On 22 Jul 2019, at 17:16, Agustin Martin <agmar...@debian.org> wrote:
>
> Package: pbuilder
> Version: 0.230.4
> tags: +patch
> Severity: important
>
> Dear Maintainer,
>
> I am in the process of changing my pbuilder setup to produce source-only
> uploads. For that purpose I added SOURCE_ONLY_CHANGES=yes to my
> .pbuilderrc file.
>
> However, when using pdebuild --auto-debsign to sign files, only .changes
> file is signed, but not its _source.changes counterpart, which is the file
> I would have to upload. This results in pbuilder not creating properly
> uploadable packages once source-only uploads are mandatory for bullseye.
> This is why I use severity "important".
>
> .changes file may be temporarily accepted (it was e.g. for ispell.pt), but
> package will not migrate to testing with "not build on buildd" excuse and
> _source.changes is not signed.
>
> Attached patch tries to make sure both .changes and _source.changes files
> are signed with --auto-debsign.
>
> Best regards,
>
> -- System Information:
> Debian Release: bullseye/sid
> APT prefers testing
> APT policy: (500, 'testing'), (500, 'stable'), (200, 'unstable'), (200,
> 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES.utf8 (charmap=UTF-8),
> LANGUAGE=es_ES.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages pbuilder depends on:
> ii debconf [debconf-2.0] 1.5.72
> ii debootstrap 1.0.115
> ii dpkg-dev 1.19.7
>
> Versions of packages pbuilder recommends:
> ii devscripts 2.19.5
> pn eatmydata <none>
> ii fakeroot 1.23-1
> ii iproute2 5.2.0-1
> ii net-tools 1.60+git20180626.aebd88e-1
> ii sudo 1.8.27-1
>
> Versions of packages pbuilder suggests:
> ii cowdancer 0.88
> ii gdebi-core 0.9.5.7+nmu3
>
> -- debconf information excluded
>
> --
> Agustin
>
> From 25f779881fd0ded624ce5796687277f19ddec71f Mon Sep 17 00:00:00 2001
> From: Agustin Martin Domingo <agmar...@debian.org>
> Date: Mon, 22 Jul 2019 17:52:08 +0200
> Subject: [PATCH] pdebuild: Sign both .changes and _source.changes files if
> present.
>
> When SOURCE_ONLY_CHANGES=yes is set in .pbuilderrc both .changes and
> _source.changes files will be created.
>
> However, the _source.changes file will only be signed if no .changes
> is present.
>
> This patch should make pdebuild sign both if present.
> ---
> pdebuild | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/pdebuild b/pdebuild
> index 7d5f5ed..b699e6f 100644
> --- a/pdebuild
> +++ b/pdebuild
> @@ -113,10 +113,13 @@ if [ "${AUTO_DEBSIGN}" = "yes" ]; then
> if [ -n "${DEBSIGN_KEYID}" ]; then
> DEBSIGN_PARAM[1]="-k${DEBSIGN_KEYID}"
> fi
> - if [ -f "${BUILDRESULT}/${CHANGES}" ]; then
> - DEBSIGN_PARAM[2]="${BUILDRESULT}/${CHANGES}"
> - elif [ -f "${BUILDRESULT}/${SOURCE_CHANGES}" ]; then
> - DEBSIGN_PARAM[2]="${BUILDRESULT}/${SOURCE_CHANGES}"
> + if [ -f "${BUILDRESULT}/${CHANGES}" ] || [ -f
> "${BUILDRESULT}/${SOURCE_CHANGES}" ]; then
> + if [ -f "${BUILDRESULT}/${CHANGES}" ]; then
> + DEBSIGN_PARAM[2]="${BUILDRESULT}/${CHANGES}"
> + fi
> + if [ -f "${BUILDRESULT}/${SOURCE_CHANGES}" ]; then
> + DEBSIGN_PARAM[2]="${BUILDRESULT}/${SOURCE_CHANGES}"
> + fi
This will only sign _source.changes, overriding _arch.changes, unlike what your
commit message says.
I don't particularly like --auto-debsign as a maintainer workflow, I feel like
`debsign -S` (little-known fact: run that in the source directory and it will
find the changes file in ../ automatically) should be an explicit step once you
have checked your upload, but if people want to use the option then that's up
to them. I think the most sensible thing to do here is to automatically sign
only the _source.changes, like this patch actually does (though you can remove
your outer if condition, it's pointless), but with the correct commit message,
because if you intend to upload the _arch.changes then why are you bothering to
build a _source.changes too?
James
