Page MenuHomePhabricator

anonymous package rebuilds difficult when changing debian/changelog e-mail address
Closed, ResolvedPublic

Description

abstract issue description:

When in e-mail address /name of the maintainer in debian/control does not match debian/changelog, then lintian will show a warning.

lintian runs as part of the generic makefile's make deb-pkg by default, unless environment variable make_use_lintian is set to false. This is useful to catch newly introduced errors that lintian would report.

example issue description:

Example debian/control:

Maintainer: Patrick Schleizer <adrelanos@riseup.net>

Working debian/changelog:

-- Patrick Schleizer <adrelanos@riseup.net>  Wed, 04 Feb 2015 00:53:01 +0000

Defunct debian/changelog:

-- X Y <x@y.com>  Wed, 04 Feb 2015 00:53:01 +0000

lintian warnings:

+ lintian --pedantic --info --display-info --fail-on-warnings
W: whonix-repository source: changelog-should-mention-nmu
N: 
N:    When you NMU a package, that fact should be mentioned on the first line
N:    in the changelog entry. Use the words "NMU" or "Non-maintainer upload"
N:    (case insensitive).
N:    
N:    Maybe you didn't intend this upload to be a NMU, in that case, please
N:    doublecheck that the most recent entry in the changelog is byte-for-byte
N:    identical to the maintainer or one of the uploaders. If this is a local
N:    package (not intended for Debian), you can suppress this warning by
N:    putting "local" in the version number or "local package" on the first
N:    line of the changelog entry.
N:    
N:    Refer to Debian Developer's Reference section 5.11.3 (Using the DELAYED/
N:    queue) for details.
N:    
N:    Severity: normal, Certainty: certain
N:    
N:    Check: nmu, Type: source
N: 
W: whonix-repository source: source-nmu-has-incorrect-version-number 3:1.1-1
N: 
N:    A source NMU should have a Debian revision of "-x.x" (or "+nmuX" for a
N:    native package). This is to prevent stealing version numbers from the
N:    maintainer.
N:    
N:    Maybe you didn't intend this upload to be a NMU, in that case, please
N:    doublecheck that the most recent entry in the changelog is byte-for-byte
N:    identical to the maintainer or one of the uploaders. If this is a local
N:    package (not intended for Debian), you can suppress this warning by
N:    putting "local" in the version number or "local package" on the first
N:    line of the changelog entry.
N:    
N:    Refer to Debian Developer's Reference section 5.11.2 (NMUs and
N:    debian/changelog) for details.
N:    
N:    Severity: normal, Certainty: certain
N:    
N:    Check: nmu, Type: source
N:

current workarounds:

  • Adding to debian/control for example something like this:
Uploader: Patrick Schleizer <adrelanos@riseup.net>
  • "Keeping the false names."

Why is that problematic?:

It makes package rebuilds by anonymous people harder. They wouldn't just have to bump debian/changelog, but also have to modify debian/control.

As a current practical example, for building the qubes-whonix package, Patrick would have to modify debian/control first (and get that patch merged), then bump the changelog version, then build the package. Or as a really non-ideal solution, keep Jason's name.

non-solutions:

  • Adding lintian overrides to all the packages. Would make inclusion of packages into the Debian repository harder - maintainers would have to remove these files first.
  • Not failing closed on lintian warnings by default would be a pity, now that all lintian warnings, even when running --pedantic are fixed, no?

possible solution:

Having a lintian vendor profile, that disables these lintian tests.

Event Timeline

Patrick created this task.Feb 15 2015, 11:34 AM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added subscribers: Patrick, WhonixQubes, nrgaway.

I can change or modify it to whatever works.

Do you already have a vendor profile I can use that you know works? Or maybe another suggestion. I will then implement it; or you can push changes and I will update the master branch.

Do you already have a vendor profile I can use that you know works?

Not yet, but it looks simple.

Instead of using.

anon-base-files (3:0.8-1) unstable; urgency=low

  * New upstream version.

 -- Patrick Schleizer <adrelanos@riseup.net>  Wed, 04 Feb 2015 00:51:16 +0000

Also using the following would work.

anon-base-files (3:0.8-1) unstable; urgency=low

  * New upstream version (local package).

 -- X Y <x@y.net>  Wed, 04 Feb 2015 00:51:16 +0000

In other words. So instead of using as changelog message.

* New upstream version.

Changing the changelog message to.

* New upstream version (local package).

Does the trick.

Unless there are objections, I a solution along this implementation path should be preferred. Much simpler than a lintian profile, that would require setting the LINTIAN_ROOT environment variable.

Patrick closed this task as Resolved.Feb 15 2015, 6:40 PM
Patrick claimed this task.

done,
makefile generic: set default message for make deb-chl-bumpup to "New upstream version (local package)." and made it configurable by DEBCHANGE_MSG environment variable to ease anonymous package rebuilds when changing debian/changelog e-mail address:
https://github.com/Whonix/Whonix/commit/c1174ecaad44492f733ce73874328dd990082394