On Monday, November 11 2019, Agustin Martin wrote: > On Mon, Aug 13, 2018 at 04:08:37PM -0400, Sergio Durigan Junior wrote: >> Hi there, >> >> While building the cvc4 package for upload, I tried setting >> SOURCE_ONLY_CHANGES=yes in order to generate a *_source.changes file. >> Everything was apparently fine, but when I tried to upload to changes >> file, I got the following error: >> >> $ dput ftp-master cvc4_1.6-2_source.changes >> Uploading cvc4 using ftp to ftp-master (host: ftp.upload.debian.org; >> directory: /pub/UploadQueue/) >> running allowed-distribution: check whether a local profile permits >> uploads to the target distribution >> running protected-distribution: warn before uploading to distributions >> where a special policy applies >> running checksum: verify checksums before uploading >> Bad checksums on cvc4_1.6-2_source.changes: Checksum mismatch for file >> cvc4_1.6-2.dsc: b65d2b868fd05a6aeb7606e5f03a05f3 != >> f83d68e6a9f76c3a887d3ff6e7b498f9 >> >> Comparing the cvc4_1.6-2_source.changes file against the >> cvc4_1.6-2_amd64.changes file, one can see that the checksum for the >> cvc4_1.6-2.dsc file is indeed different between them. In the end, I had >> to do a normal upload. >> >> I'm using gbp buildpackage with pbuilder behind the curtains, and my >> config files are: >> >> $ cat .pbuilderrc >> # Automatically sign builds. >> AUTO_DEBSIGN=yes >> PDEBUILD_PBUILDER=cowbuilder >> BUILDRESULT=$PWD/../ >> SOURCE_ONLY_CHANGES=yes > > Hi, Sergio
Hey, Tin, > Currently, when both arch.changes and source.changes files are present and > --auto-debsign is enabled, pdebuild will only sign the arch.changes file. > See https://bugs.debian.org/932743. > > It may be that when signing arch.changes file it also signs .dsc and > .buildinfo files, thus modifying them. This makes checksums into > source.changes file no longer match those of the signed files. If that is > the case, that source.changes file would have been useless anyway since > it is not signed. > > In #932743 Mattia Rizzolo has proposed a patch to sign both .changes files, > you may want to try it. > > Hope this helps. Thanks for the explanation and the pointers. I confess I have switched to sbuild now (which has a similar problem, mind you!), but if I have the time I'll give the patch a try. Cheers, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/
signature.asc
Description: PGP signature
