Bug#753985: marked as done (gpgv-udeb: fails to validate Release files (missing sha256 support))

[Debian Bug Tracking System]

Your message dated Mon, 07 Jul 2014 18:48:41 +0000
with message-id <e1x4dxx-0000ug...@franck.debian.org>
and subject line Bug#753985: fixed in gnupg 1.4.18-2
has caused the Debian Bug report #753985,
regarding gpgv-udeb: fails to validate Release files (missing sha256 support)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
753985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: gpgv-udeb
Version: 1.4.18-1
Severity: grave
Tags: patch
Justification: renders package unusable

Hi folks,

I'm really sorry for:
 - having failed to reply to your request in time[1];
 - having failed to deliver any testing, which led to lost user time[2]
   and is going to cost another gnupg upload.

 1. https://lists.debian.org/debian-boot/2014/01/msg00129.html
 2. https://lists.debian.org/debian-boot/2014/07/msg00007.html

I've finally spent some time on this, and checked the following things:

 a) A trivial removal of the --enable-minimal flag would need to go
    together with disabling bzip2 support; resulting udebs would be
    uninstallable due to a libbz2 dependency. d-i would then be bigger
    but functional again.

 b) Thankfully we don't need to consider the backup plan mentioned in a)
    since all we need is enabling sha256 support. Currently, Release
    files include MD5+SHA1+SHA256. You'll find a tested patch attached.
    (This means a whole installation using a netboot-gtk image.)

I also noticed "make check" isn't run for the udeb build; I don't think
it would hurt to do so (the testsuite is smart enough to notice support
for some bits wasn't enabled, see output below my signature), that's why
I'm including an extra patch adding that.

Sorry again…

Mraw,
KiBi.


Testsuite output for the udeb check:
| make[2]: Entering directory '/home/kibi/hack/gnupg.git/build-udeb/checks'
| gpg (GnuPG) 1.4.18
| Copyright (C) 2014 Free Software Foundation, Inc.
| License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
| This is free software: you are free to change and redistribute it.
| There is NO WARRANTY, to the extent permitted by law.
| 
| Home: .
| Supported algorithms:
| Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
| Cipher: 3DES
| Hash: MD5, SHA1, RIPEMD160, SHA256, SHA224
| Compression: Uncompressed, ZIP, ZLIB
| PASS: version.test
| Hash algorithm SHA-384 is not installed (not an error)
| Hash algorithm SHA-512 is not installed (not an error)
| PASS: mds.test
| PASS: decrypt.test
| PASS: decrypt-dsa.test
| MD5 SHA1 RIPEMD160 SHA256 SHA224 | PASS: sigs.test
| PASS: sigs-dsa.test
| 3DES | PASS: encrypt.test
| 3DES | PASS: encrypt-dsa.test
| PASS: seat.test
| PASS: clearsig.test
| PASS: encryptp.test
| PASS: detach.test
| PASS: armsigs.test
| PASS: armencrypt.test
| PASS: armencryptp.test
| PASS: signencrypt.test
| PASS: signencrypt-dsa.test
| PASS: armsignencrypt.test
| PASS: armdetach.test
| PASS: armdetachm.test
| PASS: detachm.test
| PASS: genkey1024.test
| 3DES | PASS: conventional.test
| 3DES | PASS: conventional-mdc.test
| PASS: multisig.test
| PASS: verify.test
| PASS: armor.test
| ===================
| All 27 tests passed
| ===================
| make[2]: Leaving directory '/home/kibi/hack/gnupg.git/build-udeb/checks'

>From 716ad8686c8dc274d62399042cd89a1549ce817e Mon Sep 17 00:00:00 2001
From: Cyril Brulebois <k...@debian.org>
Date: Sun, 6 Jul 2014 21:25:45 +0200
Subject: [PATCH 1/2] Fix gpgv-udeb by adding --enable-sha256, which is needed
 to validate Release files.

---
 debian/changelog | 7 +++++++
 debian/rules     | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 4987723..db5868a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+gnupg (1.4.18-2) UNRELEASED; urgency=medium
+
+  * Fix gpgv-udeb by adding --enable-sha256, which is needed to validate
+    Release files.
+
+ -- Cyril Brulebois <k...@debian.org>  Sun, 06 Jul 2014 21:10:24 +0200
+
 gnupg (1.4.18-1) unstable; urgency=medium
 
   * New upstream release.
diff --git a/debian/rules b/debian/rules
index 683b8b2..6878842 100755
--- a/debian/rules
+++ b/debian/rules
@@ -22,7 +22,7 @@ CONFARGS  = --prefix=/usr --libexecdir=/usr/lib/ \
             --enable-noexecstack
 
 CONFARGS_FULL    = --enable-mailto --with-mailprog=/usr/sbin/sendmail
-CONFARGS_MINIMAL = --enable-minimal --enable-rsa --disable-nls --disable-regex --disable-gnupg-iconv --disable-gettext --without-iconv --without-readline --without-zlib
+CONFARGS_MINIMAL = --enable-minimal --enable-rsa --disable-nls --disable-regex --disable-gnupg-iconv --disable-gettext --without-iconv --without-readline --without-zlib --enable-sha256
 
 ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
 HOSTARG += --host=$(DEB_HOST_GNU_TYPE)
-- 
2.0.1


>From 46e6fd9616a8bf39f3fd0e8f3d5e822122a5bcce Mon Sep 17 00:00:00 2001
From: Cyril Brulebois <k...@debian.org>
Date: Sun, 6 Jul 2014 21:46:32 +0200
Subject: [PATCH 2/2] Run the check target in the udeb build directory.

---
 debian/changelog | 1 +
 debian/rules     | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index db5868a..1e134e9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ gnupg (1.4.18-2) UNRELEASED; urgency=medium
 
   * Fix gpgv-udeb by adding --enable-sha256, which is needed to validate
     Release files.
+  * Run the check target in the udeb build directory.
 
  -- Cyril Brulebois <k...@debian.org>  Sun, 06 Jul 2014 21:10:24 +0200
 
diff --git a/debian/rules b/debian/rules
index 6878842..1d30d25 100755
--- a/debian/rules
+++ b/debian/rules
@@ -81,6 +81,9 @@ endif
 build-udeb-stamp: build-udeb/config.status
 	dh_testdir
 	$(MAKE) -C build-udeb/
+ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
+	make -C build-udeb/checks check || exit 1
+endif
 	touch $@
 
 build-win32-stamp: build-win32/config.status
-- 
2.0.1

--- End Message ---

--- Begin Message ---

Source: gnupg
Source-Version: 1.4.18-2

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 753...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 07 Jul 2014 19:55:02 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.18-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description:
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
 gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 753985
Changes:
 gnupg (1.4.18-2) unstable; urgency=medium
 .
   [ Cyril Brulebois ]
   * Fix gpgv-udeb by adding --enable-sha256, which is needed to validate
     Release files. (Closes: 753985).
   * Run the check target in the udeb build directory.
Checksums-Sha1:
 3a1909e706207f086f44d0f8f2d64f4b3d060e46 2001 gnupg_1.4.18-2.dsc
 b22f935cc374c1ff04de3ea92b9538e52e3bf34a 25004 gnupg_1.4.18-2.debian.tar.xz
 8c1f4275f91157cbd8bc8a3d1c25fd1d1a53438d 550630 gpgv-win32_1.4.18-2_all.deb
 4b1eab3c6dfa456b61b00f501fc5afa06e66a824 1138600 gnupg_1.4.18-2_amd64.deb
 b493d2383d830c9adac64652991c00645b566d19 62200 gnupg-curl_1.4.18-2_amd64.deb
 0b15041ef3b9ef1942627e22eb38c71677f512cf 204560 gpgv_1.4.18-2_amd64.deb
 9fdd02758386af346ba763e0f19465ee04eb7b20 244054 gnupg-udeb_1.4.18-2_amd64.udeb
 5516d3a428b96007edaa6438638945b4052c59e2 128042 gpgv-udeb_1.4.18-2_amd64.udeb
Checksums-Sha256:
 297d335f556ef6c4f278db112255752c39370749dfb138a659cfa6a83ccd61b7 2001 
gnupg_1.4.18-2.dsc
 d8ed21773db1d734e7e71c1762e565437f8d0a4c271fd8ae90a4f1188e51fa0a 25004 
gnupg_1.4.18-2.debian.tar.xz
 b92e7adefa7896ea7ea01d8899c53aef184b9a0b2a102ce618c4bf64d025d88a 550630 
gpgv-win32_1.4.18-2_all.deb
 70826db507f07d2788413feae5bbd6849d28b8d2a43bd14e9d2749ce1f8056aa 1138600 
gnupg_1.4.18-2_amd64.deb
 bdb01af050cfdab43e1a9cf95191dd5bf129874d0c6c3f16ae02f81cf436637f 62200 
gnupg-curl_1.4.18-2_amd64.deb
 53796f90a52241b2ccc295ccfe1989666d9dea528ab3fcc85b922dd921a4633a 204560 
gpgv_1.4.18-2_amd64.deb
 271f7b97050bdce772f1d30536d8302a6f1e029ec455d76bb0d98b1f5c9a665f 244054 
gnupg-udeb_1.4.18-2_amd64.udeb
 0bb796a8f278a45f57977f0374202940027c8d18851a74c8f337dadd530cb8dc 128042 
gpgv-udeb_1.4.18-2_amd64.udeb
Files:
 a8979245b8543ab97b84dc5c3fa0e828 550630 utils extra gpgv-win32_1.4.18-2_all.deb
 a87969848a1bf48b4fc96ced8bab1b70 1138600 utils important 
gnupg_1.4.18-2_amd64.deb
 fde1957223670035060bc386edb54f6b 62200 utils optional 
gnupg-curl_1.4.18-2_amd64.deb
 242454384d7128d5182fbe32783ca2e6 204560 utils important gpgv_1.4.18-2_amd64.deb
 076123ea9e9a6417b846c78bcbab1a92 244054 debian-installer extra 
gnupg-udeb_1.4.18-2_amd64.udeb
 0455d77cdb912cad2cc411d0c08eafef 128042 debian-installer extra 
gpgv-udeb_1.4.18-2_amd64.udeb
 275debf9383dbe376a60f1f34809a7e3 2001 utils important gnupg_1.4.18-2.dsc
 126b8261cb8ba526cfad3eab1e66e808 25004 utils important 
gnupg_1.4.18-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJTuulyAAoJEFb2GnlAHawEaa4H/0U6v5RSg6eyLACZpzwQB0Of
Bf15D9824mMpW8XrAXb5pdoTkixqNIgE+t7AMqz+wP9zhYLYME1/QBrLA4+KWarx
2bc+yXi1DsFX2lZ/QJb8Rh0ikINKuSpRf7sFvZqMu094gHl11ZcXaXmOLJKBy6It
Q9pxC0aRuxhavShSm4nvMYl8QpS5xDxRTwPP1bPIfXfp66GtaNcrUMdA1n4V6Awa
fdTliIjn1R29ukGhQWSgoATutjL8zBDucVK/Wi+5KeqYaRQK9zggubklOdb7KJrE
79ES0k9C1jtlzkkO3je4MBgnfrSJwGNTYxDmOjESuLBx9xcxzpkkw9vS3skpDso=
=zHqR
-----END PGP SIGNATURE-----

--- End Message ---