[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#996048: postfix-mta-sts-resolver: autopkgtest doesn't handle new version of ca-certificates nicely: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL

Hi,

On Sun, Oct 10, 2021 at 10:21:40PM +0200, Paul Gevers wrote:
> Source: postfix-mta-sts-resolver
> Version: 1.0.0-4
> Severity: serious
> Tags: sid bookworm
> User: debian-ci@lists.debian.org
> Usertags: needs-update
> Control: affects -1 src:ca-certificates
> 
> [X-Debbugs-CC: debian-ci@lists.debian.org,
> ca-certificates@packages.debian.org]
> 
> Dear maintainer(s),
> 
> With a recent upload of ca-certificates the autopkgtest of
> postfix-mta-sts-resolver fails in testing when that autopkgtest is run
> with the binary packages of ca-certificates from unstable. It passes
> when run with only packages from testing. In tabular form:
> 
>                          pass            fail
> ca-certificates          from testing    20211004
> postfix-mta-sts-resolver from testing    1.0.0-4
> all others               from testing    from testing
> 
> I copied some of the output at the bottom of this report. The *warning*
> seems to be innocent, but causes the test to fail because by default
> autopkgtest considers output on stderr as fatal (without the
> allow-stderr restriction).
> 
> Currently this regression is blocking the migration of ca-certificates
> to testing [1]. Of course, ca-certificates shouldn't just break your
> autopkgtest (or even worse, your package), but it seems to me that the
> change in ca-certificates was intended and your package needs to update
> to the new situation.
> 
That's very surprising to me, I'm not aware of any such change to
ca-certificates, much less an intended one.

> If this is a real problem in your package (and not only in your
> autopkgtest), the right binary package(s) from ca-certificates should
> really add a versioned Breaks on the unfixed version of (one of your)
> package(s). Note: the Breaks is nice even if the issue is only in the
> autopkgtest as it helps the migration software to figure out the right
> versions to combine in the tests.
> 
I think this "Note" is bad advice.  Breaks shouldn't be added just to
pacify a tool.

Cheers,
Julien

> More information about this bug and the reason for filing it can be found on
> https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> 
> Paul
> 
> [1] https://qa.debian.org/excuses.php?package=ca-certificates
> 
> https://ci.debian.net/data/autopkgtest/testing/amd64/p/postfix-mta-sts-resolver/15856707/log.gz
> 
> autopkgtest [19:39:52]: test run: [-----------------------
> Updating certificates in /etc/ssl/certs...
> rehash: warning: skipping ca-certificates.crt,it does not contain
> exactly one certificate or CRL
> 1 added, 0 removed; done.
> Running hooks in /etc/ca-certificates/update.d...
> done.
> autopkgtest [19:40:04]: test run: -----------------------]
> autopkgtest [19:40:04]: test run:  - - - - - - - - - - results - - - - -
> - - - - -
> run                  FAIL stderr: rehash: warning: skipping
> ca-certificates.crt,it does not contain exactly one certificate or CRL
>
Reply to: