Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
please unblock devscripts/2.19.5 - debdiff (filtering out the po files)
is attached.
Changes are:
* typos in documentation
* small fixes in salsa(1) and a tiny one in uscan(1)
* important fixes in mk-origtargz(1) - see the recent post on d-d@ from
guillem
Thanks for considering.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
debian/changelog | 34 ++++++++++++++++++-
lib/Devscripts/MkOrigtargz.pm | 42 +++++++++++++++++-------
lib/Devscripts/Salsa/Config.pm | 4 +-
lib/Devscripts/Salsa/check_repo.pm | 1
lib/Devscripts/Salsa/update_repo.pm | 6 +++
lib/Devscripts/Uscan/WatchFile.pm | 2 -
scripts/hardening-check.pl | 10 ++---
scripts/salsa.pl | 6 ++-
scripts/uscan.pl | 3 +
test/lib_test_uscan | 2 -
test/test_mk-origtargz | 63 ++++++++++++++++++++++++++++++++++--
11 files changed, 147 insertions(+), 26 deletions(-)
diffstat for devscripts-2.19.4 devscripts-2.19.5
diff -Nru devscripts-2.19.4/debian/changelog devscripts-2.19.5/debian/changelog
--- devscripts-2.19.4/debian/changelog 2019-03-20 16:57:59.000000000 +0100
+++ devscripts-2.19.5/debian/changelog 2019-05-09 17:01:29.000000000 +0200
@@ -1,3 +1,35 @@
+devscripts (2.19.5) unstable; urgency=medium
+
+ [ Topi Miettinen ]
+ * hardening-check:
+ + Fix some typos in the documentation. MR: !118
+
+ [ Xavier Guimard ]
+ * Update French translation.
+ * uscan:
+ + Don't fail on first error when using multiple watch files.
+ Closes: #927864; MR: !119
+ * salsa: MR: !117
+ + Fix token regexp to allow "-" in GitLab tokens.
+ + Fix useless warnings when old description is null. Closes: #927367
+ + Accept sub-groups in --group parameter. Closes: #927350
+ + Fix bad warning if user is an inherited member of a subgroup.
+ Closes: #927373
+
+ [ Edward Betts ]
+ * Correct some spelling errors in documentation. MR: !116
+
+ [ Guillem Jover ]
+ * mk-origtargz: MR: !120
+ + Do not enarmor already armored OpenPGP signatures. This actively caused
+ broken .asc files to be uploaded to the archive.
+ + Pass --no-options to gpg.
+ + Prevent duplicating the signature in case mk-origtargz is called twice.
+ + Fix OpenPGP signature ASCII enarmor normalization.
+ + Minore code improvements.
+
+ -- Mattia Rizzolo <mattia@debian.org> Thu, 09 May 2019 17:01:29 +0200
+
devscripts (2.19.4) unstable; urgency=medium
[ Antonio Terceiro ]
@@ -41,7 +73,7 @@
+ Add KGB options configuration. Closes: #921641; MR: !115
* uscan:
+ Fix bad check for "verbose" in Config.pm. Closes: #923441; MR: !111
- * Update French translation
+ * Update French translation.
[ Reiner Herrmann ]
* Update German translation.
diff -Nru devscripts-2.19.4/lib/Devscripts/MkOrigtargz.pm devscripts-2.19.5/lib/Devscripts/MkOrigtargz.pm
--- devscripts-2.19.4/lib/Devscripts/MkOrigtargz.pm 2019-03-01 10:39:51.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/MkOrigtargz.pm 2019-05-09 16:52:33.000000000 +0200
@@ -307,9 +307,6 @@
# Final step: symlink, copy or rename for signature file.
- my $is_ascfile = $self->config->signature_file =~ /\.asc$/i;
- my $is_gpgfile = $self->config->signature_file =~ /\.(gpg|pgp|sig|sign)$/i;
-
my $destsigfile;
if ($self->config->signature == 1) {
$destsigfile = sprintf "%s.asc", $destfile;
@@ -324,22 +321,43 @@
}
if ($self->config->signature == 1 or $self->config->signature == 2) {
- if ($is_gpgfile) {
- my $enarmor
- = `gpg --output - --enarmor $self->{config}->{signature_file} 2>&1`;
+ my $is_openpgp_ascii_armor = 0;
+ my $fh_sig;
+ unless (open($fh_sig, '<', $self->config->signature_file)) {
+ ds_die "Cannot open $self->{config}->{signature_file}\n";
+ return $self->status(1);
+ }
+ while (<$fh_sig>) {
+ if (m/^-----BEGIN PGP /) {
+ $is_openpgp_ascii_armor = 1;
+ last;
+ }
+ }
+ close($fh_sig);
+
+ if (not $is_openpgp_ascii_armor) {
+ my @enarmor
+ = `gpg --no-options --output - --enarmor $self->{config}->{signature_file} 2>&1`;
unless ($? == 0) {
ds_die
-"mk-origtargz: Failed to convert $self->{config}->{signature_file} to *.asc\n";
+"Failed to convert $self->{config}->{signature_file} to *.asc\n";
return $self->status(1);
}
- $enarmor =~ s/ARMORED FILE/SIGNATURE/;
- $enarmor =~ /^Comment:/d;
- unless (open(DESTSIG, ">> $destsigfile")) {
+ unless (open(DESTSIG, '>', $destsigfile)) {
+ ds_die "Failed to open $destsigfile for write $!\n";
+ return $self->status(1);
+ }
+ foreach my $line (@enarmor) {
+ next if $line =~ m/^Version:/;
+ next if $line =~ m/^Comment:/;
+ $line =~ s/ARMORED FILE/SIGNATURE/;
+ print DESTSIG $line;
+ }
+ unless (close(DESTSIG)) {
ds_die
- "mk-origtargz: Failed to open $destsigfile for append: $!\n";
+"Cannot write signature file $self->{config}->{signature_file}\n";
return $self->status(1);
}
- print DESTSIG $enarmor;
} else {
if (abs_path($self->config->signature_file) ne
abs_path($destsigfile)) {
diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/check_repo.pm devscripts-2.19.5/lib/Devscripts/Salsa/check_repo.pm
--- devscripts-2.19.4/lib/Devscripts/Salsa/check_repo.pm 2019-03-11 17:07:17.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Salsa/check_repo.pm 2019-05-09 16:52:23.000000000 +0200
@@ -41,6 +41,7 @@
# check description
my %prms = $self->desc($name);
if ($self->config->desc) {
+ $project->{description} //= '';
push @err, "bad description: $project->{description}"
if ($prms{description} ne $project->{description});
}
diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/Config.pm devscripts-2.19.5/lib/Devscripts/Salsa/Config.pm
--- devscripts-2.19.4/lib/Devscripts/Salsa/Config.pm 2019-03-11 17:07:17.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Salsa/Config.pm 2019-05-09 16:52:23.000000000 +0200
@@ -70,7 +70,7 @@
return /^[\w\d\-]+$/ ? 1 : (0, "Bad path $_");
}
],
- ['group=s', 'SALSA_GROUP', qr/^[\-\w]+$/],
+ ['group=s', 'SALSA_GROUP', qr/^[\/\-\w]+$/],
['group-id=s', 'SALSA_GROUP_ID', qr/^\d+$/],
['token', 'SALSA_TOKEN', sub { $_[0]->private_token($_[1]) }],
[
@@ -83,7 +83,7 @@
my $s = join '', <F>;
close F;
if ($s
- =~ m/^[^#]*(?:SALSA_(?:PRIVATE_)?TOKEN)\s*=\s*(["'])?(\w+)\1?$/m
+ =~ m/^[^#]*(?:SALSA_(?:PRIVATE_)?TOKEN)\s*=\s*(["'])?([-\w]+)\1?$/m
) {
$self->private_token($2);
return 1;
diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/update_repo.pm devscripts-2.19.5/lib/Devscripts/Salsa/update_repo.pm
--- devscripts-2.19.4/lib/Devscripts/Salsa/update_repo.pm 2019-03-01 12:04:49.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Salsa/update_repo.pm 2019-05-09 16:52:23.000000000 +0200
@@ -115,6 +115,12 @@
if ($self->group_id) {
my $tmp = $self->api->group_member($self->group_id, $user_id);
unless ($tmp) {
+ my $members
+ = $self->api->paginator('all_group_members', $self->group_id,
+ { query => $user_id });
+ while ($_ = $members->next) {
+ return $_->{access_level} if ($_->{id} eq $user_id);
+ }
ds_warn "You're not member of this group";
return 0;
}
diff -Nru devscripts-2.19.4/lib/Devscripts/Uscan/WatchFile.pm devscripts-2.19.5/lib/Devscripts/Uscan/WatchFile.pm
--- devscripts-2.19.4/lib/Devscripts/Uscan/WatchFile.pm 2019-03-01 12:04:49.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Uscan/WatchFile.pm 2019-05-09 16:52:23.000000000 +0200
@@ -345,7 +345,7 @@
foreach my $line (@{ $self->watchlines }) {
# Set same $download for all
$line->shared->{download} = $download;
- # Non "group" lines where not intialized
+ # Non "group" lines where not initialized
unless ($line->type eq 'group') {
if ( $line->parse
or $line->search
diff -Nru devscripts-2.19.4/scripts/hardening-check.pl devscripts-2.19.5/scripts/hardening-check.pl
--- devscripts-2.19.4/scripts/hardening-check.pl 2019-03-01 10:39:51.000000000 +0100
+++ devscripts-2.19.5/scripts/hardening-check.pl 2019-04-28 16:13:11.000000000 +0200
@@ -502,23 +502,23 @@
=item B<--nopie>, B<-p>
-No not require that the checked binaries be built as PIE.
+Do not require that the checked binaries be built as PIE.
=item B<--nostackprotector>, B<-s>
-No not require that the checked binaries be built with the stack protector.
+Do not require that the checked binaries be built with the stack protector.
=item B<--nofortify>, B<-f>
-No not require that the checked binaries be built with Fority Source.
+Do not require that the checked binaries be built with Fortify Source.
=item B<--norelro>, B<-r>
-No not require that the checked binaries be built with RELRO.
+Do not require that the checked binaries be built with RELRO.
=item B<--nobindnow>, B<-b>
-No not require that the checked binaries be built with BIND_NOW.
+Do not require that the checked binaries be built with BIND_NOW.
=item B<--quiet>, B<-q>
diff -Nru devscripts-2.19.4/scripts/salsa.pl devscripts-2.19.5/scripts/salsa.pl
--- devscripts-2.19.4/scripts/salsa.pl 2019-03-11 17:07:17.000000000 +0100
+++ devscripts-2.19.5/scripts/salsa.pl 2019-05-09 16:52:23.000000000 +0200
@@ -430,6 +430,10 @@
Team to use. Use C<salsa search_group name> to find it.
+If you want to use a subgroup, you have to set its full path:
+
+ salsa --group perl-team/modules/packages check_repo lemonldap-ng
+
C<.devscripts> value: B<SALSA_GROUP>
Be careful when you use B<SALSA_GROUP> in your C<.devscripts> file. Every
@@ -800,7 +804,7 @@
Copyright (C) 2018, Xavier Guimard E<lt>yadd@debian.orgE<gt>
-It contains code formely found in L<dpt-salsa> I<(pkg-perl-tools)>
+It contains code formerly found in L<dpt-salsa> I<(pkg-perl-tools)>
copyright 2018, gregor herrmann E<lt>gregoa@debian.orgE<gt>.
This library is free software; you can redistribute it and/or modify
diff -Nru devscripts-2.19.4/scripts/uscan.pl devscripts-2.19.5/scripts/uscan.pl
--- devscripts-2.19.4/scripts/uscan.pl 2019-03-01 12:04:49.000000000 +0100
+++ devscripts-2.19.5/scripts/uscan.pl 2019-05-09 16:52:23.000000000 +0200
@@ -2010,7 +2010,8 @@
my @wf = find_watch_files($config);
foreach (@wf) {
- $res ||= process_watchfile(@$_);
+ my $tmp = process_watchfile(@$_);
+ $res ||= $tmp;
# Are there any warnings to give if we're using dehs?
dehs_output if ($dehs);
diff -Nru devscripts-2.19.4/test/lib_test_uscan devscripts-2.19.5/test/lib_test_uscan
--- devscripts-2.19.4/test/lib_test_uscan 2019-03-20 14:02:49.000000000 +0100
+++ devscripts-2.19.5/test/lib_test_uscan 2019-05-09 16:52:23.000000000 +0200
@@ -53,7 +53,7 @@
# magic function that pipes stdout and stderr into a pipe, and prints it only
# on command failure.
# This uses a pipe, so it has limited capacity. Do not use it with stuff
-# outputing too much data.
+# outputting too much data.
chronic_sh (){
local pipe
pipe=$(mktemp -u)
diff -Nru devscripts-2.19.4/test/test_mk-origtargz devscripts-2.19.5/test/test_mk-origtargz
--- devscripts-2.19.4/test/test_mk-origtargz 2019-03-01 10:39:51.000000000 +0100
+++ devscripts-2.19.5/test/test_mk-origtargz 2019-05-09 16:52:33.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Copyright 2014, Rafael Laboissiere <rafael@laboissiere.net>
# Copyright 2015, James McCoy <jamessan@debian.org>
@@ -18,6 +18,10 @@
set -u
+# Load GPG
+TESTTYPE=MkOrigTarGz
+. ./lib_test_uscan
+
if test "${1:-}" = --installed; then
MK_ORIGTARGZ="mk-origtargz"
shift
@@ -72,9 +76,31 @@
}
makeTarBall () {
- comp="$1";
+ comp="$1"
+ mkgpg="${2:-none}"
makeUpstreamFiles
tar --create --auto-compress --file "$TMPDIR/foo-0.1.tar.$comp" --directory "$TMPDIR" foo-0.1
+ local gpgopts=(
+ chronic_sh $GPG
+ --homedir "$GPGHOME"
+ --no-options -q --batch --no-default-keyring
+ --secret-keyring "$PRIVATE_KEYRING"
+ --default-key 72544FAF
+ --detach-sign
+ )
+ case "$mkgpg" in
+ sig)
+ "${gpgopts[@]}" "$TMPDIR/foo-0.1.tar.$comp"
+ ;;
+ asc)
+ "${gpgopts[@]}" --armor "$TMPDIR/foo-0.1.tar.$comp"
+ ;;
+ none)
+ ;;
+ *)
+ fail "unknown parameter in makeTarBall()"
+ ;;
+ esac
rm -rf "$TMPDIR/foo-0.1"
}
makeSimpleTar () {
@@ -235,6 +261,39 @@
assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)"
}
+testSymlinkWithConvertedSig() {
+ makeTarBall gz sig
+ makeDebianDir
+ run_mk_origtargz foo "" \
+ "Successfully symlinked ../foo-0.1.tar.gz to ../foo_0.1.orig.tar.gz." \
+ --signature 1 --signature-file=../foo-0.1.tar.gz.sig \
+ ../foo-0.1.tar.gz
+ assertTrue "original tarball does not exist" "[ -e $TMPDIR/foo-0.1.tar.gz ]"
+ assertTrue "result does not exist" "[ -e $TMPDIR/foo_0.1.orig.tar.gz ]"
+ assertTrue "result is not a symlink" "[ -L $TMPDIR/foo_0.1.orig.tar.gz ]"
+ assertTrue "result is not readable" "[ -r $TMPDIR/foo_0.1.orig.tar.gz ]"
+ assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)"
+ assertTrue "signature isn't valid" "$GPG --homedir '$GPGHOME' --verify $TMPDIR/foo_0.1.orig.tar.gz.asc"
+}
+
+testSymlinkWithArmoredSig() {
+ # MR for https://lists.debian.org/debian-devel/2019/04/msg00459.html
+ makeTarBall gz asc
+ # an armored signature, but with the wrong extension.
+ mv $TMPDIR/foo-0.1.tar.gz.asc $TMPDIR/foo-0.1.tar.gz.sig
+ makeDebianDir
+ run_mk_origtargz foo "" \
+ "Successfully symlinked ../foo-0.1.tar.gz to ../foo_0.1.orig.tar.gz." \
+ --signature 1 --signature-file=../foo-0.1.tar.gz.sig \
+ ../foo-0.1.tar.gz
+ assertTrue "original tarball does not exist" "[ -e $TMPDIR/foo-0.1.tar.gz ]"
+ assertTrue "result does not exist" "[ -e $TMPDIR/foo_0.1.orig.tar.gz ]"
+ assertTrue "result is not a symlink" "[ -L $TMPDIR/foo_0.1.orig.tar.gz ]"
+ assertTrue "result is not readable" "[ -r $TMPDIR/foo_0.1.orig.tar.gz ]"
+ assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)"
+ assertTrue "signature isn't valid" "$GPG --homedir '$GPGHOME' --verify $TMPDIR/foo_0.1.orig.tar.gz.asc"
+}
+
testCopy() {
makeTarBall gz
makeDebianDir
Attachment:
signature.asc
Description: PGP signature