On 2022-12-24, Vagrant Cascadian wrote: > Package: release.debian.org > Severity: normal > Tags: bullseye > User: release.debian.org@packages.debian.org > Usertags: pu > X-Debbugs-Cc: guix@packages.debian.org vagrant@debian.org > Control: affects -1 + src:guix Should I have intead filed this with the intended version (e.g. guix/1.2.0-4+deb11u1) ? Should I just go ahead and upload, as this fixes a FTBFS issue in bullseye? Thanks for any guidance! live well, vagrant > [ Reason ] > > This fixes a FTBFS of due several test suites using expired OpenPGP > keys. At the time the current packages in Debian were built, the keys > had not yet expired, but was later fixed upstream: > > https://issues.guix.gnu.org/55506 > > And was reported in Debian against the 1.3.x versions and fixed by > applying the upstream patch: > > https://bugs.debian.org/1011863 > > [ Impact ] > > Future security updates will not be able to be fixed without fixing > this issue first or disabling the affected tests. > > [ Tests ] > > Building the package succeeds with the patch; test suites pass. > > [ Risks ] > > None known at this time. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in (old)stable > [x] the issue is verified as fixed in unstable > > [ Changes ] > > Replaces the OpenPGP keys that have expired with keys with no > expiration date. > > [ Other info ] > > None. > > > live well, > vagrant > diff -Nru guix-1.2.0/debian/changelog guix-1.2.0/debian/changelog > --- guix-1.2.0/debian/changelog 2021-03-27 19:18:29.000000000 -0700 > +++ guix-1.2.0/debian/changelog 2022-12-24 07:16:17.000000000 -0800 > @@ -1,3 +1,11 @@ > +guix (1.2.0-4+deb11u1) bullseye; urgency=medium > + > + [ Santiago Vila ] > + * debian/patches: Remove expiration dates on openpgp keys used in test > + suite. (Closes: #1011863). > + > + -- Vagrant Cascadian <vagrant@debian.org> Sat, 24 Dec 2022 07:16:17 -0800 > + > guix (1.2.0-4) unstable; urgency=medium > > * debian/patches: Fix privilege escalation issue in > diff -Nru guix-1.2.0/debian/patches/series guix-1.2.0/debian/patches/series > --- guix-1.2.0/debian/patches/series 2021-03-18 15:14:54.000000000 -0700 > +++ guix-1.2.0/debian/patches/series 2022-12-24 06:55:26.000000000 -0800 > @@ -38,3 +38,4 @@ > 0028-tests-lint.scm-Disable-several-lint-tests-that-fail-.patch > 0029-tests-swh.scm-Disable-tests-the-fail-with-guile-2.2.patch > security/daemon-Prevent-privilege-escalation-with-keep-failed.patch > +tests-Ensure-test-OpenPGP-keys-never-expire.patch > diff -Nru guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch > --- guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch 1969-12-31 16:00:00.000000000 -0800 > +++ guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch 2022-12-24 06:55:26.000000000 -0800 > @@ -0,0 +1,55 @@ > +From 3ae7632ca0a1edca9d8c3c766efb0dcc8aa5da37 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> > +Date: Wed, 18 May 2022 23:20:21 +0200 > +Subject: [PATCH] tests: Ensure test OpenPGP keys never expire. > + > +All these keys had expiration dates. 'tests/keys/ed25519.pub' expired > +on 2022-04-24. > + > +Fixes <https://issues.guix.gnu.org/55506>. > + > +* tests/keys/ed25519.pub, tests/keys/ed25519-2.pub, > +tests/keys/ed25519-3.pub: Remove expiration date. > +--- > + tests/keys/ed25519-2.pub | 11 +++++------ > + tests/keys/ed25519-3.pub | 10 +++++----- > + tests/keys/ed25519.pub | 10 +++++----- > + 3 files changed, 15 insertions(+), 16 deletions(-) > + > +Adjusted to apply to older locations present in 1.3.0. > + > +--- a/tests/ed25519bis.key > ++++ b/tests/ed25519bis.key > +@@ -1,10 +1,9 @@ > + -----BEGIN PGP PUBLIC KEY BLOCK----- > + > + mDMEXtVsNhYJKwYBBAHaRw8BAQdAnLsYdh3BpeK1xDguJE80XW2/MSmqeeP6pbQw > +-8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IlgQTFggA > +-PhYhBKBDaY1jer75FlruS4IkDtyrgNqDBQJe1Ww2AhsDBQkDwmcABQsJCAcCBhUK > +-CQgLAgQWAgMBAh4BAheAAAoJEIIkDtyrgNqDM6cA/idDdoxo9SU+witdTXt24APH > +-yRzHbX9Iyh4dZNIek9JwAP9E0BwSvDHB4LY9z4RWf2hJp3dm/yZ/jEpK+w4BGN4J > +-Ag== > +-=JIU0 > ++8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IkAQTFggA > ++OAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBKBDaY1jer75FlruS4IkDtyr > ++gNqDBQJihWJtAAoJEIIkDtyrgNqDbs0BAPOaGSYf3pX3DReEe1zbxxVQrolX9/AZ > ++VP0AOt0TAgkzAP0Sr7G1NuCtjWWGK1WmlyTFPhOWLhNriKgZFkBZrGypAw== > ++=pdTB > + -----END PGP PUBLIC KEY BLOCK----- > +--- a/tests/ed25519.key > ++++ b/tests/ed25519.key > +@@ -2,9 +2,9 @@ > + > + mDMEXqNaoBYJKwYBBAHaRw8BAQdArviKtelb4g0I3zx9xyDS40Oz8i1/LRXqppG6 > + b23Hdim0KEVkIFR3by1GaWZ0eSA8bHVkbyt0ZXN0LWVjY0BjaGJvdWliLm9yZz6I > +-lgQTFggAPhYhBETTHiGvcTj5tjIoCncfScv6rgctBQJeo1qgAhsDBQkDwmcABQsJ > +-CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHcfScv6rgctq4MA/1R9G0roEwrHwmTd > +-DHxt211eLqupwXE0Z7xY2FH6DHk9AP4owEefBU7jQprSAzBS+c6gdS3SCCKKqAh6 > +-ToZ4LmbKAw== > +-=FXMK > ++kAQTFggAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBETTHiGvcTj5tjIo > ++CncfScv6rgctBQJihWH6AAoJEHcfScv6rgctfPMBAPv+yPmEgM+J6D1nZjXsO4zW > +++4e3y2Ez+QxgI2tn8Z2xAQDBUWyyu0X+8dguGmVlsaiQdkazaUSpexvIhh9zONYw > ++Bg== > ++=s4Vp > + -----END PGP PUBLIC KEY BLOCK-----
Attachment:
signature.asc
Description: PGP signature