Bug#928720: marked as done (unblock: devscripts/2.19.5)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#928720: marked as done (unblock: devscripts/2.19.5)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 11 May 2019 13:39:03 +0000
Message-id: <[🔎] handler.928720.D928720.155758182631801.ackdone@bugs.debian.org>
Reply-to: 928720@bugs.debian.org
References: <a4f01558-b2ec-092c-9969-8807e00c0db5@thykier.net> <[🔎] 20190509152440.GY8464@mapreri.org>

Your message dated Sat, 11 May 2019 13:36:00 +0000
with message-id <a4f01558-b2ec-092c-9969-8807e00c0db5@thykier.net>
and subject line Re: Bug#928720: unblock: devscripts/2.19.5
has caused the Debian Bug report #928720,
regarding unblock: devscripts/2.19.5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
928720: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928720
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: unblock: devscripts/2.19.5
From: Mattia Rizzolo <mattia@debian.org>
Date: Thu, 9 May 2019 17:24:43 +0200
Message-id: <[🔎] 20190509152440.GY8464@mapreri.org>

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

please unblock devscripts/2.19.5 - debdiff (filtering out the po files)
is attached.

Changes are:
 * typos in documentation
 * small fixes in salsa(1) and a tiny one in uscan(1)
 * important fixes in mk-origtargz(1) - see the recent post on d-d@ from
   guillem

Thanks for considering.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

 debian/changelog                    |   34 ++++++++++++++++++-
 lib/Devscripts/MkOrigtargz.pm       |   42 +++++++++++++++++-------
 lib/Devscripts/Salsa/Config.pm      |    4 +-
 lib/Devscripts/Salsa/check_repo.pm  |    1 
 lib/Devscripts/Salsa/update_repo.pm |    6 +++
 lib/Devscripts/Uscan/WatchFile.pm   |    2 -
 scripts/hardening-check.pl          |   10 ++---
 scripts/salsa.pl                    |    6 ++-
 scripts/uscan.pl                    |    3 +
 test/lib_test_uscan                 |    2 -
 test/test_mk-origtargz              |   63 ++++++++++++++++++++++++++++++++++--
 11 files changed, 147 insertions(+), 26 deletions(-)
diffstat for devscripts-2.19.4 devscripts-2.19.5

diff -Nru devscripts-2.19.4/debian/changelog devscripts-2.19.5/debian/changelog
--- devscripts-2.19.4/debian/changelog	2019-03-20 16:57:59.000000000 +0100
+++ devscripts-2.19.5/debian/changelog	2019-05-09 17:01:29.000000000 +0200
@@ -1,3 +1,35 @@
+devscripts (2.19.5) unstable; urgency=medium
+
+  [ Topi Miettinen ]
+  * hardening-check:
+    + Fix some typos in the documentation.  MR: !118
+
+  [ Xavier Guimard ]
+  * Update French translation.
+  * uscan:
+    + Don't fail on first error when using multiple watch files.
+      Closes: #927864; MR: !119
+  * salsa:  MR: !117
+    + Fix token regexp to allow "-" in GitLab tokens.
+    + Fix useless warnings when old description is null.  Closes: #927367
+    + Accept sub-groups in --group parameter.  Closes: #927350
+    + Fix bad warning if user is an inherited member of a subgroup.
+      Closes: #927373
+
+  [ Edward Betts ]
+  * Correct some spelling errors in documentation.  MR: !116
+
+  [ Guillem Jover ]
+  * mk-origtargz:  MR: !120
+    + Do not enarmor already armored OpenPGP signatures.  This actively caused
+      broken .asc files to be uploaded to the archive.
+    + Pass --no-options to gpg.
+    + Prevent duplicating the signature in case mk-origtargz is called twice.
+    + Fix OpenPGP signature ASCII enarmor normalization.
+    + Minore code improvements.
+
+ -- Mattia Rizzolo <mattia@debian.org>  Thu, 09 May 2019 17:01:29 +0200
+
 devscripts (2.19.4) unstable; urgency=medium
 
   [ Antonio Terceiro ]
@@ -41,7 +73,7 @@
     + Add KGB options configuration.  Closes: #921641; MR: !115
   * uscan:
     + Fix bad check for "verbose" in Config.pm.  Closes: #923441; MR: !111
-  * Update French translation
+  * Update French translation.
 
   [ Reiner Herrmann ]
   * Update German translation.
diff -Nru devscripts-2.19.4/lib/Devscripts/MkOrigtargz.pm devscripts-2.19.5/lib/Devscripts/MkOrigtargz.pm
--- devscripts-2.19.4/lib/Devscripts/MkOrigtargz.pm	2019-03-01 10:39:51.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/MkOrigtargz.pm	2019-05-09 16:52:33.000000000 +0200
@@ -307,9 +307,6 @@
 
     # Final step: symlink, copy or rename for signature file.
 
-    my $is_ascfile = $self->config->signature_file =~ /\.asc$/i;
-    my $is_gpgfile = $self->config->signature_file =~ /\.(gpg|pgp|sig|sign)$/i;
-
     my $destsigfile;
     if ($self->config->signature == 1) {
         $destsigfile = sprintf "%s.asc", $destfile;
@@ -324,22 +321,43 @@
     }
 
     if ($self->config->signature == 1 or $self->config->signature == 2) {
-        if ($is_gpgfile) {
-            my $enarmor
-              = `gpg --output - --enarmor $self->{config}->{signature_file} 2>&1`;
+        my $is_openpgp_ascii_armor = 0;
+        my $fh_sig;
+        unless (open($fh_sig, '<', $self->config->signature_file)) {
+            ds_die "Cannot open $self->{config}->{signature_file}\n";
+            return $self->status(1);
+        }
+        while (<$fh_sig>) {
+            if (m/^-----BEGIN PGP /) {
+                $is_openpgp_ascii_armor = 1;
+                last;
+            }
+        }
+        close($fh_sig);
+
+        if (not $is_openpgp_ascii_armor) {
+            my @enarmor
+              = `gpg --no-options --output - --enarmor $self->{config}->{signature_file} 2>&1`;
             unless ($? == 0) {
                 ds_die
-"mk-origtargz: Failed to convert $self->{config}->{signature_file} to *.asc\n";
+"Failed to convert $self->{config}->{signature_file} to *.asc\n";
                 return $self->status(1);
             }
-            $enarmor =~ s/ARMORED FILE/SIGNATURE/;
-            $enarmor =~ /^Comment:/d;
-            unless (open(DESTSIG, ">> $destsigfile")) {
+            unless (open(DESTSIG, '>', $destsigfile)) {
+                ds_die "Failed to open $destsigfile for write $!\n";
+                return $self->status(1);
+            }
+            foreach my $line (@enarmor) {
+                next if $line =~ m/^Version:/;
+                next if $line =~ m/^Comment:/;
+                $line =~ s/ARMORED FILE/SIGNATURE/;
+                print DESTSIG $line;
+            }
+            unless (close(DESTSIG)) {
                 ds_die
-                  "mk-origtargz: Failed to open $destsigfile for append: $!\n";
+"Cannot write signature file $self->{config}->{signature_file}\n";
                 return $self->status(1);
             }
-            print DESTSIG $enarmor;
         } else {
             if (abs_path($self->config->signature_file) ne
                 abs_path($destsigfile)) {
diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/check_repo.pm devscripts-2.19.5/lib/Devscripts/Salsa/check_repo.pm
--- devscripts-2.19.4/lib/Devscripts/Salsa/check_repo.pm	2019-03-11 17:07:17.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Salsa/check_repo.pm	2019-05-09 16:52:23.000000000 +0200
@@ -41,6 +41,7 @@
         # check description
         my %prms = $self->desc($name);
         if ($self->config->desc) {
+            $project->{description} //= '';
             push @err, "bad description: $project->{description}"
               if ($prms{description} ne $project->{description});
         }
diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/Config.pm devscripts-2.19.5/lib/Devscripts/Salsa/Config.pm
--- devscripts-2.19.4/lib/Devscripts/Salsa/Config.pm	2019-03-11 17:07:17.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Salsa/Config.pm	2019-05-09 16:52:23.000000000 +0200
@@ -70,7 +70,7 @@
             return /^[\w\d\-]+$/ ? 1 : (0, "Bad path $_");
         }
     ],
-    ['group=s',    'SALSA_GROUP',    qr/^[\-\w]+$/],
+    ['group=s',    'SALSA_GROUP',    qr/^[\/\-\w]+$/],
     ['group-id=s', 'SALSA_GROUP_ID', qr/^\d+$/],
     ['token', 'SALSA_TOKEN', sub { $_[0]->private_token($_[1]) }],
     [
@@ -83,7 +83,7 @@
             my $s = join '', <F>;
             close F;
             if ($s
-                =~ m/^[^#]*(?:SALSA_(?:PRIVATE_)?TOKEN)\s*=\s*(["'])?(\w+)\1?$/m
+                =~ m/^[^#]*(?:SALSA_(?:PRIVATE_)?TOKEN)\s*=\s*(["'])?([-\w]+)\1?$/m
             ) {
                 $self->private_token($2);
                 return 1;
diff -Nru devscripts-2.19.4/lib/Devscripts/Salsa/update_repo.pm devscripts-2.19.5/lib/Devscripts/Salsa/update_repo.pm
--- devscripts-2.19.4/lib/Devscripts/Salsa/update_repo.pm	2019-03-01 12:04:49.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Salsa/update_repo.pm	2019-05-09 16:52:23.000000000 +0200
@@ -115,6 +115,12 @@
     if ($self->group_id) {
         my $tmp = $self->api->group_member($self->group_id, $user_id);
         unless ($tmp) {
+            my $members
+              = $self->api->paginator('all_group_members', $self->group_id,
+                { query => $user_id });
+            while ($_ = $members->next) {
+                return $_->{access_level} if ($_->{id} eq $user_id);
+            }
             ds_warn "You're not member of this group";
             return 0;
         }
diff -Nru devscripts-2.19.4/lib/Devscripts/Uscan/WatchFile.pm devscripts-2.19.5/lib/Devscripts/Uscan/WatchFile.pm
--- devscripts-2.19.4/lib/Devscripts/Uscan/WatchFile.pm	2019-03-01 12:04:49.000000000 +0100
+++ devscripts-2.19.5/lib/Devscripts/Uscan/WatchFile.pm	2019-05-09 16:52:23.000000000 +0200
@@ -345,7 +345,7 @@
     foreach my $line (@{ $self->watchlines }) {
         # Set same $download for all
         $line->shared->{download} = $download;
-        # Non "group" lines where not intialized
+        # Non "group" lines where not initialized
         unless ($line->type eq 'group') {
             if (   $line->parse
                 or $line->search
diff -Nru devscripts-2.19.4/scripts/hardening-check.pl devscripts-2.19.5/scripts/hardening-check.pl
--- devscripts-2.19.4/scripts/hardening-check.pl	2019-03-01 10:39:51.000000000 +0100
+++ devscripts-2.19.5/scripts/hardening-check.pl	2019-04-28 16:13:11.000000000 +0200
@@ -502,23 +502,23 @@
 
 =item B<--nopie>, B<-p>
 
-No not require that the checked binaries be built as PIE.
+Do not require that the checked binaries be built as PIE.
 
 =item B<--nostackprotector>, B<-s>
 
-No not require that the checked binaries be built with the stack protector.
+Do not require that the checked binaries be built with the stack protector.
 
 =item B<--nofortify>, B<-f>
 
-No not require that the checked binaries be built with Fority Source.
+Do not require that the checked binaries be built with Fortify Source.
 
 =item B<--norelro>, B<-r>
 
-No not require that the checked binaries be built with RELRO.
+Do not require that the checked binaries be built with RELRO.
 
 =item B<--nobindnow>, B<-b>
 
-No not require that the checked binaries be built with BIND_NOW.
+Do not require that the checked binaries be built with BIND_NOW.
 
 =item B<--quiet>, B<-q>
 
diff -Nru devscripts-2.19.4/scripts/salsa.pl devscripts-2.19.5/scripts/salsa.pl
--- devscripts-2.19.4/scripts/salsa.pl	2019-03-11 17:07:17.000000000 +0100
+++ devscripts-2.19.5/scripts/salsa.pl	2019-05-09 16:52:23.000000000 +0200
@@ -430,6 +430,10 @@
 
 Team to use. Use C<salsa search_group name> to find it.
 
+If you want to use a subgroup, you have to set its full path:
+
+  salsa --group perl-team/modules/packages check_repo lemonldap-ng
+
 C<.devscripts> value: B<SALSA_GROUP>
 
 Be careful when you use B<SALSA_GROUP> in your C<.devscripts> file. Every
@@ -800,7 +804,7 @@
 
 Copyright (C) 2018, Xavier Guimard E<lt>yadd@debian.orgE<gt>
 
-It contains code formely found in L<dpt-salsa> I<(pkg-perl-tools)>
+It contains code formerly found in L<dpt-salsa> I<(pkg-perl-tools)>
 copyright 2018, gregor herrmann E<lt>gregoa@debian.orgE<gt>.
 
 This library is free software; you can redistribute it and/or modify
diff -Nru devscripts-2.19.4/scripts/uscan.pl devscripts-2.19.5/scripts/uscan.pl
--- devscripts-2.19.4/scripts/uscan.pl	2019-03-01 12:04:49.000000000 +0100
+++ devscripts-2.19.5/scripts/uscan.pl	2019-05-09 16:52:23.000000000 +0200
@@ -2010,7 +2010,8 @@
 
 my @wf = find_watch_files($config);
 foreach (@wf) {
-    $res ||= process_watchfile(@$_);
+    my $tmp = process_watchfile(@$_);
+    $res ||= $tmp;
 
     # Are there any warnings to give if we're using dehs?
     dehs_output if ($dehs);
diff -Nru devscripts-2.19.4/test/lib_test_uscan devscripts-2.19.5/test/lib_test_uscan
--- devscripts-2.19.4/test/lib_test_uscan	2019-03-20 14:02:49.000000000 +0100
+++ devscripts-2.19.5/test/lib_test_uscan	2019-05-09 16:52:23.000000000 +0200
@@ -53,7 +53,7 @@
 # magic function that pipes stdout and stderr into a pipe, and prints it only
 # on command failure.
 # This uses a pipe, so it has limited capacity.  Do not use it with stuff
-# outputing too much data.
+# outputting too much data.
 chronic_sh (){
     local pipe
     pipe=$(mktemp -u)
diff -Nru devscripts-2.19.4/test/test_mk-origtargz devscripts-2.19.5/test/test_mk-origtargz
--- devscripts-2.19.4/test/test_mk-origtargz	2019-03-01 10:39:51.000000000 +0100
+++ devscripts-2.19.5/test/test_mk-origtargz	2019-05-09 16:52:33.000000000 +0200
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Copyright 2014, Rafael Laboissiere <rafael@laboissiere.net>
 # Copyright 2015, James McCoy <jamessan@debian.org>
@@ -18,6 +18,10 @@
 
 set -u
 
+# Load GPG
+TESTTYPE=MkOrigTarGz
+. ./lib_test_uscan
+
 if test "${1:-}" = --installed; then
     MK_ORIGTARGZ="mk-origtargz"
     shift
@@ -72,9 +76,31 @@
 
 }
 makeTarBall () {
-	comp="$1";
+	comp="$1"
+	mkgpg="${2:-none}"
 	makeUpstreamFiles
 	tar --create --auto-compress --file "$TMPDIR/foo-0.1.tar.$comp" --directory "$TMPDIR" foo-0.1
+	local gpgopts=(
+		chronic_sh $GPG
+		--homedir "$GPGHOME"
+		--no-options -q --batch --no-default-keyring
+		--secret-keyring "$PRIVATE_KEYRING"
+		--default-key 72544FAF
+		--detach-sign
+	)
+	case "$mkgpg" in
+		sig)
+			"${gpgopts[@]}" "$TMPDIR/foo-0.1.tar.$comp"
+			;;
+		asc)
+			"${gpgopts[@]}" --armor "$TMPDIR/foo-0.1.tar.$comp"
+			;;
+		none)
+			;;
+		*)
+			fail "unknown parameter in makeTarBall()"
+			;;
+	esac
 	rm -rf "$TMPDIR/foo-0.1"
 }
 makeSimpleTar () {
@@ -235,6 +261,39 @@
 	assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)"
 }
 
+testSymlinkWithConvertedSig() {
+	makeTarBall gz sig
+	makeDebianDir
+	run_mk_origtargz foo "" \
+		"Successfully symlinked ../foo-0.1.tar.gz to ../foo_0.1.orig.tar.gz." \
+		--signature 1 --signature-file=../foo-0.1.tar.gz.sig \
+		../foo-0.1.tar.gz
+	assertTrue "original tarball does not exist" "[ -e $TMPDIR/foo-0.1.tar.gz ]"
+	assertTrue "result does not exist" "[ -e $TMPDIR/foo_0.1.orig.tar.gz ]"
+	assertTrue "result is not a symlink" "[ -L $TMPDIR/foo_0.1.orig.tar.gz ]"
+	assertTrue "result is not readable" "[ -r $TMPDIR/foo_0.1.orig.tar.gz ]"
+	assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)"
+	assertTrue "signature isn't valid" "$GPG --homedir '$GPGHOME' --verify $TMPDIR/foo_0.1.orig.tar.gz.asc"
+}
+
+testSymlinkWithArmoredSig() {
+	# MR for https://lists.debian.org/debian-devel/2019/04/msg00459.html
+	makeTarBall gz asc
+	# an armored signature, but with the wrong extension.
+	mv $TMPDIR/foo-0.1.tar.gz.asc $TMPDIR/foo-0.1.tar.gz.sig
+	makeDebianDir
+	run_mk_origtargz foo "" \
+		"Successfully symlinked ../foo-0.1.tar.gz to ../foo_0.1.orig.tar.gz." \
+		--signature 1 --signature-file=../foo-0.1.tar.gz.sig \
+		../foo-0.1.tar.gz
+	assertTrue "original tarball does not exist" "[ -e $TMPDIR/foo-0.1.tar.gz ]"
+	assertTrue "result does not exist" "[ -e $TMPDIR/foo_0.1.orig.tar.gz ]"
+	assertTrue "result is not a symlink" "[ -L $TMPDIR/foo_0.1.orig.tar.gz ]"
+	assertTrue "result is not readable" "[ -r $TMPDIR/foo_0.1.orig.tar.gz ]"
+	assertEquals "final symlink" foo-0.1.tar.gz "$(readlink $TMPDIR/foo_0.1.orig.tar.gz)"
+	assertTrue "signature isn't valid" "$GPG --homedir '$GPGHOME' --verify $TMPDIR/foo_0.1.orig.tar.gz.asc"
+}
+
 testCopy() {
 	makeTarBall gz
 	makeDebianDir

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: Mattia Rizzolo <mattia@debian.org>, 928720-done@bugs.debian.org

Subject: Re: Bug#928720: unblock: devscripts/2.19.5

From: Niels Thykier <niels@thykier.net>

Date: Sat, 11 May 2019 13:36:00 +0000

Message-id: <a4f01558-b2ec-092c-9969-8807e00c0db5@thykier.net>

In-reply-to: <[🔎] 20190509152440.GY8464@mapreri.org>

References: <[🔎] 20190509152440.GY8464@mapreri.org>
Mattia Rizzolo:
> Package: release.debian.org
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> please unblock devscripts/2.19.5 - debdiff (filtering out the po files)
> is attached.
> 
> Changes are:
>  * typos in documentation
>  * small fixes in salsa(1) and a tiny one in uscan(1)
>  * important fixes in mk-origtargz(1) - see the recent post on d-d@ from
>    guillem
> 
> Thanks for considering.
> 

Unblocked, thanks.
~Niels
--- End Message ---

Reply to:

References:
- Bug#928720: unblock: devscripts/2.19.5
  - From: Mattia Rizzolo <mattia@debian.org>

Prev by Date: Bug#928701: marked as done (unblock: dracut/048+80-2)
Next by Date: Bug#928718: stretch-pu: groonga/6.1.5-1+deb9u1
Previous by thread: Bug#928720: unblock: devscripts/2.19.5
Next by thread: Bug#923684: nmu: galax_1.1-15
Index(es):
- Date
- Thread