Hi!

On Sat, 2025-03-01 at 17:07:12 +0100, John Paul Adrian Glaubitz wrote:
On Sat, 2025-03-01 at 14:58 +0100, Guillem Jover wrote:
I suppose buildd might be failing like this if dupload exited with a
failure? (Which I think deserves its own bug report, to handle that
more gracefully.)

Before the upload I coordinated with Aurelien Jarno to make sure this
time around the buildds had the required config changes:

   
https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/44cb84d9f0a85d29c82e63f2e8ad1eb9b92530cc

But, I guess the instance you are reporting for might be independent
from DSA?

The DSA-maintained instances are only building the packages for the release
architectures. Debian Ports packages are built on separate machines and
therefore such configuration changes would have to be applied there as well:

https://salsa.debian.org/debian-ports-team/dsa-puppet

Ah, sorry, I assumed this was all handled as part of the same dsa-puppet repo that Aurelien fixed. The changes that were done for the main buildds were to make sure the GnuPG pubring was in OpenPGP format instead of the GnuPG specific keybox format (which is not portable), and then those specific commits:

  
https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/d4e099680d3bd964b0837849b68728ec3ce7b52e
  
https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/44cb84d9f0a85d29c82e63f2e8ad1eb9b92530cc

This was done in stages, introducing the new keyring support in dupload 2.12.0, the buildd setup updated, then 2.13.0 uploaded which then required the keyrings support. Given that the keyrings settings are optional it could be done even with the old version, then you should be safe to upgrade dupload.

The default debian hosts configured in the shipped conffile contain
the required changes so if you are using a custom one, then that might
need to be adapted? Otherwise it would be nice to know what's going
wrong.

Not sure what you mean with "default Debian hosts"?

As I was not sure how this was being used I just tried to give enough information to try to track this down. With "default Debian hosts" I meant the stuff present in /etc/dupload.conf. But from your explanation I assume this just needs the same treatment as the official buildds.

I improved the error reporting on git, and will be adding a NEWS entry
because this fallout I guess was unexpected.

Yes, breaking changes should be communicated in the NEWS file and I suggest
that the required configuration changes are added to the default configuration
files of the src:sbuild package which also contains the buildd binary package.

I'm not sure the needed changes can be automated. In this case the buildds need to add their own OpenPGP certificates into a keyring that dupload can use, because those certificates are not present in any of the official keyrings from the debian-keyring package.

(I've created an MR to use the new canonical name for the upload hosts, but that should not change anything related to this issue <https://salsa.debian.org/debian/sbuild/-/merge_requests/152>. I'll also file a report about the Perl warnings.)

Thanks,
Guillem

Reply via email to