Re: testing security uploads to bookworm-security
- To: Paul Gevers <elbrus@debian.org>, debian-release <debian-release@lists.debian.org>, Ansgar <ansgar@debian.org>, Debian FTP Master <ftpmaster@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, Debian Security Team <team@security.debian.org>, debian-wb-team@lists.debian.org, wb-team@buildd.debian.org, Steve McIntyre <93sam@debian.org>
- Subject: Re: testing security uploads to bookworm-security
- From: Aurelien Jarno <aurelien@aurel32.net>
- Date: Mon, 13 Mar 2023 21:59:28 +0100
- Message-id: <ZA+OsL/o7nBYi2qy@aurel32.net>
- Mail-followup-to: Paul Gevers <elbrus@debian.org>, debian-release <debian-release@lists.debian.org>, Ansgar <ansgar@debian.org>, Debian FTP Master <ftpmaster@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, Debian Security Team <team@security.debian.org>, debian-wb-team@lists.debian.org, wb-team@buildd.debian.org, Steve McIntyre <93sam@debian.org>
- In-reply-to: <ZAurIADytpSu/p+A@eldamar.lan>
- References: <dc5a483e-13dd-86da-e2cd-85fa0b310ef4@debian.org> <20230306213707.GA3909@inutil.org> <ZAcI0sCM8ZPd7Ra3@eldamar.lan> <ZAcM8Horodg+MC23@eldamar.lan> <ZAcqnEExO/msIc2C@eldamar.lan> <871qlywzhm.fsf@43-1.org> <[🔎] ZAm2gpRstNZP5Frq@eldamar.lan> <[🔎] ZAtS9DMozIptjNLN@eldamar.lan> <[🔎] ZAth3PXggrA9DNl2@aurel32.net> <ZAurIADytpSu/p+A@eldamar.lan>
Hi,
On 2023-03-10 23:11, Salvatore Bonaccorso wrote:
> Hi Aurelien,
>
> On Fri, Mar 10, 2023 at 05:59:08PM +0100, Aurelien Jarno wrote:
> > Hi,
> >
> > On 2023-03-10 16:55, Salvatore Bonaccorso wrote:
> > > Hi,
> > >
> > > On Thu, Mar 09, 2023 at 11:35:46AM +0100, Salvatore Bonaccorso wrote:
> > > > Hi Ansgar,
> > > >
> > > > [Adding debian-wb-team@lists.debian.org list]
> > > >
> > > > On Thu, Mar 09, 2023 at 01:16:21AM +0100, Ansgar wrote:
> > > > > Hi,
> > > > >
> > > > > Salvatore Bonaccorso writes:
> > > > > > python-cryptography/38.0.4-3~deb12u1 was uploaded to security-master
> > > > > > as source only upload, the upload got rejected with:
> > > > > >
> > > > > > | Source-only uploads to NEW are not allowed.
> > > > >
> > > > > There were two issues:
> > > > >
> > > > > - The override sync from ftp-master to security-master was not handling
> > > > > the fancy new `-security` addition to suite names.
> > > > >
> > > > > - `bookworm-security` was still configured to not accept any uploads
> > > > > (as was done when the suite was created to prevent accidental
> > > > > uploads).
> > > > >
> > > > > Both issues are now solved and the python-cryptography source upload was
> > > > > processed successfully.
> > > >
> > > > Thank you for addressing both. I can confirm we have now partially
> > > > builds on the embargoed queue.
> > >
> > > FTR, Steve as well uploaded src:shim to test the code signing
> > > involving path, and looks fine AFAICS. To Steve's request we will
> > > though not install those packages, so reject them from the embargoed
> > > queues.
> > >
> > > > From what I see there are the mipsel and mips64el builds missing and
> > > > according to a quick chat with Adam on IRC it is not that they are yet
> > > > just missing because of buildd overloaded. Actually bookworm-security
> > > > seems not yet configured to be handled by mipsel and mips64el buildds.
> > > >
> > > > Wanna-build team, can you have a look and check the mipsel, mips64el
> > > > status (and actually if we are setup complete as well on buildd setup
> > > > for bookworm-security)?
> >
> > Sorry to not have looked that earlier. Indeed none of the mips*el
> > buildds were configured to build bookworm-security. I have enabled it on
> > two buildds for now, but this has to be done for all buildds. We also
> > need to check that it is the case for the other architectures. I have no
> > time now, I'll keep you updated once done, but in the meantime you
> > should be able to do tests with more packages.
> >
> > > This one would still need to be checked, looping in as well Debian
> > > Build Daemon team alias. Buildd admins, chan you have a look? I still
> > > would like to install for real python-crytpography, though we have
> > > missed the window to do it earlier than the -3 upload migrated to
> > > testing. It still should work I think. Otherwise we will do then
> > > another test with another package.
> >
> > python-cryptography has now been uploaded on both mipsel and mips64el.
>
> Thanks, confirmed the two bulds arrived as well.
>
> Paul and release team, here is a summary: so I think we can confirm
> that the bookworm-security side of things works now (modulo the above
> checking by Aurelien). We did:
I have checked and updated the buildds config. We now have all bookworm
suites enabled consistently across all the buildds.
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: