[Pkg-gnupg-maint] Bug#753985: gpgv-udeb: fails to validate Release files (missing sha256 support)

Cyril Brulebois kibi at debian.org
Sun Jul 6 19:47:29 UTC 2014 

Package: gpgv-udeb
Version: 1.4.18-1
Severity: grave
Tags: patch
Justification: renders package unusable

Hi folks,

I'm really sorry for:
 - having failed to reply to your request in time[1];
 - having failed to deliver any testing, which led to lost user time[2]
   and is going to cost another gnupg upload.

 1. https://lists.debian.org/debian-boot/2014/01/msg00129.html
 2. https://lists.debian.org/debian-boot/2014/07/msg00007.html

I've finally spent some time on this, and checked the following things:

 a) A trivial removal of the --enable-minimal flag would need to go
    together with disabling bzip2 support; resulting udebs would be
    uninstallable due to a libbz2 dependency. d-i would then be bigger
    but functional again.

 b) Thankfully we don't need to consider the backup plan mentioned in a)
    since all we need is enabling sha256 support. Currently, Release
    files include MD5+SHA1+SHA256. You'll find a tested patch attached.
    (This means a whole installation using a netboot-gtk image.)

I also noticed "make check" isn't run for the udeb build; I don't think
it would hurt to do so (the testsuite is smart enough to notice support
for some bits wasn't enabled, see output below my signature), that's why
I'm including an extra patch adding that.

Sorry again…

Mraw,
KiBi.


Testsuite output for the udeb check:
| make[2]: Entering directory '/home/kibi/hack/gnupg.git/build-udeb/checks'
| gpg (GnuPG) 1.4.18
| Copyright (C) 2014 Free Software Foundation, Inc.
| License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
| This is free software: you are free to change and redistribute it.
| There is NO WARRANTY, to the extent permitted by law.
| 
| Home: .
| Supported algorithms:
| Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
| Cipher: 3DES
| Hash: MD5, SHA1, RIPEMD160, SHA256, SHA224
| Compression: Uncompressed, ZIP, ZLIB
| PASS: version.test
| Hash algorithm SHA-384 is not installed (not an error)
| Hash algorithm SHA-512 is not installed (not an error)
| PASS: mds.test
| PASS: decrypt.test
| PASS: decrypt-dsa.test
| MD5 SHA1 RIPEMD160 SHA256 SHA224 | PASS: sigs.test
| PASS: sigs-dsa.test
| 3DES | PASS: encrypt.test
| 3DES | PASS: encrypt-dsa.test
| PASS: seat.test
| PASS: clearsig.test
| PASS: encryptp.test
| PASS: detach.test
| PASS: armsigs.test
| PASS: armencrypt.test
| PASS: armencryptp.test
| PASS: signencrypt.test
| PASS: signencrypt-dsa.test
| PASS: armsignencrypt.test
| PASS: armdetach.test
| PASS: armdetachm.test
| PASS: detachm.test
| PASS: genkey1024.test
| 3DES | PASS: conventional.test
| 3DES | PASS: conventional-mdc.test
| PASS: multisig.test
| PASS: verify.test
| PASS: armor.test
| ===================
| All 27 tests passed
| ===================
| make[2]: Leaving directory '/home/kibi/hack/gnupg.git/build-udeb/checks'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-gpgv-udeb-by-adding-enable-sha256-which-is-neede.patch
Type: text/x-diff
Size: 1542 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140706/8fbde3ac/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Run-the-check-target-in-the-udeb-build-directory.patch
Type: text/x-diff
Size: 1110 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140706/8fbde3ac/attachment-0001.patch>

More information about the Pkg-gnupg-maint mailing list