Hi, On Sat, 2025-03-01 at 18:28 +0100, Guillem Jover wrote: > Ah, sorry, I assumed this was all handled as part of the same > dsa-puppet repo that Aurelien fixed. The changes that were done for the > main buildds were to make sure the GnuPG pubring was in OpenPGP format > instead of the GnuPG specific keybox format (which is not portable), and > then those specific commits: > > > https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/d4e099680d3bd964b0837849b68728ec3ce7b52e > > https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/44cb84d9f0a85d29c82e63f2e8ad1eb9b92530cc > > This was done in stages, introducing the new keyring support in > dupload 2.12.0, the buildd setup updated, then 2.13.0 uploaded which > then required the keyrings support. Given that the keyrings settings > are optional it could be done even with the old version, then you > should be safe to upgrade dupload.
Hmm, I'm not sure which of these changes I need to pick up now. I'm a bit overwhelmed. Also, I have seen even dupload 2.11.2 have the openpgp-check hook fail so I have to force the upload with "--skip-hook=openpgp-check". What would you suggest to do now on the Debian Ports buildds to avoid breakage when updating? > > > The default debian hosts configured in the shipped conffile contain > > > the required changes so if you are using a custom one, then that might > > > need to be adapted? Otherwise it would be nice to know what's going > > > wrong. > > > > Not sure what you mean with "default Debian hosts"? > > As I was not sure how this was being used I just tried to give enough > information to try to track this down. With "default Debian hosts" > I meant the stuff present in /etc/dupload.conf. But from your > explanation I assume this just needs the same treatment as the > official buildds. > > > > I improved the error reporting on git, and will be adding a NEWS entry > > > because this fallout I guess was unexpected. > > > > Yes, breaking changes should be communicated in the NEWS file and I suggest > > that the required configuration changes are added to the default > > configuration > > files of the src:sbuild package which also contains the buildd binary > > package. > > I'm not sure the needed changes can be automated. In this case the > buildds need to add their own OpenPGP certificates into a keyring that > dupload can use, because those certificates are not present in any of > the official keyrings from the debian-keyring package. Can't we just use the old system for the buildds? I'm not sure why dupload has to make such complicated checks. > (I've created an MR to use the new canonical name for the upload hosts, > but that should not change anything related to this issue > <https://salsa.debian.org/debian/sbuild/-/merge_requests/152>. I'll > also file a report about the Perl warnings.) Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer `. `' Physicist `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
