[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1025219: marked as done (libass: new upstream version 0.17.0)

Your message dated Thu, 1 Dec 2022 11:02:35 +0100
with message-id <Y4h7u4ZpgrnRT3u+@ramacher.at>
and subject line Re: Bug#1025219: libass: new upstream version 0.17.0
has caused the Debian Bug report #1025219,
regarding libass: new upstream version 0.17.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1025219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025219
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libass
Version: 1:0.16.0-1
Severity: wishlist

Hi!

a new version was just released upstream and it
would be great if it could make it into Bookworm.
  https://github.com/libass/libass/releases/0.17.0

I noticed the automatic uscan watch broke a couple days ago for many 
GitHub-hosted projects. Apparently, the asset list on the releases page
is no longer part of the website but dynamically loaded in from e.g.
  https://github.com/libass/libass/releases/expanded_assets/0.17.0
without any "latest" redirect afaik.

The best fix I can come up with atm is to use GitHub’s REST API and uscan’s
searchmode=plain to account for JSON being served instead of HTML. This also 
required to make the regex a bit stricter, but using the following watchline 
appears to work fine:

  opts=pgpsigurlmangle=s/$/.asc/,pgpmode=auto,searchmode=plain \
    https://api.github.com/repos/libass/libass/releases/latest \
    https?://[^"]*/libass-(\d+[^"]*)+\.tar\.gz

(Note: there’s a preexisting warning about pgpsigurlmangle
 being ignored because pgpmode=auto is also set. Just removing
 pgpsigurlmangle doesn’t seem to cause issues and it still checks the
 signature but I’m less sure about this change)

If you want to match and search through all releases, rather than just the 
latest one, remove the trailing /latest from the api.github.com URL.

Speaking about pgp, there’s another issue. As announced last release 
tarballs may now be signed by any one of multiple authorised keys. 
debian/upstream/signing-key.asc currently only contains Oleg’s public key, who
signed 0.15.x and 0.16.0, but this release is signed by my key, so in order for
uscan to not reject the signature, all authorised keys need to be added to
debian/upstream/signing-key.asc. I described how to do this (+ provided a patch)
and how to establish a chain of trust from Oleg’s key to the other authorised 
keys in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012524

Regarding the new optional dependency, a just barely sufficiently recent version 
of libunibreak is already packaged in Debian, so it can be linked to for making
ASS_FEATURE_WRAP_UNICODE do something.
(Otherwise the packaged release 1.1 from 2013 is rather outdated though.)

If you have any more questions or if I can somehow help
with getting the new release packaged, let me know.

Cheers

Oneric

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 1:0.17.0-1

On 2022-12-01 06:57:25 +0100, Oneric wrote:
> Source: libass
> Version: 1:0.16.0-1
> Severity: wishlist
> 
> Hi!
> 
> a new version was just released upstream and it
> would be great if it could make it into Bookworm.
>   https://github.com/libass/libass/releases/0.17.0

Thanks for the update.

> 
> I noticed the automatic uscan watch broke a couple days ago for many 
> GitHub-hosted projects. Apparently, the asset list on the releases page
> is no longer part of the website but dynamically loaded in from e.g.
>   https://github.com/libass/libass/releases/expanded_assets/0.17.0
> without any "latest" redirect afaik.
> 
> The best fix I can come up with atm is to use GitHub’s REST API and uscan’s
> searchmode=plain to account for JSON being served instead of HTML. This also 
> required to make the regex a bit stricter, but using the following watchline 
> appears to work fine:
> 
>   opts=pgpsigurlmangle=s/$/.asc/,pgpmode=auto,searchmode=plain \
>     https://api.github.com/repos/libass/libass/releases/latest \
>     https?://[^"]*/libass-(\d+[^"]*)+\.tar\.gz

The project seems to have settled on variants of this.

Cheers

> 
> (Note: there’s a preexisting warning about pgpsigurlmangle
>  being ignored because pgpmode=auto is also set. Just removing
>  pgpsigurlmangle doesn’t seem to cause issues and it still checks the
>  signature but I’m less sure about this change)
> 
> If you want to match and search through all releases, rather than just the 
> latest one, remove the trailing /latest from the api.github.com URL.
> 
> Speaking about pgp, there’s another issue. As announced last release 
> tarballs may now be signed by any one of multiple authorised keys. 
> debian/upstream/signing-key.asc currently only contains Oleg’s public key, who
> signed 0.15.x and 0.16.0, but this release is signed by my key, so in order for
> uscan to not reject the signature, all authorised keys need to be added to
> debian/upstream/signing-key.asc. I described how to do this (+ provided a patch)
> and how to establish a chain of trust from Oleg’s key to the other authorised 
> keys in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012524
> 
> Regarding the new optional dependency, a just barely sufficiently recent version 
> of libunibreak is already packaged in Debian, so it can be linked to for making
> ASS_FEATURE_WRAP_UNICODE do something.
> (Otherwise the packaged release 1.1 from 2013 is rather outdated though.)
> 
> If you have any more questions or if I can somehow help
> with getting the new release packaged, let me know.
> 
> Cheers
> 
> Oneric



-- 
Sebastian Ramacher

--- End Message ---
Reply to: