Bug#1026945: bullseye-pu: package guix/1.2.0-4

[Vagrant Cascadian <vagrant@debian.org>]

On 2022-12-24, Vagrant Cascadian wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: guix@packages.debian.org vagrant@debian.org
> Control: affects -1 + src:guix

Should I have intead filed this with the intended version
(e.g. guix/1.2.0-4+deb11u1) ? Should I just go ahead and upload, as this
fixes a FTBFS issue in bullseye?

Thanks for any guidance!


live well,
 vagrant

> [ Reason ]
>
> This fixes a FTBFS of due several test suites using expired OpenPGP
> keys. At the time the current packages in Debian were built, the keys
> had not yet expired, but was later fixed upstream:
>
>   https://issues.guix.gnu.org/55506
>
> And was reported in Debian against the 1.3.x versions and fixed by
> applying the upstream patch:
>
>   https://bugs.debian.org/1011863
>
> [ Impact ]
>
> Future security updates will not be able to be fixed without fixing
> this issue first or disabling the affected tests.
>
> [ Tests ]
>
> Building the package succeeds with the patch; test suites pass.
>
> [ Risks ]
>
> None known at this time.
>
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable
>
> [ Changes ]
>
> Replaces the OpenPGP keys that have expired with keys with no
> expiration date.
>
> [ Other info ]
>
> None.
>
>
> live well,
>   vagrant
> diff -Nru guix-1.2.0/debian/changelog guix-1.2.0/debian/changelog
> --- guix-1.2.0/debian/changelog	2021-03-27 19:18:29.000000000 -0700
> +++ guix-1.2.0/debian/changelog	2022-12-24 07:16:17.000000000 -0800
> @@ -1,3 +1,11 @@
> +guix (1.2.0-4+deb11u1) bullseye; urgency=medium
> +
> +  [ Santiago Vila ]
> +  * debian/patches: Remove expiration dates on openpgp keys used in test
> +    suite. (Closes: #1011863).
> +
> + -- Vagrant Cascadian <vagrant@debian.org>  Sat, 24 Dec 2022 07:16:17 -0800
> +
>  guix (1.2.0-4) unstable; urgency=medium
>  
>    * debian/patches: Fix privilege escalation issue in
> diff -Nru guix-1.2.0/debian/patches/series guix-1.2.0/debian/patches/series
> --- guix-1.2.0/debian/patches/series	2021-03-18 15:14:54.000000000 -0700
> +++ guix-1.2.0/debian/patches/series	2022-12-24 06:55:26.000000000 -0800
> @@ -38,3 +38,4 @@
>  0028-tests-lint.scm-Disable-several-lint-tests-that-fail-.patch
>  0029-tests-swh.scm-Disable-tests-the-fail-with-guile-2.2.patch
>  security/daemon-Prevent-privilege-escalation-with-keep-failed.patch
> +tests-Ensure-test-OpenPGP-keys-never-expire.patch
> diff -Nru guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch
> --- guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch	1969-12-31 16:00:00.000000000 -0800
> +++ guix-1.2.0/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch	2022-12-24 06:55:26.000000000 -0800
> @@ -0,0 +1,55 @@
> +From 3ae7632ca0a1edca9d8c3c766efb0dcc8aa5da37 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> +Date: Wed, 18 May 2022 23:20:21 +0200
> +Subject: [PATCH] tests: Ensure test OpenPGP keys never expire.
> +
> +All these keys had expiration dates.  'tests/keys/ed25519.pub' expired
> +on 2022-04-24.
> +
> +Fixes <https://issues.guix.gnu.org/55506>.
> +
> +* tests/keys/ed25519.pub, tests/keys/ed25519-2.pub,
> +tests/keys/ed25519-3.pub: Remove expiration date.
> +---
> + tests/keys/ed25519-2.pub | 11 +++++------
> + tests/keys/ed25519-3.pub | 10 +++++-----
> + tests/keys/ed25519.pub   | 10 +++++-----
> + 3 files changed, 15 insertions(+), 16 deletions(-)
> +
> +Adjusted to apply to older locations present in 1.3.0.
> +
> +--- a/tests/ed25519bis.key
> ++++ b/tests/ed25519bis.key
> +@@ -1,10 +1,9 @@
> + -----BEGIN PGP PUBLIC KEY BLOCK-----
> + 
> + mDMEXtVsNhYJKwYBBAHaRw8BAQdAnLsYdh3BpeK1xDguJE80XW2/MSmqeeP6pbQw
> +-8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IlgQTFggA
> +-PhYhBKBDaY1jer75FlruS4IkDtyrgNqDBQJe1Ww2AhsDBQkDwmcABQsJCAcCBhUK
> +-CQgLAgQWAgMBAh4BAheAAAoJEIIkDtyrgNqDM6cA/idDdoxo9SU+witdTXt24APH
> +-yRzHbX9Iyh4dZNIek9JwAP9E0BwSvDHB4LY9z4RWf2hJp3dm/yZ/jEpK+w4BGN4J
> +-Ag==
> +-=JIU0
> ++8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IkAQTFggA
> ++OAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBKBDaY1jer75FlruS4IkDtyr
> ++gNqDBQJihWJtAAoJEIIkDtyrgNqDbs0BAPOaGSYf3pX3DReEe1zbxxVQrolX9/AZ
> ++VP0AOt0TAgkzAP0Sr7G1NuCtjWWGK1WmlyTFPhOWLhNriKgZFkBZrGypAw==
> ++=pdTB
> + -----END PGP PUBLIC KEY BLOCK-----
> +--- a/tests/ed25519.key
> ++++ b/tests/ed25519.key
> +@@ -2,9 +2,9 @@
> + 
> + mDMEXqNaoBYJKwYBBAHaRw8BAQdArviKtelb4g0I3zx9xyDS40Oz8i1/LRXqppG6
> + b23Hdim0KEVkIFR3by1GaWZ0eSA8bHVkbyt0ZXN0LWVjY0BjaGJvdWliLm9yZz6I
> +-lgQTFggAPhYhBETTHiGvcTj5tjIoCncfScv6rgctBQJeo1qgAhsDBQkDwmcABQsJ
> +-CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHcfScv6rgctq4MA/1R9G0roEwrHwmTd
> +-DHxt211eLqupwXE0Z7xY2FH6DHk9AP4owEefBU7jQprSAzBS+c6gdS3SCCKKqAh6
> +-ToZ4LmbKAw==
> +-=FXMK
> ++kAQTFggAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBETTHiGvcTj5tjIo
> ++CncfScv6rgctBQJihWH6AAoJEHcfScv6rgctfPMBAPv+yPmEgM+J6D1nZjXsO4zW
> +++4e3y2Ez+QxgI2tn8Z2xAQDBUWyyu0X+8dguGmVlsaiQdkazaUSpexvIhh9zONYw
> ++Bg==
> ++=s4Vp
> + -----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: PGP signature