Bug#871937: stretch-pu: package monkeysign/2.2.3
- To: Julien Cristau <jcristau@debian.org>, 871937@bugs.debian.org
- Subject: Bug#871937: stretch-pu: package monkeysign/2.2.3
- From: Antoine Beaupré <anarcat@debian.org>
- Date: Sun, 02 Dec 2018 11:20:50 -0500
- Message-id: <[🔎] 87pnujzyql.fsf@curie.anarc.at>
- Reply-to: Antoine Beaupré <anarcat@debian.org>, 871937@bugs.debian.org
- In-reply-to: <20181202154748.GE20332@tomate.cristau.org>
- References: <150256207108.13674.4867059542581562113.reportbug@angela.anarc.at> <150256207108.13674.4867059542581562113.reportbug@angela.anarc.at> <20170909132313.2zrmiz2nhgo2ockt@betterave.cristau.org> <20181202154748.GE20332@tomate.cristau.org> <150256207108.13674.4867059542581562113.reportbug@angela.anarc.at>
Control: reopen 871937
On 2018-12-02 16:47:48, Julien Cristau wrote:
> On Sat, Sep 09, 2017 at 03:23:13PM +0200, Julien Cristau wrote:
>> Control: tag -1 moreinfo
>>
>> On Sat, Aug 12, 2017 at 14:21:11 -0400, Antoine Beaupre wrote:
>>
>> > Package: release.debian.org
>> > Severity: normal
>> > Tags: stretch
>> > User: release.debian.org@packages.debian.org
>> > Usertags: pu
>> >
>> > Hi,
>> >
>> > I am working on a new release of Monkeysign, which I'd like to upload
>> > in Debian. If it would be just me, I would tag the current HEAD with
>> > 2.2.4, considering the changes are mostly minor and non-disruptive:
>> >
>> > angela:monkeysign$ git diff 2.2.3 --stat
>> > CONTRIBUTING.rst | 9 +-
>> > debian/gbp.conf | 2 +-
>> > doc/usage.rst | 4 +
>> > monkeysign/cli.py | 11 +-
>> > monkeysign/gpg.py | 35 ++--
>> > monkeysign/gtkui.py | 81 ++++++---
>> > monkeysign/tests/files/7B75921E.asc | 331 ++++++++++++++++++++-----------------
>> > monkeysign/tests/test_gpg.py | 21 +--
>> > monkeysign/tests/test_ui.py | 147 ++++++++++++-----
>> > monkeysign/ui.py | 168 ++++++++++++-------
>> > po/nl.po | 725 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> > 11 files changed, 1225 insertions(+), 309 deletions(-)
>> >
>> > as you can see, more than half of the diff (725 lines) is just a
>> > translation file update. The rest is fixes for tests and critical
>> > bugfixes (although the bugfixes have not been reported directly in the
>> > Debian BTS, but discovered through my own testing).
>> >
>> > Attached is the actual diff. Should I upload this as 2.2.4 to unstable
>> > and stable-pu? Or should i minimize this diff to a bare minimum and
>> > release a more targeted 2.2.4 to stable and a 2.3.0 to unstable?
>> >
>> There's no such thing as uploading the same package version to unstable
>> and proposed-updates. Please first get the changes in unstable, with
>> whatever version number. Let them sit for a while, and then come back
>> with a request for stable, with a description and justification of the
>> changes (which I couldn't see here).
>>
> That doesn't seem to have happened; closing.
I'm confused. I *did* upload the changes to unstable:
https://tracker.debian.org/news/966367/accepted-monkeysign-224-source-all-into-unstable/
They migrated to testing and everything. I guess I should have pinged
this bug report back again?
I can rephrase a description of the changes, but the changelog above is
pretty straightforward:
[ Tobias Rueetschi ]
* false isn't defined, that must be False
[ Antoine Beaupré ]
* actually send multiple emails instead of a single one
* CVE-2018-12020: add no verbose to avoid fake signatures
Here's the actual diff, according to git:
diff --git c/debian/changelog w/debian/changelog
index db96510..1f1d667 100644
--- c/debian/changelog
+++ w/debian/changelog
@@ -1,3 +1,14 @@
+monkeysign (2.2.4) unstable; urgency=medium
+
+ [ Tobias Rueetschi ]
+ * false isn't defined, that must be False
+
+ [ Antoine Beaupré ]
+ * actually send multiple emails instead of a single one
+ * CVE-2018-12020: add no verbose to avoid fake signatures
+
+ -- Antoine Beaupré <anarcat@debian.org> Mon, 18 Jun 2018 12:18:46 -0400
+
monkeysign (2.2.3) unstable; urgency=medium
[ Simon Fondrie-Teitler ]
diff --git c/monkeysign/gpg.py w/monkeysign/gpg.py
index 223073c..7746861 100644
--- c/monkeysign/gpg.py
+++ w/monkeysign/gpg.py
@@ -102,6 +102,7 @@ class Context():
'with-colons': None,
'with-fingerprint': None,
'fixed-list-mode': None,
+ 'no-verbose': None,
'list-options': 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire',
}
@@ -126,7 +127,7 @@ def unset_option(self, option):
if option in self.options:
del self.options[option]
else:
- return false
+ return False
def build_command(self, command):
"""internal helper to build a proper gpg commandline
diff --git c/monkeysign/tests/test_gpg.py w/monkeysign/tests/test_gpg.py
index 5ca8472..445ce2e 100755
--- c/monkeysign/tests/test_gpg.py
+++ w/monkeysign/tests/test_gpg.py
@@ -42,7 +42,7 @@ class TestContext(unittest.TestCase):
options = Context.options
# ... and this is the rendered version of the above
- rendered_options = ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options', 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire', '--batch', '--fixed-list-mode', '--no-tty', '--with-colons', '--use-agent', '--status-fd', '2', '--quiet' ]
+ rendered_options = ['gpg', '--command-fd', '0', '--with-fingerprint', '--list-options', 'show-sig-subpackets,show-uid-validity,show-unusable-uids,show-unusable-subkeys,show-keyring,show-sig-expire', '--batch', '--fixed-list-mode', '--no-tty', '--with-colons', '--use-agent', '--status-fd', '2', '--quiet', '--no-verbose' ]
def setUp(self):
self.gpg = Context()
diff --git c/monkeysign/tests/test_network.py w/monkeysign/tests/test_network.py
index b082fb5..b7f8d1f 100755
--- c/monkeysign/tests/test_network.py
+++ w/monkeysign/tests/test_network.py
@@ -29,7 +29,7 @@
sys.path.insert(0, os.path.dirname(__file__) + '/../..')
from monkeysign.gpg import TempKeyring
-from test_lib import TestTimeLimit, AlarmException, find_test_file, skipUnlessNetwork
+from test_lib import TestTimeLimit, AlarmException, find_test_file, skipUnlessNetwork, skipIfDatePassed
@skipUnlessNetwork()
@@ -52,6 +52,7 @@ def test_fetch_keys(self):
except AlarmException:
raise unittest.case._ExpectedFailure(sys.exc_info())
+ @skipIfDatePassed('2017-02-25T00:00:00UTC')
def test_special_key(self):
"""test a key that sign_key had trouble with"""
self.assertTrue(self.gpg.import_data(open(find_test_file('96F47C6A.asc')).read()))
diff --git c/monkeysign/ui.py w/monkeysign/ui.py
index b05078a..030939c 100644
--- c/monkeysign/ui.py
+++ w/monkeysign/ui.py
@@ -612,7 +612,7 @@ def export_key(self):
if len(self.signed_keys) < 1:
self.warn(_('no key signed, nothing to export'))
-
+ ret = True
for fpr, key in self.signed_keys.items():
if self.chosen_uid is None:
for uid in key.uids.values():
@@ -621,14 +621,15 @@ def export_key(self):
except GpgRuntimeError as e:
self.warn(_('failed to create email: %s') % e)
break
- return self.sendmail(msg)
+ ret = ret and self.sendmail(msg)
else:
try:
msg = EmailFactory(self.tmpkeyring.export_data(fpr), fpr, self.chosen_uid, from_user, self.options.to)
except GpgRuntimeError as e:
self.warn(_('failed to create email: %s') % e)
break
- return self.sendmail(msg)
+ ret = self.sendmail(msg)
+ return ret
def sendmail(self, msg):
"""actually send the email
I skipped the translation changes to minimize the change.
Can we reconsider this?
A.
--
The future is already here – it's just not very evenly distributed.
- William Gibson
Reply to: