhost"
assert socket_transport.port == 22
assert socket_transport.timeout == 10.0

>   socket_transport.open()


Please disable those tests tests:

tests/unit/transport/base/test_base_socket.py::test_socket_open_close_isalive
tests/unit/transport/base/test_base_socket.py::test_socket_bool

Cheers Jochen

Bug#1070319: fails to build without a non lo IP address

Source: google-guest-agent
Version: 2026.00-6
Severity: normal
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

google-guest-agent has a test that depends on having an IP address
available in the build environment:

https://sources.debian.org/src/google-guest-agent/2026.00-6/google_guest_agent/wsfc_test.go/#L206

This fails in sbuild with the unshare backend:

=== RUN   TestWsfcRunAgentE2E
wsfc_test.go:207: health check failed with , got = , want 1
wsfc_test.go:209: EOF
--- FAIL: TestWsfcRunAgentE2E (1.00s)

Cheers Jochen

Bug#1070317: fails to build without a non lo IP address


* Jochen Sprickerhof  [2024-05-03 18:55]:

This fails in sbuild with the chroot backend:


I mean the unshare backend.


signature.asc
Description: PGP signature

Bug#1070319: fails to build without a non lo IP address

Source: google-guest-agent
Version: 2026.00-6
Severity: normal
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org

Hi,

google-guest-agent has a test that depends on having an IP address
available in the build environment:

https://sources.debian.org/src/google-guest-agent/2026.00-6/google_guest_agent/wsfc_test.go/#L206

This fails in sbuild with the unshare backend:

=== RUN   TestWsfcRunAgentE2E
wsfc_test.go:207: health check failed with , got = , want 1
wsfc_test.go:209: EOF
--- FAIL: TestWsfcRunAgentE2E (1.00s)

Cheers Jochen

Bug#1070317: fails to build without a non lo IP address

Source: golang-github-likexian-gokit
Version: 0.25.9-3
Severity: normal
X-Debbugs-Cc: d...@debian.org, wb-t...@buildd.debian.org
Control: affects -1 buildd.debian.org


Hi,

golang-github-likexian-gokit has a test that depends on having an IP
address available in the build environment:

https://sources.debian.org/src/golang-github-likexian-gokit/0.25.9-3/xip/xip_test.go/#L213

This fails in sbuild with the chroot backend:

=== RUN   TestGetEthIPv4
assert.go:197: 
/<>/obj-x86_64-linux-gnu/src/github.com/likexian/gokit/xip/xip_test.go:213
assert.go:172: ! expected true, but got false
--- FAIL: TestGetEthIPv4 (0.00s)

Cheers Jochen

Re: Vulnerability in dropwizard-client

2024-04-29 Thread Jochen Schalanda

Hi Manuel,

Your dependency check is taking a sh*t on you and your valuable time. I would 
ditch it for something actually working.

For the record, Dropwizard 4.0.7 is not using any of the vulnerable versions of 
Apache HttpClient.

https://github.com/dropwizard/dropwizard/blob/v4.0.7/dropwizard-dependencies/pom.xml#L37-L38

The message mentions "metrics-httpclient5" which is an entirely different thing 
*and also not vulnerable*.

https://github.com/dropwizard/metrics/blob/v4.2.25/metrics-httpclient5/pom.xml#L21


Cheers,
Jochen

> Am 24.04.2024 um 14:38 schrieb 'Manuel Baden' via dropwizard-dev 
> :
> 
> Hello there,
> 
> i am using dropwizard (version 4.0.7) and when i run a dependency check it 
> shows the following (transitive) vulnerability:
> 
> metrics-httpclient5-4.2.25.jar 
> (pkg:maven/io.dropwizard.metrics/metrics-httpclient5@4.2.25, 
> cpe:2.3:a:apache:httpclient:4.2.25:*:*:*:*:*:*:*) : CVE-2014-3577, 
> CVE-2020-13956
> 
> Is this problem getting fixed?
> 
> Thank you for your help
> Manuel

-- 
You received this message because you are subscribed to the Google Groups 
"dropwizard-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dropwizard-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dropwizard-dev/546E5471-CB71-4840-9B25-7682F692EEAA%40schalanda.name.

[Freeipa-users] Fedora 40: new warning in ipa-healthckeck

2024-04-26 Thread Jochen Kellner via FreeIPA-users


Hi,

I've upgraded my freeipa server to Fedora 40 (the system was installed
several releases ago). After the upgrade I get the following new warning
from ipa-healthcheck:

  {
"source": "ipahealthcheck.ds.backends",
"check": "BackendsCheck",
"result": "WARNING",
"uuid": "875db8e3-029c-46f7-87e5-bf9a216d9637",
"when": "20240426184431Z",
"duration": "0.031642",
"kw": {
  "key": "DSBLE0005",
  "items": [
"nsslapd-dbcachesize",
"nsslapd-db-logdirectory",
"nsslapd-db-transaction-wait",
"nsslapd-db-checkpoint-interval",
"nsslapd-db-compactdb-interval",
"nsslapd-db-compactdb-time",
"nsslapd-db-transaction-batch-val",
"nsslapd-db-transaction-batch-min-wait",
"nsslapd-db-transaction-batch-max-wait",
"nsslapd-db-logbuf-size",
"nsslapd-db-page-size",
"nsslapd-db-locks",
"nsslapd-db-locks-monitoring-enabled",
"nsslapd-db-locks-monitoring-threshold",
"nsslapd-db-locks-monitoring-pause",
"nsslapd-db-private-import-mem",
"nsslapd-db-deadlock-policy"
  ],
  "msg": "Found configuration attributes that are not applicable for the 
configured backend type."
}
  },

According to
https://www.port389.org/docs/389ds/FAQ/Berkeley-DB-deprecation.html the
bdb backend is deprecated. The system was installed with
389-ds-base < 1.4.4.9-1.fc33.x86_64 (I see the upgrade to that version
in /var/log/dnf.rpm.log*. Since 3.0 new installations should use LMBD as
the backend. Is that true for new installations?

What is the desired action that I should take?

I can remove the options from the dirsrv configuration. Should I?

Shall I switch to lmdb manually? Or is that something that
ipa-server-upgrade should be doing?

Otherwise I can suppress the message in ipa-healthcheck for now. But I
guess I should fix my installation before the deprecated support really
gets dropped... Is deploying a new replica and decommisioning the old
server we the preferred action?

Jochen

-- 
This space is intentionally left blank.
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Bug#1069809: xhtml2pdf accesses network resources during the build

Source: xhtml2pdf
Version: 0.2.15+dfsg-1
Severity: serious
Tags: sid trixie ftbfs

xhtml2pdf accesses network resources during the build:

==
FAIL: test_document_cannot_identify_image 
(tests.test_document.DocumentTest.test_document_cannot_identify_image)
Test that images which cannot be identified don't cause stack trace to be 
printed
--
Traceback (most recent call last):
  File 
"/build/package/package/.pybuild/cpython3_3.11_xhtml2pdf/build/tests/test_document.py",
 line 189, in test_document_cannot_identify_image
self.assertEqual(
AssertionError: Lists differ: ['WAR[16 chars]ags:Could not get image data from 
src attribut[265 chars]>\''] != ['WAR[16 chars]ags:Cannot identify image 
file:\n\'\''

+ ['WARNING:xhtml2pdf.tags:Cannot identify image file:\n'
- ['WARNING:xhtml2pdf.tags:Could not get image data from src attribute: '
-  
'https://raw.githubusercontent.com/python-pillow/Pillow/7921da54a73dd4a30c23957369b79cda176005c6/Tests/images/zero_width.gif\n'
   "'https://raw.githubusercontent.com/python-pillow/Pillow/7921da54a73dd4a30c23957369b79cda176005c6/Tests/images/zero_width.gif"/>\'']

==
FAIL: test_document_with_broken_image 
(tests.test_document.DocumentTest.test_document_with_broken_image)
Test that broken images don't cause unhandled exception
--
Traceback (most recent call last):
  File 
"/build/package/package/.pybuild/cpython3_3.11_xhtml2pdf/build/tests/test_document.py",
 line 169, in test_document_with_broken_image
self.assertEqual(
AssertionError: Lists differ: [] != 
["WARNING:xhtml2pdf.xhtml2pdf_reportlab:SV[151 chars]ml'"]

Second list contains 1 additional elements.
First extra element 0:
"WARNING:xhtml2pdf.xhtml2pdf_reportlab:SVG drawing could not be resized: 
'https://raw.githubusercontent.com/xhtml2pdf/xhtml2pdf/b01b1d8f9497dedd0f2454409d03408bdeea997c/tests/samples/images.html'"

- []
+ ['WARNING:xhtml2pdf.xhtml2pdf_reportlab:SVG drawing could not be resized: '
+  
"'https://raw.githubusercontent.com/xhtml2pdf/xhtml2pdf/b01b1d8f9497dedd0f2454409d03408bdeea997c/tests/samples/images.html'"]

Bug#1069809: xhtml2pdf accesses network resources during the build

Source: xhtml2pdf
Version: 0.2.15+dfsg-1
Severity: serious
Tags: sid trixie ftbfs

xhtml2pdf accesses network resources during the build:

==
FAIL: test_document_cannot_identify_image 
(tests.test_document.DocumentTest.test_document_cannot_identify_image)
Test that images which cannot be identified don't cause stack trace to be 
printed
--
Traceback (most recent call last):
  File 
"/build/package/package/.pybuild/cpython3_3.11_xhtml2pdf/build/tests/test_document.py",
 line 189, in test_document_cannot_identify_image
self.assertEqual(
AssertionError: Lists differ: ['WAR[16 chars]ags:Could not get image data from 
src attribut[265 chars]>\''] != ['WAR[16 chars]ags:Cannot identify image 
file:\n\'\''

+ ['WARNING:xhtml2pdf.tags:Cannot identify image file:\n'
- ['WARNING:xhtml2pdf.tags:Could not get image data from src attribute: '
-  
'https://raw.githubusercontent.com/python-pillow/Pillow/7921da54a73dd4a30c23957369b79cda176005c6/Tests/images/zero_width.gif\n'
   "'https://raw.githubusercontent.com/python-pillow/Pillow/7921da54a73dd4a30c23957369b79cda176005c6/Tests/images/zero_width.gif"/>\'']

==
FAIL: test_document_with_broken_image 
(tests.test_document.DocumentTest.test_document_with_broken_image)
Test that broken images don't cause unhandled exception
--
Traceback (most recent call last):
  File 
"/build/package/package/.pybuild/cpython3_3.11_xhtml2pdf/build/tests/test_document.py",
 line 169, in test_document_with_broken_image
self.assertEqual(
AssertionError: Lists differ: [] != 
["WARNING:xhtml2pdf.xhtml2pdf_reportlab:SV[151 chars]ml'"]

Second list contains 1 additional elements.
First extra element 0:
"WARNING:xhtml2pdf.xhtml2pdf_reportlab:SVG drawing could not be resized: 
'https://raw.githubusercontent.com/xhtml2pdf/xhtml2pdf/b01b1d8f9497dedd0f2454409d03408bdeea997c/tests/samples/images.html'"

- []
+ ['WARNING:xhtml2pdf.xhtml2pdf_reportlab:SVG drawing could not be resized: '
+  
"'https://raw.githubusercontent.com/xhtml2pdf/xhtml2pdf/b01b1d8f9497dedd0f2454409d03408bdeea997c/tests/samples/images.html'"]

Bug#1069805: scikit-build tries pip install during build

Source: scikit-build
Version: 0.17.6-1
Severity: serious
Tags: trixie sid ftbfs

scikit-build accesses network resources during the build:

process = 
stdout = None, stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, 
**kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those 
attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture 
them,
or pass capture_output=True to capture both.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return 
code
in the returncode attribute, and output & stderr attributes if those 
streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin.  If you use this 
argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" 
should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings 
decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or 
universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be 
used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not 
None:
raise ValueError('stdout and stderr arguments may not be used '
 'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads.  communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except:  # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
>   raise CalledProcessError(retcode, process.args,
 output=stdout, stderr=stderr)
E   subprocess.CalledProcessError: Command '['/usr/bin/python3.12', 
'-m', 'pip', 'wheel', '--wheel-dir', 
'/tmp/pytest-of-jspricke/pytest-21/wheelhouse0', '/build/package/package']' 
returned non-zero exit status 1.

Bug#1069805: scikit-build tries pip install during build

Source: scikit-build
Version: 0.17.6-1
Severity: serious
Tags: trixie sid ftbfs

scikit-build accesses network resources during the build:

process = 
stdout = None, stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, 
**kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those 
attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture 
them,
or pass capture_output=True to capture both.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return 
code
in the returncode attribute, and output & stderr attributes if those 
streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin.  If you use this 
argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" 
should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings 
decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or 
universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be 
used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not 
None:
raise ValueError('stdout and stderr arguments may not be used '
 'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads.  communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except:  # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
>   raise CalledProcessError(retcode, process.args,
 output=stdout, stderr=stderr)
E   subprocess.CalledProcessError: Command '['/usr/bin/python3.12', 
'-m', 'pip', 'wheel', '--wheel-dir', 
'/tmp/pytest-of-jspricke/pytest-21/wheelhouse0', '/build/package/package']' 
returned non-zero exit status 1.

Bug#1069804: rust-mio-0.6 accesses network resources during the build

Source: rust-mio-0.6
Version: 0.6.23-3
Severity: serious
Tags: sid trixie ftbfs

rust-mio-0.6 accesses network resources during the build:

Test executable failed (exit status: 101).

stderr:
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { 
code: 101, kind: NetworkUnreachable, message: "Network is unreachable" }', 
src/sys/unix/ready.rs:22:16
stack backtrace:
   0: rust_begin_unwind
 at /usr/src/rustc-1.70.0/library/std/src/panicking.rs:578:5
   1: core::panicking::panic_fmt
 at /usr/src/rustc-1.70.0/library/core/src/panicking.rs:67:14
   2: core::result::unwrap_failed
 at /usr/src/rustc-1.70.0/library/core/src/result.rs:1687:5
   3: core::result::Result::unwrap
   4: rust_out::main
   5: core::ops::function::FnOnce::call_once
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose 
backtrace.



failures:
src/poll.rs - poll::Poll (line 267)
src/poll.rs - poll::Poll::deregister (line 877)
src/poll.rs - poll::Poll::register (line 735)
src/poll.rs - poll::Poll::reregister (line 820)
src/sys/unix/ready.rs - sys::unix::ready::UnixReady (line 66)

test result: FAILED. 74 passed; 5 failed; 0 ignored; 0 measured; 0 filtered 
out; finished in 4.37s

Bug#1069804: rust-mio-0.6 accesses network resources during the build

Source: rust-mio-0.6
Version: 0.6.23-3
Severity: serious
Tags: sid trixie ftbfs

rust-mio-0.6 accesses network resources during the build:

Test executable failed (exit status: 101).

stderr:
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { 
code: 101, kind: NetworkUnreachable, message: "Network is unreachable" }', 
src/sys/unix/ready.rs:22:16
stack backtrace:
   0: rust_begin_unwind
 at /usr/src/rustc-1.70.0/library/std/src/panicking.rs:578:5
   1: core::panicking::panic_fmt
 at /usr/src/rustc-1.70.0/library/core/src/panicking.rs:67:14
   2: core::result::unwrap_failed
 at /usr/src/rustc-1.70.0/library/core/src/result.rs:1687:5
   3: core::result::Result::unwrap
   4: rust_out::main
   5: core::ops::function::FnOnce::call_once
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose 
backtrace.



failures:
src/poll.rs - poll::Poll (line 267)
src/poll.rs - poll::Poll::deregister (line 877)
src/poll.rs - poll::Poll::register (line 735)
src/poll.rs - poll::Poll::reregister (line 820)
src/sys/unix/ready.rs - sys::unix::ready::UnixReady (line 66)

test result: FAILED. 74 passed; 5 failed; 0 ignored; 0 measured; 0 filtered 
out; finished in 4.37s

Bug#1069803: php-codeigniter-framework tries pip install during build

Source: php-codeigniter-framework
Version: 3.1.13+dfsg1-3
Severity: serious
Tags: sid trixie ftbfs

php-codeigniter-framework accesses network resources during the build:

python3 -m venv --system-site-packages --without-pip debian/build-doc/pythonvenv
if ! debian/build-doc/pythonvenv/bin/python -m pip show pycilexer; then \
  echo "Installing pycilexer" && \
  cd user_guide_src/cilexer && \
  ../../debian/build-doc/pythonvenv/bin/python -m pip install .; \
fi
WARNING: Package(s) not found: pycilexer
Installing pycilexer
Processing /build/package/package/user_guide_src/cilexer
  Installing build dependencies: started
  Installing build dependencies: finished with status 'error'
  error: subprocess-exited-with-error

  × pip subprocess to install build dependencies did not run successfully.
  │ exit code: 1
  ╰─> [7 lines of output]
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  ERROR: Could not find a version that satisfies the requirement 
setuptools>=40.8.0 (from versions: none)
  ERROR: No matching distribution found for setuptools>=40.8.0
  [end of output]

  note: This error originates from a subprocess, and is likely not a problem 
with pip.
error: subprocess-exited-with-error

× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> See above for output.

note: This error originates from a subprocess, and is likely not a problem with 
pip.

Bug#1069803: php-codeigniter-framework tries pip install during build

Source: php-codeigniter-framework
Version: 3.1.13+dfsg1-3
Severity: serious
Tags: sid trixie ftbfs

php-codeigniter-framework accesses network resources during the build:

python3 -m venv --system-site-packages --without-pip debian/build-doc/pythonvenv
if ! debian/build-doc/pythonvenv/bin/python -m pip show pycilexer; then \
  echo "Installing pycilexer" && \
  cd user_guide_src/cilexer && \
  ../../debian/build-doc/pythonvenv/bin/python -m pip install .; \
fi
WARNING: Package(s) not found: pycilexer
Installing pycilexer
Processing /build/package/package/user_guide_src/cilexer
  Installing build dependencies: started
  Installing build dependencies: finished with status 'error'
  error: subprocess-exited-with-error

  × pip subprocess to install build dependencies did not run successfully.
  │ exit code: 1
  ╰─> [7 lines of output]
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, 
status=None)) after connection broken by 
'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary 
failure in name resolution')': /simple/setuptools/
  ERROR: Could not find a version that satisfies the requirement 
setuptools>=40.8.0 (from versions: none)
  ERROR: No matching distribution found for setuptools>=40.8.0
  [end of output]

  note: This error originates from a subprocess, and is likely not a problem 
with pip.
error: subprocess-exited-with-error

× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> See above for output.

note: This error originates from a subprocess, and is likely not a problem with 
pip.

Re: [ClusterLabs] Remote nodes in an opt-in cluster

2024-04-23 Thread Jochen




> On 23. Apr 2024, at 17:41, Andrei Borzenkov  wrote:
> 
> On 23.04.2024 10:02, Jochen wrote:
>> When trying to add a remote node to an opt-in cluster, the cluster does not 
>> start the remote resource. When I change the cluster to opt-out the remote 
>> resource is started.
> 
> It's not clear what do you mean. Is "remote resource" the resource used to 
> integrate the remote node (i.e. ocf:pacemaker:remote) or is the "remote 
> resource" a resource you want to start on the remote node itself?

The "ocf:pacemaker:remote" resource to integrate the remote node.

> 
>> I guess I have to add a location constraint to allow the cluster to schedule 
>> the resource. Is that correct?
>> And if yes, how do I create a location constraint to allow the cluster to 
>> start the remote resource anywhere on the cluster? Since I don't want to 
>> name each node in the constraint, I looked for a rule that always is true, 
>> or an attribute that is defined by default, but did not find one. I then 
>> tried
>>  crm configure location skylla-location skylla rule 
>> skylla-location-rule: defined '#uname'
>> But this did not work either. Any help would be greatly appreciated.
>> Regards
>> Jochen
>> ___
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>> ClusterLabs home: https://www.clusterlabs.org/
> 

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

RE: No physical disk in FAI 6.2.2 plain text

2024-04-23 Thread Paul, Jochen

Hi there,

now from my business account. The fixed version is working wonderful. Thanks 
for solving this issue.
Freundliche Grüße / Kind regards,

i.A. Jochen Paul
Softwareentwickler / Softwaredeveloper
Research & Development

Fon: +49 6274 932 341
jochen.p...@mosca.com<mailto:jochen.p...@mosca.com>

Re: [FRIAM] Daniel Dennett (1942-2024)

2024-04-23 Thread Jochen Fromm

Jennifer Ouellette's piece on Daniel is well written too - like his books very 
readable and always interesting. Jennifer is the wife of Sean 
Carroll.https://arstechnica.com/science/2024/04/philosopher-daniel-dennett-dead-at-82/-J.
 Original message From: Russ Abbott  
Date: 4/23/24  12:16 AM  (GMT+01:00) To: The Friday Morning Applied Complexity 
Coffee Group  Subject: Re: [FRIAM] Daniel Dennett 
(1942-2024) Stephen,Thanks for the link to Michael Levin's piece on Dennett. 
Levin, also at Tufts, is one of the most insightful and creative biologists 
around. The article points to a joint Aeon piece Levin wrote with Dennett. Even 
though it was published 3 1/2 years ago, it's very much worth reading. It will 
give you a sense of the kind of work Levin does.It also illustrates Dennett's 
notion of competence without comprehension from his From Bacteria to Bach and 
Back, published 3 years earlier. The article is a very nice example of the 
melding of two minds.Many will want to maintain that real cognition is what 
brains do, and what happens in biochemistry only seems like it’s doing similar 
things. We propose an inversion of this familiar idea; the point is not to 
anthropomorphise morphogenesis – the point is to naturalise cognition. There is 
nothing magic that humans (or other smart animals) do that doesn’t have a 
phylogenetic history. Taking evolution seriously means asking what cognition 
looked like all the way back. Modern data in the field of basal cognition makes 
it impossible to maintain an artificial dichotomy of ‘real’ and ‘as-if’ 
cognition. There is one continuum along which all living systems (and many 
nonliving ones) can be placed, with respect to how much thinking they can do.  
-- Russ Abbott                                       Professor Emeritus, 
Computer ScienceCalifornia State University, Los AngelesOn Sun, Apr 21, 2024 at 
1:15 PM Stephen Guerin  wrote:Michael Levin's 
farewell to Dan Dennett  
https://thoughtforms.life/farewell-dan-dennett-i-will-really-miss-you/On Fri, 
Apr 19, 2024 at 2:46 PM Stephen Guerin  wrote:Such 
a loss 
:-(https://www.telegraph.co.uk/obituaries/2024/04/19/daniel-dennett-philosopher-atheist-darwinist/yes
 a loss of a great person and intellectual. Though in the loss is the 
possibility of progress.  if you consider the above "atheist-darwinist" url 
representing a certain paradigm in which Dennett has been cast as a central 
figure. Planck's Principle on paradigms and funerals:An important scientific 
innovation rarely makes its way by gradually winning over and converting its 
opponents: it rarely happens that Saul becomes Paul. What does happen is that 
its opponents gradually die out, and that the growing generation is 
familiarized with the ideas from the beginning: another instance of the fact 
that the future lies with the youth.— Max Planck, Scientific autobiography, 
1950, p. 33, 97Colloquially, this is often paraphrased as "Science progresses 
one funeral at a 
time"_Stephen 
GuerinCEO, Founder https://simtable.comstephen.gue...@simtable.com 
stephenguerin@fas.harvard.eduHarvard Visualization Research and Teaching 
Labmobile: (505)577-5828On Fri, Apr 19, 2024 at 1:03 PM Jochen Fromm 
 wrote:Such a loss 
:-(https://www.telegraph.co.uk/obituaries/2024/04/19/daniel-dennett-philosopher-atheist-darwinist/I
 will put his autobiography "I’ve Been Thinking" from last year on my reading 
listhttps://www.theguardian.com/books/2023/oct/01/ive-been-thinking-by-daniel-c-dennett-review-an-engaging-vexing-memoir-with-a-humility-bypass-J.
 Original message From: Jochen Fromm  Date: 4/19/24 
 7:32 PM  (GMT+01:00) To: The Friday Morning Applied Complexity Coffee Group 
 Subject: [FRIAM] Daniel Dennett (1942-2024) A sad day 
today. Daniel Dennett has died :-( For every big question in philosophy there 
is at least one Daniel Dennett book:"Consciousnes Explained" (1991) about 
consciousness"Darwin's Dangerous Idea" (1995) about evolution "Freedom Evolves" 
(2003) about free will"Breaking the spell" (2006) about 
religionhttps://dailynous.com/2024/04/19/daniel-dennett-death-1942-2024/-J.-. 
--- - / ...- .- .-.. .. -.. / -- --- .-. ... . / -.-. --- -.. .
FRIAM Applied Complexity Group listserv
Fridays 9a-12p Friday St. Johns Cafe   /   Thursdays 9a-12p Zoom 
https://bit.ly/virtualfriam
to (un)subscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/
archives:  5/2017 thru present https://redfish.com/pipermail/friam_redfish.com/
  1/2003 thru 6/2021  http://friam.383.s1.nabble.com/


-. --- - / ...- .- .-.. .. -.. / -- --- .-. ... . / -.-. --- -.. .
FRIAM Applied Complexity Group listserv
Fridays 9a-12p Friday St. Johns Cafe   /   Thursdays 9a-12p Zoom 
https://bit.ly/virtualfriam
to (un)subscribe http://redfish.com/mailman/listinfo/friam_redfish.c

[ClusterLabs] Remote nodes in an opt-in cluster

2024-04-23 Thread Jochen

When trying to add a remote node to an opt-in cluster, the cluster does not 
start the remote resource. When I change the cluster to opt-out the remote 
resource is started.

I guess I have to add a location constraint to allow the cluster to schedule 
the resource. Is that correct?

And if yes, how do I create a location constraint to allow the cluster to start 
the remote resource anywhere on the cluster? Since I don't want to name each 
node in the constraint, I looked for a rule that always is true, or an 
attribute that is defined by default, but did not find one. I then tried

crm configure location skylla-location skylla rule 
skylla-location-rule: defined '#uname'

But this did not work either. Any help would be greatly appreciated.

Regards
Jochen



___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [go-nuts] generics question

2024-04-23 Thread Jochen Voss

Thank you both!

This works, see my code below.  Followup question: is there a way to refer 
to the new type without having to list both the element type and the 
pointer type separately?  Below I have to write C[A, *A], which looks 
slightly ugly.  And in my real application something like Creator 
OrderedArray[ProperName] would look much more readable than Creator 
OrderedArray[ProperName, *ProperName] .

Many thanks,
Jochen

type Type interface{}

type Settable[E Type] interface {
*E
Set(int)
}

type C[E any, P Settable[E]] struct {
Val []E
}

func (c *C[E, P]) Set(v int) {
for i := range c.Val {
var ptr P = &(c.Val[i])
ptr.Set(v)
}
}

var c = C[A, *A]{Val: []A{1, 2, 3}}

On Tuesday 23 April 2024 at 03:36:25 UTC+1 Nagaev Boris wrote:

> On Mon, Apr 22, 2024 at 9:54 PM Ian Lance Taylor  wrote:
> >
> > On Mon, Apr 22, 2024 at 2:25 PM Jochen Voss  wrote:
> > >
> > > Using generics, can I somehow write a constraint which says that *T 
> (instead of T) implements a certain interface? The following code 
> illustrated what I'm trying to do:
> > >
> > > type A int
> > >
> > > func (a *A) Set(x int) {
> > > *a = A(x)
> > > }
> > >
> > > type B string
> > >
> > > func (b *B) Set(x int) {
> > > *b = B(strconv.Itoa(x))
> > > }
> > >
> > > type C1 struct {
> > > Val []A
> > > }
> > >
> > > func (c *C1) Set(v int) {
> > > for i := range c.Val {
> > > c.Val[i].Set(v)
> > > }
> > > }
> > >
> > > type C2 struct {
> > > Val []B
> > > }
> > >
> > > func (c *C2) Set(v int) {
> > > for i := range c.Val {
> > > c.Val[i].Set(v)
> > > }
> > > }
> > >
> > > I would like to use generics to use a single definition for the 
> methods which here are func (c *C1) Set(v int) and func (c *C2) Set(v int). 
> (My real code has many base types, instead of just A and B.) How can I do 
> this?
> > >
> > > I tried the naive approach:
> > >
> > > type C[T interface{ Set(int) }] struct {
> > > Val []T
> > > }
> > >
> > > but when I try to use the type C[A] now, I get the error message "A 
> does not satisfy interface{Set(int)} (method Set has pointer receiver)".
> >
> >
> > type C[P interface {
> > *E
> > Set(int)
> > }, E any] struct {
> > Val []P
> > }
> >
> > Ian
> >
>
> I think it should be this (s/Val []P/Val []E/):
>
> type C[P interface {
> *E
> Set(int)
> }, E any] struct {
> Val []E
> }
>
>
>
> -- 
> Best regards,
> Boris Nagaev
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/c5571d6c-d4d1-4cb9-9617-d5405f68d66an%40googlegroups.com.

[go-nuts] generics question

2024-04-22 Thread Jochen Voss

Using generics, can I somehow write a constraint which says that *T 
(instead of T) implements a certain interface?  The following code 
illustrated what I'm trying to do:

type A int

func (a *A) Set(x int) {
*a = A(x)
}

type B string

func (b *B) Set(x int) {
*b = B(strconv.Itoa(x))
}

type C1 struct {
Val []A
}

func (c *C1) Set(v int) {
for i := range c.Val {
c.Val[i].Set(v)
}
}

type C2 struct {
Val []B
}

func (c *C2) Set(v int) {
for i := range c.Val {
c.Val[i].Set(v)
}
}

I would like to use generics to use a single definition for the methods 
which here are func (c *C1) Set(v int) and func (c *C2) Set(v int).  (My 
real code has many base types, instead of just A and B.)  How can I do this?

I tried the naive approach:

type C[T interface{ Set(int) }] struct {
Val []T
}

but when I try to use the type C[A] now, I get the error message "A does 
not satisfy interface{Set(int)} (method Set has pointer receiver)".

Many thanks,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/e6c1647a-9ade-496e-85b5-0e96563b5e22n%40googlegroups.com.

Bug#1065193: RFS: libhx/4.23-1 [RC] -- C library providing queue, tree, I/O and utility functions

2024-04-21 Thread Jochen Sprickerhof


Hi Jörg,

I have fixed the old debian/changelog entry and uploaded the new version 
to DELAYED/7. Please feel free to tell me if I should delay it longer.


The patch is attached.

Cheers Jochen

* Jochen Sprickerhof  [2024-04-10 07:25]:

Hi Jörg,

is there anything I can help with to get libhx updated?
(I agree with what Tobias said below.)

Cheers Jochen


* Tobias Frost  [2024-03-17 20:22]:

Control: tags -1 moreinfo

On Sun, Mar 17, 2024 at 04:57:54PM +0100, Jörg Frings-Fürst wrote:

tags 1065193 - moreinfo
thanks

Hi Tobias,



Am Sonntag, dem 17.03.2024 um 14:39 +0100 schrieb Tobias Frost:

Hi Jörg,

"debcheckout libhx" still gives me 4.17-1 as head.

After looking at your repo, I think I should point you to DEP-14
as a recommended git layout for packaging.
As the branch name indicates you are using per-package-revision
branches:
IMHO It makes little sense to have one branch per debian package
version/revision; (I had a similiar discussion on vzlogger lately,
so to avoid repetiions: #1064344#28)

Please clarify how you want to manage the package in git, as
this needs to be reflected in d/control's VCS-* fields correctly.
(this is now blocking the upload.)


I have been using Vincent Driessen's branching model and the corresponding git
extension gitflow-avh for at least 7 years with Debian and for a long time at
work.

The default branch is master and development takes place in the develop branch.

The release candidates are managed in the branch release. The extension
debian/debian-version is used as a tag during the transfer.

The master branch always contains the last published executable version to which
the git tag in debian/control points.


a> The procedure is described in the README.debian.

ok, won't further argue about how to organize your git repo, but I can
only tell the Debian perspective: It is breaking expectations as a
debcheckout libhx does today NOT give me a state that represents the
package in unstable. VCS-Git specifies where the (package)
development is happening [1].

[1] Policy 5.6.26

But as I am not using the git repo as base for the sponsoring, lets put
that topic to rest.



(The current fields say the package is maintained in the default branch
of your repo. I see a debian/ directory there, but that one is missing
released (it is at 4.17-1, while unstable is at 4.19-1.1)

The review is based on the .dsc, timestamped on mentors.d.n
2024-03-17 12:00

d/changelog is *STILL* changing history for the 4.19-1 changelog
block. (This issue must be fixed before upload.)



I think these were artifacts because my changes to the NMU were not adopted. Has
been corrected.


No it has not. I expect old changelog entries to be *identical* to
the ones that have been uploaded, and they still are not, so I fear
we are talking past each other. Please let me know what you think that
you have fixed, so that we can spot the different expectations.

For my perspective:
This is the diff from debian/changelog from the current
version in the archives and the dsc uploaded to mentors at 2024-03-17 14:45
You are still rewriting history (second hunk of this diff), this hunk
should not exists.

diff -Naur archive/libhx-4.19/debian/changelog 
mentors/libhx-4.23/debian/changelog
--- archive/libhx-4.19/debian/changelog 2024-02-28 13:48:09.0 +0100
+++ mentors/libhx-4.23/debian/changelog 2024-03-17 15:23:31.0 +0100
@@ -1,3 +1,17 @@
+libhx (4.23-1) unstable; urgency=medium
+
+  * New upstream release (Closes: #1064734).
+  * Add debian/.gitignore
+  * Remove not longer needed debian/libhx-dev.lintian-overrides.
+  * Fix debian/libhx32t64.lintian-overrides.
+  * debian/copyright:
+- Add 2024 to myself.
+  * debian/control:
+- Readd BD dpkg-dev (>= 1.22.5).
+  Thanks to Tobias Frost 
+
+ -- Jörg Frings-Fürst   Sun, 17 Mar 2024 15:23:31 +0100
+
libhx (4.19-1.1) unstable; urgency=medium

 * Non-maintainer upload.
@@ -9,11 +23,8 @@

 * New upstream release.
   - Refresh symbols files.
-  * Remove empty debian/libhx-dev.symbols.
-  * debian/rules:
-- Remove build of libhx-dev.symbols.

- -- Jörg Frings-Fürst   Sun, 17 Dec 2023 14:44:39 +0100
+ -- Jörg Frings-Fürst   Tue, 21 Nov 2023 10:41:07 +0100

libhx (4.14-1) unstable; urgency=medium



From e82f0d623be16aad21807a7a5089fbfdbbd8ba05 Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof 
Date: Sun, 21 Apr 2024 09:03:28 +0200
Subject: [PATCH] Fix old debian/changelog entry

---
 debian/changelog | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 5471467..e4c0c41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,8 +23,11 @@ libhx (4.19-1) unstable; urgency=medium
 
   * New upstream release.
 - Refresh symbols files.
+  * Remove empty debian/libhx-dev.symbols.
+  * debian/rules:
+- Remove build of libhx-dev.symbols.
 
- -- Jörg Frings-Fürst   Tue, 21 Nov 2023 10:41:07 +0100
+ -- Jörg Frings-Fürst   Sun, 17 Dec 2023 14:44:39 +0100
 
 libhx (

Bug#1065193: RFS: libhx/4.23-1 [RC] -- C library providing queue, tree, I/O and utility functions

2024-04-21 Thread Jochen Sprickerhof


Hi Jörg,

I have fixed the old debian/changelog entry and uploaded the new version 
to DELAYED/7. Please feel free to tell me if I should delay it longer.


The patch is attached.

Cheers Jochen

* Jochen Sprickerhof  [2024-04-10 07:25]:

Hi Jörg,

is there anything I can help with to get libhx updated?
(I agree with what Tobias said below.)

Cheers Jochen


* Tobias Frost  [2024-03-17 20:22]:

Control: tags -1 moreinfo

On Sun, Mar 17, 2024 at 04:57:54PM +0100, Jörg Frings-Fürst wrote:

tags 1065193 - moreinfo
thanks

Hi Tobias,



Am Sonntag, dem 17.03.2024 um 14:39 +0100 schrieb Tobias Frost:

Hi Jörg,

"debcheckout libhx" still gives me 4.17-1 as head.

After looking at your repo, I think I should point you to DEP-14
as a recommended git layout for packaging.
As the branch name indicates you are using per-package-revision
branches:
IMHO It makes little sense to have one branch per debian package
version/revision; (I had a similiar discussion on vzlogger lately,
so to avoid repetiions: #1064344#28)

Please clarify how you want to manage the package in git, as
this needs to be reflected in d/control's VCS-* fields correctly.
(this is now blocking the upload.)


I have been using Vincent Driessen's branching model and the corresponding git
extension gitflow-avh for at least 7 years with Debian and for a long time at
work.

The default branch is master and development takes place in the develop branch.

The release candidates are managed in the branch release. The extension
debian/debian-version is used as a tag during the transfer.

The master branch always contains the last published executable version to which
the git tag in debian/control points.


a> The procedure is described in the README.debian.

ok, won't further argue about how to organize your git repo, but I can
only tell the Debian perspective: It is breaking expectations as a
debcheckout libhx does today NOT give me a state that represents the
package in unstable. VCS-Git specifies where the (package)
development is happening [1].

[1] Policy 5.6.26

But as I am not using the git repo as base for the sponsoring, lets put
that topic to rest.



(The current fields say the package is maintained in the default branch
of your repo. I see a debian/ directory there, but that one is missing
released (it is at 4.17-1, while unstable is at 4.19-1.1)

The review is based on the .dsc, timestamped on mentors.d.n
2024-03-17 12:00

d/changelog is *STILL* changing history for the 4.19-1 changelog
block. (This issue must be fixed before upload.)



I think these were artifacts because my changes to the NMU were not adopted. Has
been corrected.


No it has not. I expect old changelog entries to be *identical* to
the ones that have been uploaded, and they still are not, so I fear
we are talking past each other. Please let me know what you think that
you have fixed, so that we can spot the different expectations.

For my perspective:
This is the diff from debian/changelog from the current
version in the archives and the dsc uploaded to mentors at 2024-03-17 14:45
You are still rewriting history (second hunk of this diff), this hunk
should not exists.

diff -Naur archive/libhx-4.19/debian/changelog 
mentors/libhx-4.23/debian/changelog
--- archive/libhx-4.19/debian/changelog 2024-02-28 13:48:09.0 +0100
+++ mentors/libhx-4.23/debian/changelog 2024-03-17 15:23:31.0 +0100
@@ -1,3 +1,17 @@
+libhx (4.23-1) unstable; urgency=medium
+
+  * New upstream release (Closes: #1064734).
+  * Add debian/.gitignore
+  * Remove not longer needed debian/libhx-dev.lintian-overrides.
+  * Fix debian/libhx32t64.lintian-overrides.
+  * debian/copyright:
+- Add 2024 to myself.
+  * debian/control:
+- Readd BD dpkg-dev (>= 1.22.5).
+  Thanks to Tobias Frost 
+
+ -- Jörg Frings-Fürst   Sun, 17 Mar 2024 15:23:31 +0100
+
libhx (4.19-1.1) unstable; urgency=medium

 * Non-maintainer upload.
@@ -9,11 +23,8 @@

 * New upstream release.
   - Refresh symbols files.
-  * Remove empty debian/libhx-dev.symbols.
-  * debian/rules:
-- Remove build of libhx-dev.symbols.

- -- Jörg Frings-Fürst   Sun, 17 Dec 2023 14:44:39 +0100
+ -- Jörg Frings-Fürst   Tue, 21 Nov 2023 10:41:07 +0100

libhx (4.14-1) unstable; urgency=medium



From e82f0d623be16aad21807a7a5089fbfdbbd8ba05 Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof 
Date: Sun, 21 Apr 2024 09:03:28 +0200
Subject: [PATCH] Fix old debian/changelog entry

---
 debian/changelog | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 5471467..e4c0c41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,8 +23,11 @@ libhx (4.19-1) unstable; urgency=medium
 
   * New upstream release.
 - Refresh symbols files.
+  * Remove empty debian/libhx-dev.symbols.
+  * debian/rules:
+- Remove build of libhx-dev.symbols.
 
- -- Jörg Frings-Fürst   Tue, 21 Nov 2023 10:41:07 +0100
+ -- Jörg Frings-Fürst   Sun, 17 Dec 2023 14:44:39 +0100
 
 libhx (

Re: [FRIAM] Daniel Dennett (1942-2024)

2024-04-19 Thread Jochen Fromm

Such a loss 
:-(https://www.telegraph.co.uk/obituaries/2024/04/19/daniel-dennett-philosopher-atheist-darwinist/I
 will put his autobiography "I’ve Been Thinking" from last year on my reading 
listhttps://www.theguardian.com/books/2023/oct/01/ive-been-thinking-by-daniel-c-dennett-review-an-engaging-vexing-memoir-with-a-humility-bypass-J.
 Original message From: Jochen Fromm  Date: 
4/19/24  7:32 PM  (GMT+01:00) To: The Friday Morning Applied Complexity Coffee 
Group  Subject: [FRIAM] Daniel Dennett (1942-2024) A sad day 
today. Daniel Dennett has died :-( For every big question in philosophy there 
is at least one Daniel Dennett book:"Consciousnes Explained" (1991) about 
consciousness"Darwin's Dangerous Idea" (1995) about evolution "Freedom Evolves" 
(2003) about free will"Breaking the spell" (2006) about 
religionhttps://dailynous.com/2024/04/19/daniel-dennett-death-1942-2024/-J.-. --- - / ...- .- .-.. .. -.. / -- --- .-. ... . / -.-. --- -.. .
FRIAM Applied Complexity Group listserv
Fridays 9a-12p Friday St. Johns Cafe   /   Thursdays 9a-12p Zoom 
https://bit.ly/virtualfriam
to (un)subscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/
archives:  5/2017 thru present https://redfish.com/pipermail/friam_redfish.com/
  1/2003 thru 6/2021  http://friam.383.s1.nabble.com/

[FRIAM] Daniel Dennett (1942-2024)

2024-04-19 Thread Jochen Fromm

A sad day today. Daniel Dennett has died :-( For every big question in 
philosophy there is at least one Daniel Dennett book:"Consciousnes Explained" 
(1991) about consciousness"Darwin's Dangerous Idea" (1995) about evolution 
"Freedom Evolves" (2003) about free will"Breaking the spell" (2006) about 
religionhttps://dailynous.com/2024/04/19/daniel-dennett-death-1942-2024/-J.-. --- - / ...- .- .-.. .. -.. / -- --- .-. ... . / -.-. --- -.. .
FRIAM Applied Complexity Group listserv
Fridays 9a-12p Friday St. Johns Cafe   /   Thursdays 9a-12p Zoom 
https://bit.ly/virtualfriam
to (un)subscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/
archives:  5/2017 thru present https://redfish.com/pipermail/friam_redfish.com/
  1/2003 thru 6/2021  http://friam.383.s1.nabble.com/

Re: [darktable-user] Feature idea : DTtimelapse ? (similar to LRtimelapse in essence)

2024-04-18 Thread Jochen Keil

Hi Martin,

The exposure module offers an "automatic" mode which works reasonably well
but in my experience there are outliers that need manual correction. Apart
from exposure flicker I've also noticed what I call "White Balance
Flicker". That usually happens with changing light situations (sunrise /
sunset) when the camera tries to adjust the white balance automatically. Of
course one could set the white balance to a fixed value but there's no WB
that fits daylight and night, which means you need WB ramping.

The color calibration tool offers a functionality that's a bit in the right
direction: You can set a target from another image and use it to adjust
other pictures based on it. Works well, but there's no automation. I helped
myself with xdotool (a program for key macros) but that's clunky.

As you suggest, it's possible, just not very streamlined and
straightforward.

Cheers!



On Wed, Apr 17, 2024 at 9:35 PM Martin Straeten 
wrote:

> with recent darktable there can be a further approach: using exposure and
> color mapping.
> These functions might support setting of smooth transitions for exposure
> as well as color calibration based on keyframes
>
> Am 17.04.2024 um 19:08 schrieb William Ferguson :
>
> 
> The issue here is that we are trying to solve a darktable problem with a
> lightroom solution.  If we approach it from a darktable perspective, then
> we are looking at (probably) less than 100 lines of lua code and 30 minutes
> worth of work.
>
> Using lua I can load an image into darkroom and read or modify the
> exposure setting.
>
> So, if I go through and pick my "key frames", adjust the exposure, then
> assign a keyframe tag I can run a script that:
> * selects the images that are keyframes, loads each one sequentially, and
> reads and stores the exposure information
> * loads each image in the collection and
> -- determines the limiting keyframes
> -- computes the exposure difference
> -- applies the exposure difference
> -- loads the next image after the pixelpipe completes.
>
> Advantages of this approach
> * No decoding, extrapolating, interpolating, guessing, etc of XMP files
> * Don't have to scan for updated XMP files when starting darktable
> * No worries about XMP file corruption
> * No worries about database corruption from loading a bad XMP
> * Don't have to worry about XMP format changes
> * If the collection gets messed up, you simply select all, discard the
> history stacks and you've recovered.
> * You're not limited to just modifying exposure
>
> Disadvantages:
> * It's slower.  It has to load each image into darktable and process it.
>   I tested loading images and changing the exposure and IIRC darktable
>   processed roughly 2 images/sec.  The images were on an SSD.
>
> Bill
>
> On Wed, Apr 17, 2024 at 11:04 AM Jochen Keil 
> wrote:
>
>> Hi Sébastien,
>>
>> I wrote dtlapse back then and I'm happy to see that there's still
>> interest in it. Unfortunately, due to time constraints I cannot put much
>> work into it. Therefore, in its current state it's pretty unusable, since
>> darktable evolves faster than I can keep up.
>>
>> The basic functionality is very close to what you describe. Pick some
>> keyframes, adjust them as desired and interpolate the values in between.
>> This can be done by using the XMP files as interface, once you get around
>> decoding the module parameters. That's all in dtlapse and worked pretty
>> well for its rather hackish state.
>>
>> However, the biggest problem is that modules tend to change regularly,
>> which means that you have to manually adapt the interface description for
>> every new darktable release while keeping old versions for compatibility.
>> I've made it somewhat easy to update XMP interface descriptions by moving
>> them to JSON files separately from the code. Still, for every new release
>> you have to reengineer the XMP file because they're not documented, at
>> least last time I looked. Given the amount of modules (and even if you
>> would limit yourself to the most interesting ones) it's tedious and by the
>> time you're done a new release comes around the corner.
>>
>> I've had the idea to generate the interface description directly from the
>> source code, but you'd need to use a C/C++ parser to get it. I've just
>> checked the code and the XMP interface is STILL hardcoded in the modules.
>>
>> So, to sum it up, it can be done, but it's quite hard. It'd be much
>> easier if the darktable developers would separate the XMP interface
>> definition for each module from the code which would greatly increase
>> interoperability and is good practice anyway (separate data from cod

Re: [darktable-user] Feature idea : DTtimelapse ? (similar to LRtimelapse in essence)

2024-04-18 Thread Jochen Keil

Hi Bill,

when I started to work on dtlapse it was not possible to modify module
parameters through the LUA interface, that might have changed.

On Wed, Apr 17, 2024 at 7:08 PM William Ferguson 
wrote:

> The issue here is that we are trying to solve a darktable problem with a
> lightroom solution.  If we approach it from a darktable perspective, then
> we are looking at (probably) less than 100 lines of lua code and 30 minutes
> worth of work.
>
> Using lua I can load an image into darkroom and read or modify the
> exposure setting.
>
> So, if I go through and pick my "key frames", adjust the exposure, then
> assign a keyframe tag I can run a script that:
> * selects the images that are keyframes, loads each one sequentially, and
> reads and stores the exposure information
> * loads each image in the collection and
> -- determines the limiting keyframes
> -- computes the exposure difference
> -- applies the exposure difference
> -- loads the next image after the pixelpipe completes.
>
> Advantages of this approach
> * No decoding, extrapolating, interpolating, guessing, etc of XMP files
>

You'll still need an extrapolation or interpolation algorithm to generate
the values between the keyframes. That's simple though, at least with
Python. LUA probably offers similar libraries


> * Don't have to scan for updated XMP files when starting darktable
> * No worries about XMP file corruption
>

That's why I've made the recommendation to not work with dtlapse and
darktable in parallel :)


> * No worries about database corruption from loading a bad XMP
>

Another recommendation would to use darktable's `--library :memory:`
option, bypassing the DB (which makes sense in another way: hundreds of
timelapse photos will a) clutter your library b) hinder performance)


> * Don't have to worry about XMP format changes
> * If the collection gets messed up, you simply select all, discard the
> history stacks and you've recovered.
> * You're not limited to just modifying exposure
>
> Disadvantages:
> * It's slower.  It has to load each image into darktable and process it.
>   I tested loading images and changing the exposure and IIRC darktable
>   processed roughly 2 images/sec.  The images were on an SSD.
>

That's actually reasonable. 1000 images in less than 10 minutes. That's
just a fraction of the time necessary for a complete and proper timelapse
workflow if you add in some video post production (music, zooming, panning,
etc).

Cheers!




>
> Bill
>
> On Wed, Apr 17, 2024 at 11:04 AM Jochen Keil 
> wrote:
>
>> Hi Sébastien,
>>
>> I wrote dtlapse back then and I'm happy to see that there's still
>> interest in it. Unfortunately, due to time constraints I cannot put much
>> work into it. Therefore, in its current state it's pretty unusable, since
>> darktable evolves faster than I can keep up.
>>
>> The basic functionality is very close to what you describe. Pick some
>> keyframes, adjust them as desired and interpolate the values in between.
>> This can be done by using the XMP files as interface, once you get around
>> decoding the module parameters. That's all in dtlapse and worked pretty
>> well for its rather hackish state.
>>
>> However, the biggest problem is that modules tend to change regularly,
>> which means that you have to manually adapt the interface description for
>> every new darktable release while keeping old versions for compatibility.
>> I've made it somewhat easy to update XMP interface descriptions by moving
>> them to JSON files separately from the code. Still, for every new release
>> you have to reengineer the XMP file because they're not documented, at
>> least last time I looked. Given the amount of modules (and even if you
>> would limit yourself to the most interesting ones) it's tedious and by the
>> time you're done a new release comes around the corner.
>>
>> I've had the idea to generate the interface description directly from the
>> source code, but you'd need to use a C/C++ parser to get it. I've just
>> checked the code and the XMP interface is STILL hardcoded in the modules.
>>
>> So, to sum it up, it can be done, but it's quite hard. It'd be much
>> easier if the darktable developers would separate the XMP interface
>> definition for each module from the code which would greatly increase
>> interoperability and is good practice anyway (separate data from code).
>> However, I think there's not much incentive for them to do it, it'd even be
>> a rather elaborate redesign.
>>
>> Best,
>>
>>   Jochen
>>
>> On Wed, Apr 17, 2024 at 2:23 PM Sébastien Chaurin <
>> sebastien.chau...@gmail.com> wrote:
>>

Re: [darktable-user] Feature idea : DTtimelapse ? (similar to LRtimelapse in essence)

2024-04-17 Thread Jochen Keil

Hi Sébastien,

I wrote dtlapse back then and I'm happy to see that there's still interest
in it. Unfortunately, due to time constraints I cannot put much work into
it. Therefore, in its current state it's pretty unusable, since darktable
evolves faster than I can keep up.

The basic functionality is very close to what you describe. Pick some
keyframes, adjust them as desired and interpolate the values in between.
This can be done by using the XMP files as interface, once you get around
decoding the module parameters. That's all in dtlapse and worked pretty
well for its rather hackish state.

However, the biggest problem is that modules tend to change regularly,
which means that you have to manually adapt the interface description for
every new darktable release while keeping old versions for compatibility.
I've made it somewhat easy to update XMP interface descriptions by moving
them to JSON files separately from the code. Still, for every new release
you have to reengineer the XMP file because they're not documented, at
least last time I looked. Given the amount of modules (and even if you
would limit yourself to the most interesting ones) it's tedious and by the
time you're done a new release comes around the corner.

I've had the idea to generate the interface description directly from the
source code, but you'd need to use a C/C++ parser to get it. I've just
checked the code and the XMP interface is STILL hardcoded in the modules.

So, to sum it up, it can be done, but it's quite hard. It'd be much easier
if the darktable developers would separate the XMP interface definition for
each module from the code which would greatly increase interoperability and
is good practice anyway (separate data from code). However, I think there's
not much incentive for them to do it, it'd even be a rather elaborate
redesign.

Best,

  Jochen

On Wed, Apr 17, 2024 at 2:23 PM Sébastien Chaurin <
sebastien.chau...@gmail.com> wrote:

> omg thanks for that ! I knew somehow that I couldn't be the only one
> thinking that it'd be great to have...
>
> I'll have a closer look at that repo.
>
> Thanks again.
>
> On Tue, 16 Apr 2024 at 13:48, Martin Straeten 
> wrote:
>
>> Have a look at https://discuss.pixls.us/t/annoucement-of-dtlapse/19522
>>
>> Am 16.04.2024 um 09:59 schrieb Sébastien Chaurin <
>> sebastien.chau...@gmail.com>:
>>
>> 
>> Hello all,
>>
>> Have any one of you guys wondered about how hard it'd be to implement
>> something similar to LRTimelapse ?
>> For those of you not aware of what this is, it's an additional app that
>> looks at xmp files from LR. It looks first within a folder with hundreds of
>> pics for a timelapse (in real life), at those images with only 5 stars. In
>> this exemple let's say we only have 5 images for our timelapse.
>> Let's imagine that we only have 2 of those, the first and the last, rated
>> 5 stars. and let's also assume there is only one module with one parameter
>> that has changed : exposure.
>> This app would look at the first 5 stars rated image and see the exposure
>> value of +0.5, and the second with a value of +0.9 hypothetically.
>> It would then look at how many images there are in between in the folder
>> (those not rated 5 stars) and divide the difference of the current setting
>> by the number of pics that sit in between these. 5 pics total minus the 2
>> rated 5 stars leaves us with 3.
>> So in this toy example we only have 3 photos in between the key images (5
>> stars), then we have
>> - difference in exposure : 0.9 - 0.5 = 0.4
>> - 4 pics to arrive at that 0.9 value if we start from the first one : 0.4
>> / 4 = 0.1 incremental step of exposure to be applied.
>> it would build xmp files for the 3 non 5 star rated pic with exposure
>> values respectively of 0.6, 0.7 and 0.8. The first one being 0.5, and the
>> last 0.9.
>> This is assuming we have a linear progression, but I'm sure you can
>> imagine other types than linear.
>>
>> The idea is to adjust every parameter for the pics in between key images
>> (5 stars pics) so that in the end for the timelapse, there are smooth
>> transitions for every setting, exposure is usually one.
>>
>> Hopefully this little example makes sense ? The concept is I think easy
>> to understand : avoid editing possibly thousands of pictures with varying
>> needs in editing. You would only edit key images, and then it would ensure
>> smooth transitioning for all the in-between images, working out the
>> incremental steps it needs to put for every single setting to ensure that.
>>
>> I've used that a lot during my time with LR, and I've been thinking about
>> bringing thi

Re: Uppercase username emails are rejected

2024-04-17 Thread Jochen Bern via dovecot


On 17.04.24 08:43, Aki Tuomi wrote:

  On 17/04/24 00:51, John Stoffel via dovecot wrote:
  >>>>>> "Peter" == Peter via dovecot  writes:
Generally speaking you want auth to be case-
sensitive, but go ahead and
try it to see if it fixes the issue.
   Umm... not for emails you don't. Since the j...@stoffel.org
   and j...@stoffel.org and j...@stoffel.org are all the same
   email address


No they aren't. The *host part* is case insensitive because the DNS is, 
but nothing in the RFCs suggests that the *user part* may be (generally) 
treated as such. That only came about when the makers of a certain, 
famously case insensitive OS started selling a mail server software 
better aligned with their habits.


(Back with SunOS, when account names automatically yielded deliverable 
e-mail addresses, my dpt. had a standing rule that admins would have an 
unprivileged account like, e.g., "bern" and a separate UID=0 account 
"Bern" for the admin work. Luckily, the login(1) triggered its OH, IT 
SEEMS THAT THIS TERMINAL SUPPORTS ONLY SINGLE CASE mode only if the 
username was *entirely* in uppercase, not on the first character ...)


Having that said, nothing keeps you from setting up your MTA/MDA so as 
to ignore case entirely (because people manually entering addresses 
never make typos, but erroneously slip onto  or  all 
the time, I suppose ...), but it's a major no-no for (intermediate) MTAs.



Unfortunately some systems uppercase (or downcase) your email when sending mail
to you.


In particular, websites you create an account on, apparently in fear 
that joe@shmoe would otherwise be able to create multiple accounts with 
Joe@shmoe, jOe@shmoe etc. etc.. They rarely object to plussed user 
addresses or single-person-owned domains that could have a catchall 
configured, though ...


(I *should* have tried a user part with "ß" on an upcaseing online 
service back when that umlaut officially *didn't have* an uppercase 
version ... ;-)


Kind regards,
--
Jochen Bern
Systemingenieur

Binect GmbH
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

On "Hacker News" someone wrote today [1] that transformers in LLMs work like
the Hamiltonian in Quantum Mechnics because prediction of the next token in the
sequence is determined by computing the next context-aware embedding vector
from the last context-aware embedding vector alone, similar to the Hamiltonian
matrix which is applied in Quantum Mechanics in the Schrödinger equation to the
high dimensional state vector in a Hilbert space to predict the next state of
the quantum system [2]. This would imply that the human mind works like Quantum
Mechanics if LLMs describe the functionality of the prefontal cortex. If the
Hamiltonian represents the “energy dynamics”, what do the LLM values represent?
The learned experience?Robert Watson who is a Professor of the Humanities at
the University of California Los Angeles, writes in his fascinating book
"Cultural Evolution and its Discontents" (2018) that "the human mind resembles
a nuclear reactor: amazingly generative within the little containment dome, but
always at risk of running fatally amok in a meltdown, and ceaselessly producing
toxic waste" [3]. The toxic waste can be for example hallucination, imagination
or simply lies.So is the human mind similar to Quantum Mechnics or does it
resemble a nuclear reactor?-J. [1]
https://news.ycombinator.com/item?id=40038352[2]
https://en.wikipedia.org/wiki/Hamiltonian_(quantum_mechanics)[3] Robert N.
Watson, Cultural Evolution and its Discontents, Routledge, 2018-. --- - / ...- .- .-.. .. -.. / -- --- .-. ... . / -.-. --- -.. .
FRIAM Applied Complexity Group listserv
Fridays 9a-12p Friday St. Johns Cafe / Thursdays 9a-12p Zoom
https://bit.ly/virtualfriam
to (un)subscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/
archives: 5/2017 thru present https://redfish.com/pipermail/friam_redfish.com/
1/2003 thru 6/2021 http://friam.383.s1.nabble.com/

[Bug 2061171] Re: [FFe] Update sbuild to 0.85.7 for Noble

2024-04-12 Thread Jochen Sprickerhof

** Description changed:

  The new sbuild version contains a number of fixes for the unshare
- backend that would be good to have in Noble. In Debian, we have rebuild
- all of Debian stable (bookworm) with sbuild+unshare and found that
- adding dumb-init fixed 46 package builds, see:
+ backend that would be good to have in Noble.
+ 
+ We have rebuild all of Debian stable (bookworm) with sbuild+unshare and
+ found that adding dumb-init fixed 46 package builds, see:
  https://salsa.debian.org/debian/sbuild/-/merge_requests/60.
  
- In addition, this upload contains the following features:
-  - Allow the usage of 4M OVMF images if available.
-  - New CLI options --enable-network and --no-enable-network to allow more 
granular network access control during builds.
-  - Run post-build-failed-commands before cleanup.
+ The other changes are:
+ 
+ Add an --enable-network option for the unshare backend, useful to build
+ packages that net a network connection (debian-installer and debian-
+ installer-netboot-images in Debian).
+ 
+ Support 4M OVMF images in addition in sbuild-qemu.
+ 
+ Run --post-build-failed-commands before cleanup: This makes sure that
+ %SBUILD_PKGBUILD_DIR is still available (as documented in sbuild(1)) and
+ allows to retrieve files from a failed build.
+ 
+ Documentation changes.

** Description changed:

  The new sbuild version contains a number of fixes for the unshare
  backend that would be good to have in Noble.
  
  We have rebuild all of Debian stable (bookworm) with sbuild+unshare and
  found that adding dumb-init fixed 46 package builds, see:
  https://salsa.debian.org/debian/sbuild/-/merge_requests/60.
  
  The other changes are:
  
  Add an --enable-network option for the unshare backend, useful to build
  packages that net a network connection (debian-installer and debian-
  installer-netboot-images in Debian).
  
  Support 4M OVMF images in addition in sbuild-qemu.
  
  Run --post-build-failed-commands before cleanup: This makes sure that
  %SBUILD_PKGBUILD_DIR is still available (as documented in sbuild(1)) and
  allows to retrieve files from a failed build.
  
  Documentation changes.
+ 
+ Note that the sbuild.log contains the changelog.diff (debian/changelog
+ as this is a native package), build log and install log.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061171

Title:
  [FFe] Update sbuild to 0.85.7 for Noble

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbuild/+bug/2061171/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2061171] [NEW] [FFe] Update sbuild to 0.85.7 for Noble

2024-04-12 Thread Jochen Sprickerhof

Public bug reported:

The new sbuild version contains a number of fixes for the unshare
backend that would be good to have in Noble.

We have rebuild all of Debian stable (bookworm) with sbuild+unshare and
found that adding dumb-init fixed 46 package builds, see:
https://salsa.debian.org/debian/sbuild/-/merge_requests/60.

** Affects: sbuild (Ubuntu)
 Importance: Undecided
 Status: New

** Attachment added: "sbuild.log"
   https://bugs.launchpad.net/bugs/2061171/+attachment/5764364/+files/sbuild.log

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061171

Title:
  [FFe] Update sbuild to 0.85.7 for Noble

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbuild/+bug/2061171/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [PATCH 14/64] i2c: cpm: reword according to newest specification

2024-04-12 Thread Jochen Friedrich


out_8(>i2c_reg->i2mod, 0x00);
-   out_8(>i2c_reg->i2com, I2COM_MASTER);/* Master mode */
+   out_8(>i2c_reg->i2com, I2COM_MASTER);/* Host mode */

I2COM_MASTER might be coming from the datasheet.

Maybe we can just drop the comment? The value we write is pretty
self-explaining.

indeed.

Andi


I also agree. You might add my Acked-By:  here. Jochen

Bug#1068798: bookworm-pu: package fdroidserver/2.2.1-1


Forgot the patch..
diff --git a/debian/changelog b/debian/changelog
index a990dc45..05aabd67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+fdroidserver (2.2.1-1+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * Add patch to fix security issue in certificate checks
+
+ -- Jochen Sprickerhof   Thu, 11 Apr 2024 11:20:33 +0200
+
 fdroidserver (2.2.1-1) unstable; urgency=medium
 
   * New upstream version 2.2.1
diff --git a/debian/patches/0004-Fix-signer-certificate-checks.patch b/debian/patches/0004-Fix-signer-certificate-checks.patch
new file mode 100644
index ..8830d788
--- /dev/null
+++ b/debian/patches/0004-Fix-signer-certificate-checks.patch
@@ -0,0 +1,72 @@
+From: "FC (Fay) Stegerman" 
+Date: Thu, 11 Apr 2024 11:11:46 +0200
+Subject: Fix signer certificate checks
+
+This fixes the order the signatures are checked to be the same as
+Android does them and monkey patches androguard to handle duplicate
+signing blocks.
+
+This was reported as:
+
+https://www.openwall.com/lists/oss-security/2024/04/08/8
+
+Patch taken from:
+
+https://github.com/obfusk/fdroid-fakesigner-poc/blob/master/fdroidserver.patch
+---
+ fdroidserver/common.py | 33 -
+ 1 file changed, 20 insertions(+), 13 deletions(-)
+
+diff --git a/fdroidserver/common.py b/fdroidserver/common.py
+index bc4265e..bd1a4c8 100644
+--- a/fdroidserver/common.py
 b/fdroidserver/common.py
+@@ -3001,28 +3001,35 @@ def signer_fingerprint(cert_encoded):
+ 
+ def get_first_signer_certificate(apkpath):
+ """Get the first signing certificate from the APK, DER-encoded."""
++class FDict(dict):
++def __setitem__(self, k, v):
++if k not in self:
++super().__setitem__(k, v)
++
+ certs = None
+ cert_encoded = None
+-with zipfile.ZipFile(apkpath, 'r') as apk:
+-cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
+-if len(cert_files) > 1:
+-logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
+-return None
+-elif len(cert_files) == 1:
+-cert_encoded = get_certificate(apk.read(cert_files[0]))
+-
+-if not cert_encoded and use_androguard():
++if use_androguard():
+ apkobject = _get_androguard_APK(apkpath)
+-certs = apkobject.get_certificates_der_v2()
++apkobject._v2_blocks = FDict()
++certs = apkobject.get_certificates_der_v3()
+ if len(certs) > 0:
+-logging.debug(_('Using APK Signature v2'))
++logging.debug(_('Using APK Signature v3'))
+ cert_encoded = certs[0]
+ if not cert_encoded:
+-certs = apkobject.get_certificates_der_v3()
++certs = apkobject.get_certificates_der_v2()
+ if len(certs) > 0:
+-logging.debug(_('Using APK Signature v3'))
++logging.debug(_('Using APK Signature v2'))
+ cert_encoded = certs[0]
+ 
++if not cert_encoded:
++with zipfile.ZipFile(apkpath, 'r') as apk:
++cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
++if len(cert_files) > 1:
++logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
++return None
++elif len(cert_files) == 1:
++cert_encoded = get_certificate(apk.read(cert_files[0]))
++
+ if not cert_encoded:
+ logging.error(_("No signing certificates found in {path}").format(path=apkpath))
+ return None
diff --git a/debian/patches/series b/debian/patches/series
index ab17e6df..8e2df116 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 debian-java-detection.patch
 ignore-irrelevant-test.patch
 scanner-tests-need-dexdump.patch
+0004-Fix-signer-certificate-checks.patch


signature.asc
Description: PGP signature

Bug#1068798: bookworm-pu: package fdroidserver/2.2.1-1


Forgot the patch..
diff --git a/debian/changelog b/debian/changelog
index a990dc45..05aabd67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+fdroidserver (2.2.1-1+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * Add patch to fix security issue in certificate checks
+
+ -- Jochen Sprickerhof   Thu, 11 Apr 2024 11:20:33 +0200
+
 fdroidserver (2.2.1-1) unstable; urgency=medium
 
   * New upstream version 2.2.1
diff --git a/debian/patches/0004-Fix-signer-certificate-checks.patch b/debian/patches/0004-Fix-signer-certificate-checks.patch
new file mode 100644
index ..8830d788
--- /dev/null
+++ b/debian/patches/0004-Fix-signer-certificate-checks.patch
@@ -0,0 +1,72 @@
+From: "FC (Fay) Stegerman" 
+Date: Thu, 11 Apr 2024 11:11:46 +0200
+Subject: Fix signer certificate checks
+
+This fixes the order the signatures are checked to be the same as
+Android does them and monkey patches androguard to handle duplicate
+signing blocks.
+
+This was reported as:
+
+https://www.openwall.com/lists/oss-security/2024/04/08/8
+
+Patch taken from:
+
+https://github.com/obfusk/fdroid-fakesigner-poc/blob/master/fdroidserver.patch
+---
+ fdroidserver/common.py | 33 -
+ 1 file changed, 20 insertions(+), 13 deletions(-)
+
+diff --git a/fdroidserver/common.py b/fdroidserver/common.py
+index bc4265e..bd1a4c8 100644
+--- a/fdroidserver/common.py
 b/fdroidserver/common.py
+@@ -3001,28 +3001,35 @@ def signer_fingerprint(cert_encoded):
+ 
+ def get_first_signer_certificate(apkpath):
+ """Get the first signing certificate from the APK, DER-encoded."""
++class FDict(dict):
++def __setitem__(self, k, v):
++if k not in self:
++super().__setitem__(k, v)
++
+ certs = None
+ cert_encoded = None
+-with zipfile.ZipFile(apkpath, 'r') as apk:
+-cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
+-if len(cert_files) > 1:
+-logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
+-return None
+-elif len(cert_files) == 1:
+-cert_encoded = get_certificate(apk.read(cert_files[0]))
+-
+-if not cert_encoded and use_androguard():
++if use_androguard():
+ apkobject = _get_androguard_APK(apkpath)
+-certs = apkobject.get_certificates_der_v2()
++apkobject._v2_blocks = FDict()
++certs = apkobject.get_certificates_der_v3()
+ if len(certs) > 0:
+-logging.debug(_('Using APK Signature v2'))
++logging.debug(_('Using APK Signature v3'))
+ cert_encoded = certs[0]
+ if not cert_encoded:
+-certs = apkobject.get_certificates_der_v3()
++certs = apkobject.get_certificates_der_v2()
+ if len(certs) > 0:
+-logging.debug(_('Using APK Signature v3'))
++logging.debug(_('Using APK Signature v2'))
+ cert_encoded = certs[0]
+ 
++if not cert_encoded:
++with zipfile.ZipFile(apkpath, 'r') as apk:
++cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
++if len(cert_files) > 1:
++logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
++return None
++elif len(cert_files) == 1:
++cert_encoded = get_certificate(apk.read(cert_files[0]))
++
+ if not cert_encoded:
+ logging.error(_("No signing certificates found in {path}").format(path=apkpath))
+ return None
diff --git a/debian/patches/series b/debian/patches/series
index ab17e6df..8e2df116 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 debian-java-detection.patch
 ignore-irrelevant-test.patch
 scanner-tests-need-dexdump.patch
+0004-Fix-signer-certificate-checks.patch


signature.asc
Description: PGP signature

Bug#1068798: bookworm-pu: package fdroidserver/2.2.1-1

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: fdroidser...@packages.debian.org, Hans-Christoph Steiner 

Control: affects -1 + src:fdroidserver
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
There was a security problem reported against fdroidserver:

https://www.openwall.com/lists/oss-security/2024/04/08/8

[ Impact ]
Stable users of fdroidserver running their own repo could be tricked
into providing wrongly signed files.

[ Tests ]
Manual test on F-Droid internal datasets as well as automated tests
inside fdroidserver.

[ Risks ]
Low, the relevant code is only used to extract and verify signatures.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [ ] the issue is verified as fixed in unstable

[ Changes ]
The patch reorders the code as well as changes the code of the imported
androguard library.

[ Other info ]
Upstream is still working on a long term fix that will be uploaded to
unstable later. I agreed with upstream to use use the patch provided in
the mail on oss-security already now.

Bug#1068798: bookworm-pu: package fdroidserver/2.2.1-1