Just had a problem with a package for sponsoring that, AFAICT, could not happen with other repositories that I use, so I'm a tad concerned about how it happened on m.d.n. http://mentors.debian.net/debian/pool/main/x/xracer/ A package has been uploaded to m.d.n several times during sponsoring (not uncommon) at the same version (also no uncommon) so the .orig.tar.gz is unchanged (which is correct): xracer_0.96.9.orig.tar.gz 26-Jun-2007 17:26 9.1M Other files have been updated, as expected: xracer_0.96.9-1.diff.gz 14-Jul-2007 17:28 28K xracer_0.96.9-1.dsc 14-Jul-2007 17:28 1.4K That .orig.tar.gz on m.d.n is the same as my last build: 41bdf64eca9960ae8932e27e7ba2bea1 9562055 xracer_0.96.9.orig.tar.gz However, the .dsc file uploaded to m.d.n references a different .orig.tar.gz: 8287bfd7e9ef9a507024bf34761791d8 9562064 xracer_0.96.9.orig.tar.gz Of course, dget -x now refuses to unpack this package - error from dpkg-source. I suspect an error in the .dsc but I thought that dput should have caught that or that the repository management tools at m.d.n should have complained (noisily): "Uploaded foo.dsc needs foo.orig.tar.gz with md5sum .... which differs from the existing foo.orig.tar.gz with md5sum ...." or similar and rejected the upload. I know I have had those kind of warnings from reprepro with other repositories - IIRC it is why we have md5sums in the .dsc in the first place (in addition to GnuPG signatures). Is this a result of the need to allow repeated uploads of packages at the same version? Can something be done with the m.d.n scripts that handle dput uploads to enforce a check that the existing .orig.tar.gz (which should not normally change during sponsorship) matches the reference in the .dsc and allow for the odd occasion where the .orig.tar.gz does have to be repackaged with an explicit mechanism? At the very least, m.d.n should be able to prevent this situation where 'dget -x' fails as this is the most common method of sponsors obtaining sources from m.d.n. If it helps, I have been able to fettle the .dsc to use the correct values for the existing .orig.tar.gz and it has unpacked OK - it appears to simply be an error in the .dsc caused by some problem with the sponsoree. However, I am unable to upload the package in this condition (which is frustrating for the sponsoree because this package has had quite a few changes and he has put in a significant amount of work getting it ready for sponsoring). I was all ready to upload the package tonight too. :-( (Ying-Chun Liu will probably upload a fixed .dsc in due course, so for the record, this is the .dsc that should have been refused.) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.0 Source: xracer Binary: xracer, xracer-tools Architecture: any Version: 1:0.96.9-1 Maintainer: Ying-Chun Liu (PaulLiu) <grandpaul@gmail.com> Standards-Version: 3.7.2 Build-Depends: libjpeg62-dev, debhelper (>= 5), freeglut3-dev, gettext, html2text, perl, netpbm, libxmu-dev, libxi-dev, libtool, autoconf (>= 2.52), automake, quilt (>= 0.40), docbook-to-man Build-Conflicts: autoconf2.13 Files: 8287bfd7e9ef9a507024bf34761791d8 9562064 xracer_0.96.9.orig.tar.gz 5bbfd0dcdcdc17e59fd7127fed2fdf1a 29021 xracer_0.96.9-1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQIVAwUBRpjrfvgLgUbQQog2AQpnQQ/9Er7++cD0gb/qDg/70yU+ofC5E5lysy9u djSiMopoYR1Xy6b5mkWOew4wofEKHj08PGK6Nudu4FjAoxZ1DeIaeqdZlC+nqDvR pcL/FISLyL9BwtsfKSkyj+MjcqOQUTOX1ohyPV/qDbOUsByaYAu0uT1d1y4v5rkp AwmCHhF/BNqW0nSne5KfQwjM4qY3lekH+qAcNtMFHgifBkZLEEXh7d9H5BoQJAWv Sv5P6lRPj/W0INqWIIlE1FGec9979NZhTw9Y5G9713SWYbazGSKi6qPZYrSJZGKT 3cE4x1UO17dnOVSg556UWnCuurnM3FUWpyhg8va9goHZspjQ/MCniDuFIfqgHk7X YpTNvhZsdrXo2L3uHxoAhgFg5JoopfZNyM9CxoTxSPkb/TxpBi2QAciegpBBIYsZ X5FXjLpD/HIlRoo5iUktIjGj+zWRRR62frrUaLQJFoAlVvwJiSQvT/KDwB4qlz2t eAtMdcit1jk9ndDeXK24waW0HZWq2IIqYgETq+r6CMDNp48IfzK22gsrGqZ8jBd3 0JHJGRtXJTzf/HFWZS0LGcq7gr1JPp3KO4WhpqrJaEzGmYGET6bc9NbaBDjzIVeU Z/b5/K2MPs2kXzZmiU31E5o/soH5CjIo+Ewh+QMqaXSNVh0+ej+2wR4+oa4tOkjq 4IPBBpj/PDs= =fgz9 -----END PGP SIGNATURE----- For reference, this is my fettled .dsc (removed the GnuPG sig for obvious reasons): Format: 1.0 Source: xracer Binary: xracer, xracer-tools Architecture: any Version: 1:0.96.9-1 Maintainer: Ying-Chun Liu (PaulLiu) <grandpaul@gmail.com> Standards-Version: 3.7.2 Build-Depends: libjpeg62-dev, debhelper (>= 5), freeglut3-dev, gettext, html2text, perl, netpbm, libxmu-dev, libxi-dev, libtool, autoconf (>= 2.52), automake, quilt (>= 0.40), docbook-to-man Build-Conflicts: autoconf2.13 Files: 41bdf64eca9960ae8932e27e7ba2bea1 9562055 xracer_0.96.9.orig.tar.gz 681a348d0a1bff2b867c37893e1a62db 28722 xracer_0.96.9-1.diff.gz The change in the .diff.gz appears to be just because I build on amd64 - interdiff -z reports no differences. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpGFEuTOX1Ct.pgp
Description: PGP signature