Re: Package uploads silently discarded: how to investigate?

[Debian/GNU]

On 6/27/22 03:08, Scott Kitterman wrote:



On June 27, 2022 1:06:10 AM UTC, Russ Allbery  wrote:

Ben Finney  writes:


My guess is that this is something to do with an update to the signing
GnuPG key expiry date. I can get into that in a different thread if
needed. The trouble is, I can only guess, because there are no messages
from anything in the Debian archive telling me what went wrong.


My recollection is that if the signature on the upload is invalid, we
intentionally delete the upload with no notice (because we have no
confirmed knowledge of who to notify).  It's possible that my information
is dated, though


That's correct.



as i've wondered myself about this in the past (not for some time 
though, since i no longer update my keys just-in-time): would it be 
possible to list reasons for (silent) discards on a prominent page? 
(e.g. somewhere on https://ftp-master.d.o¹).


i see that ftp://ftp.upload.debian.org/pub/UploadQueue/ contains a 
README that says:


> Only known Debian developers can upload here. Uploads have to be
> signed by PGP keys in the Debian keyring. Files not meeting this
> criterion or files not mentioned in a .changes file will be removed
> after some time.

which hints at the current behaviour (but does not make it explicit).

and to be honest: i think that some random file on an ftp-server is not 
very visible in the first place.
chrome and firefox both have ditched ftp support, which reduces the 
options to just *browse* the ftp-directory to...what? filezilla 
(shudder) and ftp on the cmdline (my beard is now white enough to get 
homely feelings when i encounter such a thing; but really?)²


gfmsar
IOhannes

¹ i guess https://ftp-master.debian.org/#rejections would be a good 
starting place, although this currently only speaks about explicit 
*rejects* , and silently discards the notion of silent *discards*.
² is there some special reason to not make the UploadQueue available via 
https *also*? at least i haven't found a browseable link anywhere...

Bug#1013913: ITP: rust-tokio-rustls -- asynchronous TLS/SSL streams for Tokio using Rustls

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-tokio-rustls
  Version : 0.23.4
  Upstream Author : quininer kel 
* URL : https://github.com/tokio-rs/tls
* License : Apache-2.0 or Expat
  Programming Lang: Rust
  Description : asynchronous TLS/SSL streams for Tokio using Rustls

 tokio-rustls implements asynchronous TLS/SSL streams for Tokio
 using Rustls.
 .
 Tokio is an event-driven, non-blocking I/O platform
 for writing asynchronous I/O backed applications.
 .
 Rustls is a modern TLS library written in Rust.

This package will be maintained in the Debian section of Salsa, at
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmK5gkIACgkQLHwxRsGg
ASGPUxAAgx5VC2yWsPVVZgYhM2i4CavckXY1/rxeb4MLWnlSK3Rc1lrad3GjCo9o
gXqB4AUA7pVu9RqIKp8pOiKGkrY+oq10BiVjoTk7r5TfsktPKpPL43r/oiiNuWB9
BldKRPU6ALsLIMPg9hzQYTfyzS9bjdUlErkfa2hIjhwznaw8BLQDvZ2n7JNBKVVe
yEgPpUZ0p8bAEjvUmKzB8K8y1/kEqpaMGkJoem/GlFghpb70Gfgsww+anhyI3/j1
TKbXlSi66sDdXJu+y3oNY3YAiV0roKsSNDqUnvWTie+wGH03wRpOp1JoiwHpbLmL
vp4sR0lbDO8Z9tk8kZY8oQoY8dKOqQ81R7eBnVMnIrlmfIYNgrfp2G0vSDzYGD9t
M4+VwnnQWRwZdXxK0E3y1UmwTiBxJ1Repv9lsSBVzatzRNP0TlgS2SWeRFRDHUwx
k4uc8GXbqUYOgIvg71P0TYqNkjQXSQ6U0mIyUlRTJ6VQIlP5CUq94hQomw+mhXnh
HnOqZ8BOA4QV87A9DRMxb+VRGnFtXRAn6JkSl9IEMC1GJBPApYChOr5ZluHdY1Ms
IhhQB5kxhht6m2hwkSByrMdthhAfpdE3ybBxMoNCz8tEVcVAnsq0gTR8ZZz63abT
uPs9Y6ROqPhdTtonto6sxIc/FMrv31gz/mYaRFsarp4UAwSvelM=
=hBoP
-END PGP SIGNATURE-

Bug#1013915: ITP: rust-hyper-rustls -- rustls+hyper integration for pure rust HTTPS

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-hyper-rustls
  Version : 0.23.0
  Upstream Author : 2016 Joseph Birr-Pixton 
* URL : https://github.com/ctz/hyper-rustls
* License : Apache-2.0 or Expat or ISC
  Programming Lang: Rust
  Description : rustls+hyper integration for pure rust HTTPS

 hyper-rustls is an integration
 between the rustls TLS stack and the hyper HTTP library.

This package will be maintained in the Debian section of Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmK5hRoACgkQLHwxRsGg
ASFuvQ/+JhbajOFdYzIGLlbrNJImRtIN+8ZDl5HPWEzcVNeauuPiDvAoHxsJJhXI
3MY3VrNRRD03pQo6xj5vw7MqVOVvRdW4w3NOOnTLLq9MMw5/BJD9onUS7M4eHaAX
3wFKCaVrKmcX4yy8UwvpjuSscoDFOlN5GLj8PVGqJeHLk6DYBWGJCwKXMY5DsEta
SefXI7YBEedO1233s4lNuIVZIMFGcDnrgTHtAl313JIK9aS1hHrFoti0A2j0G+wg
rhuMEVId1mvSoEZXRyxGjhuxUYjdQKe757PPkpNUW0niX2KsEwCU82JK8SN65Wgq
Kru4nzGAS4Ph1GXeTgcpbW4zoaXZpDAtdU33/Wqm8J6Zf7PWYKUjc/7N/+E4HUoP
Jy1GPmBZB6goCDl9szLRNdooWd7aimTWf4ifVD3gzNr4hdCv2hAq1mHAr0F3n6gZ
PB06V+8SF9IsDn6Z/RWCDABG7PMMLrlCBKTzoRrwQ3FJPQnMpiXLjOUaQMfRgGe0
A9OM0K/lJtvO1HL2CLVZC2AkifNXgjRiMt5fuUXO+I3IG37/vA8mFldHzeCtJ3Pl
WPzXSbhoCgyKTAVIRwfTYoZ+HhSbt2RM6hpSpTc4bl9ecpfbyiyUvZNp/JyydYqn
HJPpv+w2pqzwjOvmtOc98Ar+jpQOId7Zx3mitgcGv6VjqJ812Rg=
=FaJr
-END PGP SIGNATURE-

Bug#1013925: ITP: clapper -- Simple and modern GNOME media player

[josch]

Package: wnpp
Severity: wishlist
Owner: Johannes Schauer Marin Rodrigues 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name : clapper
Version : 0.5.2
Upstream Author : Rafał Dzięgiel 
* URL : https://rafostar.github.io/clapper
* License : GPL3+, LGPL2+
Programming Lang: C, JavaScript
Description: Simple and modern GNOME media player
 Clapper is a GNOME media player built using GJS with GTK4 toolkit.
 The media player is using GStreamer as a media backend and renders
 everything via OpenGL. Player works natively on both Xorg and Wayland.
 It also supports hardware acceleration through VA-API on AMD/Intel 
GPUs,

 NVDEC on Nvidia and V4L2 on mobile devices.
 .
 The media player has an adaptive GUI. When viewing videos in "Windowed 
Mode",
 Clapper will use mostly unmodified GTK widgets to match your OS look 
nicely.
 When player enters "Fullscreen Mode" all GUI elements will become 
darker,
 bigger and semi-transparent for your viewing comfort. It also has a 
"Floating
 Mode" which displays only video on top of all other windows for a 
PiP-like

 viewing experience. Mobile friendly transitions are also supported.

I did some initial packaging here: 
https://salsa.debian.org/debian/clapper
This is the first time I'm packaging gobject-introspection or gstreamer 
stuff, so I'm also
looking for advice of whether I should keep this as one monolithic 
package or split it into
multiple library packages even though I doubt the development packages 
will be useful to

others.

I also hope this mail works because I'm on vacation and cannot use my 
usual reportbug
setup and instead am using my web mailer to send this mail. Fingers 
crossed!

Bug#1013927: ITP: golang-github-arran4-golang-ical -- A ICS / ICal parser and serialiser for Golang.

[Robin Jarry]

Package: wnpp
Severity: wishlist
Owner: Robin Jarry 

* Package name: golang-github-arran4-golang-ical
  Version : 0.0~git20220517.fd89fefb0182-1
  Upstream Author : Arran Ubels
* URL : https://github.com/arran4/golang-ical
* License : Apache-2.0
  Programming Lang: Go
  Description : A  ICS / ICal parser and serialiser for Golang.

 golang-ical
 .
 A  ICS / ICal parser and serialiser for Golang.
 .
 Because the other libraries didn't quite do what I needed.
 .
 Usage, parsing:
 .
   cal, err := ParseCalendar(strings.NewReader(input))
 .
 .
 Creating:
 .
 cal := ics.NewCalendar()
 cal.SetMethod(ics.MethodRequest)
 event := cal.AddEvent(fmt.Sprintf("id@domain",
 p.SessionKey.IntID()))
 event.SetCreatedTime(time.Now())
 event.SetDtStampTime(time.Now())
 event.SetModifiedAt(time.Now())
 event.SetStartAt(time.Now())
 event.SetEndAt(time.Now())
 event.SetSummary("Summary")
 event.SetLocation("Address")
 event.SetDescription("Description")
 event.SetURL("https://URL/";)
 event.AddRrule(fmt.Sprintf("FREQ=YEARLY;BYMONTH=%d;BYMONTHDAY=%d",
 time.Now().Month(), time.Now().Day()))
 event.SetOrganizer("sender@domain", ics.WithCN("This Machine"))
 event.AddAttendee("reciever or participant",
 ics.CalendarUserTypeIndividual, ics.ParticipationStatusNeedsAction,
 ics.ParticipationRoleReqParticipant, ics.WithRSVP(true))
 return cal.Serialize()
 .
 Helper methods created as needed feel free to send a P.R. with more.

This is a new build dependency for aerc.

Bug#1013928: ITP: golang-github-emersion-go-msgauth -- A Go library and tools for DKIM, DMARC and Authentication-Results

[Robin Jarry]

Package: wnpp
Severity: wishlist
Owner: Robin Jarry 

* Package name: golang-github-emersion-go-msgauth
  Version : 0.6.6-1
  Upstream Author : Simon Ser
* URL : https://github.com/emersion/go-msgauth
* License : Expat
  Programming Lang: Go
  Description : A Go library and tools for DKIM, DMARC and 
Authentication-Results

 go-msgauth
 .
 godocs.io (https://godocs.io/github.com/emersion/go-msgauth) builds.sr.ht
 status (https://builds.sr.ht/~emersion/go-msgauth/commits/master)
 .
 A Go library and tools to authenticate e-mails:
 .
  * Create and verify DKIM signatures
(https://tools.ietf.org/html/rfc6376)
  * Create and parse Authentication-Results header fields
(https://tools.ietf.org/html/rfc7601)
  * Fetch DMARC (http://tools.ietf.org/html/rfc7489) records
 .
 DKIM godocs.io (https://godocs.io/github.com/emersion/go-msgauth/dkim)
 .
 Sign
 .
   r := strings.NewReader(mailString)
 .
   options := &dkim.SignOptions{
Domain: "example.org",
Selector: "brisbane",
Signer: privateKey,
   }
 .
   var b bytes.Buffer
   if err := dkim.Sign(&b, r, options); err != nil {
log.Fatal(err)
   }
 .
 Verify
 .
   r := strings.NewReader(mailString)
 .
   verifications, err := dkim.Verify(r)
   if err != nil {
log.Fatal(err)
   }
 .
   for _, v := range verifications {
if v.Err == nil {
log.Println("Valid signature for:", v.Domain)
} else {
log.Println("Invalid signature for:", v.Domain, v.Err)
}
   }
 .
 FAQ
 .
 **Why can't I verify a mail.Message directly?** A mail.Message header is
 already parsed, and whitespace characters (especially continuation
 lines) are removed. Thus, the signature computed from the parsed header
 is not the same as the one computed from the raw header.
 .
 **How can I publish my public key?** You have to add a TXT record to
 your DNS zone. See RFC 6376 appendix C
 (https://tools.ietf.org/html/rfc6376#appendix-C). You can use the dkim-
 keygen tool included in go-msgauth to generate the key and the TXT
 record.
 .
 Authentication-Results godocs.io
 (https://godocs.io/github.com/emersion/go-msgauth/authres)
 .
   // Format
   results := []authres.Result{
&authres.SPFResult{Value: authres.ResultPass, From: "example.net"},
&authres.AuthResult{Value: authres.ResultPass, Auth:
 "sen...@example.com"},
   }
   s := authres.Format("example.com", results)
   log.Println(s)
 .
   // Parse
   identifier, results, err := authres.Parse(s)
   if err != nil {
log.Fatal(err)
   }
 .
   log.Println(identifier, results)
 .
 DMARC godocs.io (https://godocs.io/github.com/emersion/go-msgauth/dmarc)
 .
 See the GoDoc page.
 .
 Tools
 .
 A few tools are included in go-msgauth:
 .
  * dkim-keygen: generate a DKIM key
  * dkim-milter: a mail filter to sign and verify DKIM signatures
  * dkim-verify: verify a DKIM-signed email
  * dmarc-lookup: lookup the DMARC policy of a domain
 .
 License
 .
 MIT


This is a new build dependency for aerc.

Bug#1013941: ITP: python-jschema-to-python -- generate Python classes from a JSON schema

[Guilherme de Paula Xavier Segundo]

Package: wnpp
Severity: wishlist
Owner: Guilherme de Paula Xavier Segundo 
X-Debbugs-Cc: debian-devel@lists.debian.org, guilherme@gmail.com

* Package name: python-jschema-to-python
  Version : 1.2.3
  Upstream Author : Microsoft Corporation
* URL : https://github.com/microsoft/jschema-to-python
* License : Expat
  Programming Lang: Python
  Description : generate Python classes from a JSON schema

 This package contains a module that generate Python classes from a JSON
 schema.
 .
 This package installs the library for Python 3.

 Reason for packaging:
 This package is one of the dependencies for cfn-lint
 (https://github.com/aws-cloudformation/cfn-lint)

Re: Package uploads silently discarded: how to investigate?

[Ben Finney]

Andrey Rahmatullin  writes:

> On Mon, Jun 27, 2022 at 09:02:30AM +1000, Ben Finney wrote:
> > In this thread I want to discover: How can I find out what's
> > happening and why the Debian archive is no longer sending me any
> > email messages about my package uploads?

> You should check usper.debian.org:/srv/upload.debian.org/queued/run/log

Thank you, that has the information I need, and now I successfully
diagnosed what was wrong with a couple of uploads.

As to how someone can know this in future:

"IOhannes m zmölnig (Debian/GNU)"  writes:

> as i've wondered myself about this in the past (not for some time
> though, since i no longer update my keys just-in-time): would it be 
> possible to list reasons for (silent) discards on a prominent page?
> (e.g. somewhere on https://ftp-master.d.o¹).

Yes, please. I think your suggestions are a good starting point.

-- 
 \ “Airports are ugly. Some are very ugly. Some attain a degree of |
  `\ugliness that can only be the result of a special effort.” |
_o__)   —Douglas Adams, _The Long Dark Tea-Time of the Soul_, 1988 |
Ben Finney

GSConnect GNOME Shell extension package

[Bruno Kleinert]

Hi,

I had begun packaging
GSConnect https://extensions.gnome.org/extension/1319/gsconnect/ some
months ago. It's the GNOME equivalent of KDE Connect and integrates
some functions of Android devices into the GNOME desktop environment.

I used the package for a week, then lost interest in it. If somebody
wants to maintain it, feel free to pick it up!

The packaging is
here: https://salsa.debian.org/fuddl/gnome-shell-extension-gsconnect

As of today, no WNPP bug exists. If you pick it up, please create an
ITP bug.

Cheers,
Bruno


signature.asc
Description: This is a digitally signed message part