Your message dated Mon, 15 Apr 2019 10:33:22 +0000 with message-id <e1hfyvs-00068h...@respighi.debian.org> and subject line unblock python-trustme has caused the Debian Bug report #927118, regarding unblock: python-trustme/0.4.0-3 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927118: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock Please unblock package python-trustme This fixes a second FTBFS, further to the previous unblock request in bug 925576. This time the build failed on the buildds but not in my local testing because openssl was installed there, which (correctly) isn't a build dependency. The fix is to generate larger keys. The same change has now been accepted by upstream. diff -Nru python-trustme-0.4.0/debian/changelog python-trustme-0.4.0/debian/changelog --- python-trustme-0.4.0/debian/changelog 2018-10-13 22:48:59.000000000 +0100 +++ python-trustme-0.4.0/debian/changelog 2019-04-13 17:30:43.000000000 +0100 @@ -1,3 +1,19 @@ +python-trustme (0.4.0-3) unstable; urgency=medium + + * d/p/keysize: bump test key sizes to 2048 to fulfil Debian's new default + requirement. This fixes another FTBFS due to test failure in the case that + the openssl binary package is installed, which is not a build dependency, + but apparently the buildds have it by default. Closes: #926652. + + -- Robie Basak <ro...@justgohome.co.uk> Sat, 13 Apr 2019 17:30:20 +0100 + +python-trustme (0.4.0-2) unstable; urgency=medium + + * Explicitly build-depend on python3-idna to fix FTBFS. + Closes: #925566. + + -- Robie Basak <ro...@justgohome.co.uk> Tue, 26 Mar 2019 23:22:42 +0000 + python-trustme (0.4.0-1) unstable; urgency=low * Initial release. Closes: #910951. diff -Nru python-trustme-0.4.0/debian/control python-trustme-0.4.0/debian/control --- python-trustme-0.4.0/debian/control 2018-10-13 22:48:59.000000000 +0100 +++ python-trustme-0.4.0/debian/control 2019-04-13 17:22:21.000000000 +0100 @@ -6,6 +6,7 @@ Build-Depends: debhelper (>= 9~), dh-python, python3, + python3-idna, python3-openssl, python3-pytest, python3-service-identity, diff -Nru python-trustme-0.4.0/debian/patches/keysize python-trustme-0.4.0/debian/patches/keysize --- python-trustme-0.4.0/debian/patches/keysize 1970-01-01 01:00:00.000000000 +0100 +++ python-trustme-0.4.0/debian/patches/keysize 2019-04-13 17:26:01.000000000 +0100 @@ -0,0 +1,33 @@ +From 96b8799325fa0f53fad4db529cbd2d25af42ebff Mon Sep 17 00:00:00 2001 +From: Robie Basak <ro...@justgohome.co.uk> +Date: Sat, 13 Apr 2019 17:02:53 +0100 +Subject: [PATCH] Increase key size to 2048 bits + +Debian changed the default security level to 2 since openssl package +version 1.1.1~~pre9-1 (August 2018), which requires a minimum key size +of 2048 bit or larger RSA and DHE keys. To avoid test failures on newer +Debian systems against OpenSSL, use a key size of at least 2048 bits. + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926652 +Forwarded: https://github.com/python-trio/trustme/pull/45 +Last-Update: 2019-04-13 +--- + trustme/__init__.py | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/trustme/__init__.py ++++ b/trustme/__init__.py +@@ -33,7 +33,12 @@ + # On my laptop, making a CA + server certificate using 1024 bit keys takes ~40 + # ms, and using 4096 bit keys takes ~2 seconds. We want tests to run in 40 ms, + # not 2 seconds. +-_KEY_SIZE = 1024 ++# ++# However, Debian changed the default security level to 2 in openssl ++# 1.1.1~~pre9-1 (August 2018), which requires a minimum key size of 2048 bit or ++# larger for RSA and DHE keys. To avoid test failures on newer Debian systems ++# against OpenSSL, we must therefore use a key size of at least 2048 bits. ++_KEY_SIZE = 2048 + + def _name(name): + return x509.Name([ diff -Nru python-trustme-0.4.0/debian/patches/series python-trustme-0.4.0/debian/patches/series --- python-trustme-0.4.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ python-trustme-0.4.0/debian/patches/series 2019-04-13 17:25:34.000000000 +0100 @@ -0,0 +1 @@ +keysize unblock python-trustme/0.4.0-3
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Unblocked python-trustme.
--- End Message ---