Package: reprepro
Version: 5.4.6+really5.3.2-1
Severity: normal
Dear Maintainer,
I am encountering a regression or an outdated strictness in reprepro
when processing source packages built for Debian Trixie/unstable.
Starting recently, Lintian now tags Priority:
optional in the Source stanza as redundant (see:
redundant-priority-optional-field). Consequently, some packages
(specifically libnice) have begun dropping this field from their
debian/control source headers.
I am using reprepro as a backend for a mini-buildd system and when the
daemon has built the packages, it uploads them to the incoming queue to
be included in the repository managed by reprepro.
Problem: When reprepro processes a .dsc file that lacks an explicit
Priority field in the metadata block, it fails with the following errors:
Plaintext
```
E: ? reprepro.. (stderr): Could not check validity of signature with
'[FINGERPRINT]' in 'package.dsc' as public key missing!
E: ? reprepro.. (stderr): No priority for 'package', skipping.
```
Observations:
* The "public key missing" error is a red herring; the key is present
in the keyring, but reprepro appears to abort metadata extraction
when the Priority field is missing, leading to a failure in the
signature-to-package association logic.
* The same package, when signed with the same key but containing
Priority: optional, is accepted without issue.
* As Debian moves toward making this field optional/redundant for
Source stanzas, reprepro should be updated to provide a sensible
default (likely optional) if the field is absent in the .dsc, rather
than aborting the import.
Steps to reproduce:
* Build a source package where the Source stanza in debian/control
lacks a Priority field.
* Attempt to include this package in a repository using reprepro
include or via mini-buildd.
* reprepro will reject the package with "No priority for [package],
skipping."
mini-buildd has a bug [1] that requests checking for that field, but it
seems to be superseded by the debian policy change [2]
The Policy says it's not strictly mandatory for the .dsc, but reprepro uses a
stricter internal v alidation schema. When reprepro encounters a source
package without a priority, it doesn't know what to put in the Priority: field
of the Sources index it is generating, so it crashes.
* Field Definition: Debian Policy 5.6.7 (Priority)
* Source Package Control File (.dsc): Debian Policy 5.4
* Binary Package Control File: Debian Policy 5.3
Please consider updating the parser to treat a missing Priority field
in the Source block as optional to align with the current Debian Policy
transition.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106857
[2] https://lintian.debian.org/tags/redundant-priority-optional-field.html
-- System Information:
Debian Release: 13.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.25-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages reprepro depends on:
ii libarchive13t64 3.7.4-4
ii libbz2-1.0 1.0.8-6
ii libc6 2.41-12
ii libdb5.3t64 5.3.28+dfsg2-9
ii libgpg-error0 1.51-4
ii libgpgme11t64 1.24.2-3
ii liblzma5 5.8.1-1
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
ii zstd 1.5.7+dfsg-1
Versions of packages reprepro recommends:
ii apt 3.0.3
Versions of packages reprepro suggests:
ii gpg-agent 2.4.7-21+b3
pn inoticoming <none>
ii lzip 1.25-3
ii pinentry-curses 1.3.1-2
-- no debconf information
--
g. Marc
GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B
