Bug#869184: dpkg: source uploads including _amd64.buildinfo cause problems
Yves-Alexis Perez
corsac at debian.org
Sun Jun 16 16:06:07 BST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, 2019-06-16 at 15:50 +0200, Ivo De Decker wrote:
> > We regularly get biten by this issue when contributors to security
> > uploads, most recently with the bind9 upload but as well others.
>
> Is it clear in what cases this issue happens? Guillem mentioned
> "dpkg-buildpackage --changes-option=-S" in https://bugs.debian.org/869184#75
> Are there any other use cases that trigger it?
>
> As "--changes-option=-S" creates an upload that is broken from the point of
> view of the archive, it might make sense not to recommend (or even allow) this
> for now. Just building with "-S" instead should create a buildinfo file with
> _source, which won't trigger this issue.
I'm my case I'm just using pbuilder with SOURCE_ONLY_CHANGES=yes, so it builds
a complete (arch:all + arch:any) package, then generate a .changes for source-
only upload (but there's the amd64.buildinfo included).
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl0GWt8ACgkQ3rYcyPpX
RFtQ8ggAnZSlfTWlEx4sLTfq59wI7ooeFwqRn84tuF5o9wGkmu6TiqvL5iKiw2l5
4j8x/bmwvTw4VE4QW7tMCnZ3VEfiZA4NXBkFVoCvwhiDFKWhzZL058yfoRqMMIhf
O/GAnZ0FIjwn3s0k5K6TEFPHNA9CdIhHWtLBnzVfwIZt3QeuVYE0CTE9ZehTrGZe
ygr2mlyNjO+izUwqlacwyDV7vH6p0789I6ulYKn/2AfxRxf/S7C+GmKbIrXy8e+9
xTWDcuudK9BmZU2WjtzY43ER7gyzFx8AHv89AXmWZ9jcaBiFcbd0K7pKnAPsY/+x
+FwaxjrWWoIquJezCQ0RGmtPdxpE3Q==
=L3gm
-----END PGP SIGNATURE-----
More information about the Reproducible-builds
mailing list