Your message dated Mon, 02 Nov 2020 08:53:53 +0000 with message-id <e1kzvb7-0006cv...@fasolo.debian.org> and subject line Bug#972745: fixed in openstack-meta-packages 0.31 has caused the Debian Bug report #972745, regarding openstack-tempest-ci: bullseye: /updates -> -security to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 972745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972745 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openstack-tempest-ci Version: 0.30 Severity: serious File: /usr/sbin/build-openstack-debian-image User: debian-de...@lists.debian.org Usertags: bullseye-security With the release of Debian bullseye and later, security updates are provided in the bullseye-security suite instead of bullseye/updates. The above script references ${IN_TARGET_LSB_RELEASE}/updates but when bullseye is released that will break so it looks like the script would generate an incorrect sources.list using /updates instead of -security which would cause the target system to not get security updates from bullseye in a timely manner. It looks like the security updates aren't being added for any particular reason, since the script doesn't also add the suite for ${IN_TARGET_LSB_RELEASE} itself to sources.list so the apt sources.list would seem to be quite incomplete, unless it is already expected to have the Debian repo in it, in which case it probably already has the Debian security repo in it, making the addition of the Debian security repo by the script unnecessary. If the addition of the Debian security repo by the script is unnecessary then I suggest just removing it to resolve this issue. Otherwise I suggest that this script check the version of the Debian release in question using distro-info and then if the release is 11 or higher, then use $release-security otherwise use $release/updates as before. It is much better to use distro-info than to hard-code the release version numbers. It might even be a good idea to include the security suite information in distro-info itself and look it up there. $ grep -r -B19 -A26 /updates /usr/bin/openstack-tempest-ci /usr/bin/openstack-tempest-ci-otci_aptget_update () { /usr/bin/openstack-tempest-ci- echo "===> Adding strech-queens apt key" /usr/bin/openstack-tempest-ci- otci_remote "wget http://stretch-queens.infomaniak.ch/debian/dists/pubkey.gpg"; /usr/bin/openstack-tempest-ci- otci_remote "apt-key add pubkey.gpg" /usr/bin/openstack-tempest-ci- echo "===> Fixing sources.list and updating" /usr/bin/openstack-tempest-ci- # Do not use pdiffs, they are bad... /usr/bin/openstack-tempest-ci- echo "Acquire::PDiffs \"false\";" >temp_file /usr/bin/openstack-tempest-ci- otci_scp temp_file "" /usr/bin/openstack-tempest-ci- otci_remote "${SUDO}cp temp_file /etc/apt/apt.conf.d/98nopdiff" /usr/bin/openstack-tempest-ci- otci_remote "rm temp_file" /usr/bin/openstack-tempest-ci- rm temp_file /usr/bin/openstack-tempest-ci- # TODO: Make it so we select it depending on target (support unstable?) /usr/bin/openstack-tempest-ci- IN_TARGET_LSB_RELEASE=`lsb_release -c | awk '{print $2}'` /usr/bin/openstack-tempest-ci- # If we're having a sources.list locally, let's use it /usr/bin/openstack-tempest-ci- if ! [ -e sources.list ] ; then /usr/bin/openstack-tempest-ci- # Use the closest mirror, as defined in pkgos.conf /usr/bin/openstack-tempest-ci- echo "deb ${OTCI_DEBIAN_REPO_URL}/debian ${IN_TARGET_LSB_RELEASE} main /usr/bin/openstack-tempest-ci-deb-src ${OTCI_DEBIAN_REPO_URL}/debian ${IN_TARGET_LSB_RELEASE} main /usr/bin/openstack-tempest-ci- /usr/bin/openstack-tempest-ci:deb http://security.debian.org/ ${IN_TARGET_LSB_RELEASE}/updates main contrib non-free /usr/bin/openstack-tempest-ci:deb-src http://security.debian.org/ ${IN_TARGET_LSB_RELEASE}/updates main contrib non-free /usr/bin/openstack-tempest-ci-" >sources.list /usr/bin/openstack-tempest-ci- fi /usr/bin/openstack-tempest-ci- # scp to dest and install as new sources.list /usr/bin/openstack-tempest-ci- otci_scp sources.list "" /usr/bin/openstack-tempest-ci- otci_remote "${SUDO}cp sources.list /etc/apt" /usr/bin/openstack-tempest-ci- /usr/bin/openstack-tempest-ci- # Add the current repos if it exists /usr/bin/openstack-tempest-ci- if [ -e /etc/openstack-tempest-ci/openstack-ci.list ] ; then /usr/bin/openstack-tempest-ci- echo "-> scp source list" /usr/bin/openstack-tempest-ci- otci_scp /etc/openstack-tempest-ci/openstack-ci.list "" /usr/bin/openstack-tempest-ci- echo "-> Install new source list" /usr/bin/openstack-tempest-ci- otci_remote "${SUDO}mv openstack-ci.list /etc/apt/sources.list.d/openstack.list" /usr/bin/openstack-tempest-ci- if [ -r /etc/pkgos/pkgos.conf ] ; then /usr/bin/openstack-tempest-ci- . /etc/pkgos/pkgos.conf /usr/bin/openstack-tempest-ci- fi /usr/bin/openstack-tempest-ci- if [ -z "${TARGET_OPENSTACK_REL}" ] ; then /usr/bin/openstack-tempest-ci- TARGET_OPENSTACK_REL=mitaka /usr/bin/openstack-tempest-ci- fi /usr/bin/openstack-tempest-ci- echo "-> wget Jenkins key" /usr/bin/openstack-tempest-ci- otci_remote "wget http://${TARGET_OPENSTACK_REL}-${IN_TARGET_LSB_RELEASE}.pkgs.mirantis.com/debian/dists/pubkey.gpg"; /usr/bin/openstack-tempest-ci- echo "-> Install Jenkins key" /usr/bin/openstack-tempest-ci- otci_remote "${SUDO}apt-key add pubkey.gpg" /usr/bin/openstack-tempest-ci- fi /usr/bin/openstack-tempest-ci- /usr/bin/openstack-tempest-ci- # Finally update /usr/bin/openstack-tempest-ci- otci_remote "${SUDO}apt-get update" -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU threads) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openstack-tempest-ci depends on: ii ipmitool 1.8.18-10 ii lsb-release 11.1.0 ii nmap 7.91+dfsg1-1 pn openstack-clients <none> openstack-tempest-ci recommends no packages. openstack-tempest-ci suggests no packages. -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: openstack-meta-packages Source-Version: 0.31 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of openstack-meta-packages, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 972...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated openstack-meta-packages package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Nov 2020 08:37:31 +0100 Source: openstack-meta-packages Architecture: source Version: 0.31 Distribution: unstable Urgency: medium Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 972745 Changes: openstack-meta-packages (0.31) unstable; urgency=medium . * Use stable-security from bullseye and on (Closes: #972745). * Use debhelper-compat = 11. Checksums-Sha1: b86e05ab6c0db7abd0c274094e9015d1a06cba25 2419 openstack-meta-packages_0.31.dsc 1939b3139a6602b8dc503ba2d22a86bda319766e 50480 openstack-meta-packages_0.31.tar.xz e0fbe06b41584e5f9b96a9ce5bcd8047b6453a8c 8480 openstack-meta-packages_0.31_amd64.buildinfo Checksums-Sha256: 63621348cad2970e713c3480049f7aa40a8ee71ddc57f98b785de2a4b7fdeef9 2419 openstack-meta-packages_0.31.dsc 4d25114977000bb19f89ca8e65046c7497fbdfe09daa6e75c9cfbb0a649c5f8f 50480 openstack-meta-packages_0.31.tar.xz b273fd48d7dad5b74c5c1b3f2940d8a82188816cd89542ce90a885e8cc823903 8480 openstack-meta-packages_0.31_amd64.buildinfo Files: f22780feeee08e3584ab51f79c62c539 2419 net optional openstack-meta-packages_0.31.dsc 8781015b9e6dd1785e4b6e5e027e2f6b 50480 net optional openstack-meta-packages_0.31.tar.xz b2b3e9b0909c64312f00e5b0842ad09b 8480 net optional openstack-meta-packages_0.31_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl+fuHMACgkQ1BatFaxr Q/7khA/9FesdlM1rkxYRK49L10yfTXNHQxVq8JCujm7h+yjalLzLmJLBVNF24/U8 LrEqRimxFD2/xzSCvkpcHo91nQdZC8srR8kVI8/D+BFxJQRtjaGeU3oPIBSf7hzS fW2lUnFTQQZPMMoYEhxH7gv735KP/kdpikO05ckRfVhB9JAjUGHERr0osEWhb+WU LF5yTeu1wP/Xd2HpLbWf14W1sShDT8jNQEUfh7Eaf6Y1ky5CEOie96MrQv+BBbvg qn2WMZJsyuVasvOyjU4WBglIyslMIXGawuThMmBGD30oTV4gqceJcr8cHnMA69hJ sCfjE3n49Z5Cp4xYfAs8QrkbXoeWXHmAmx7fFwjNSWZ+mIQyXEy+njE84BooKDxA PELsfZjAxdJEfgvVhOFYC8swgubRBDfNLYCbqcVHP9jc6uSLvntDb5aljxBzddvH pwkfka6a92wjwb9RDWKjGIyND7RYXjqanKAO4VVvIsCx751ce+y1XXh0GorWeiJ1 k4g+wIP2ZWAU7ZcN9FH9PtcpugwvgzC17RsxxqiecYfQ+o2tIG7AWDz2XpQlNTpl eDS9OHpWVXL9qDcZ82HNXSM5Nj0IzDXFTwzjvCncO8uR23xtP9JFZgcBsL+2+OFx mGcM7c4r6vjIFdmCXRqhSam7gJkRoGbU0pMAQKEbHZsWyyh1bak= =l8lB -----END PGP SIGNATURE-----
--- End Message ---
