Re: DLA-2743-1 amd64-microcode incomplete

Tue, 31 Aug 2021 07:31:50 -0700 

Hi Utkarsh,
Looking at the reports below, the DLA-2743-1 upload from a couple weeks ago did not build, probably due to specific rules for non-free. 

https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
https://buildd.debian.org/status/package.php?suite=stretch-security&p=amd64-microcode


As a result the update is currently not installable and stretch systems 
remain affected by CVE-2017-5715.


Do you plan to fix this?
(added to dla-needed.txt so we keep track)

Cheers!
Sylvain Beucler
Debian LTS Team

On 31/08/2021 13:13, Philipp Hahn wrote:

Hello Philipp Kern,

Am 30.08.21 um 11:13 schrieb Philipp Kern:

On 23.08.21 10:47, Philipp Hahn wrote:

amd64-micocode for 
<https://www.debian.org/lts/security/2021/dla-2743> looks incomplete:



The source page 
<https://packages.debian.org/search?keywords=amd64-microcode&searchon=sourcenames&suite=all&section=all> 
lists

stretch (admin): 3.20181128.1~deb9u1 [non-free] [security]



but the binary page 
<https://packages.debian.org/search?suite=all&section=all&arch=any&searchon=names&keywords=amd64-microcode> 
only:

3.20160316.3: amd64 i386

...

Similar issues already happened multiple times in the past as Debian 
autobuilders don't work as expected for non-free - see attached E-Mail.
"non-free" is also listed as an exception on 
<https://wiki.debian.org/buildd> with instructions on how to 
autobuild things. I see

Autobuild: yes

in you package, but 
<https://www.debian.org/doc/manuals/developers-reference/pkgs.html#non-free-buildd> 
talks about

XS-Autobuild: yes


cc: non-free@builddd



The package setup seems to be correct. XS-Autobuild has been set in 
the source since 10 years ago[1] and it's allowlisted on the 
wanna-build master.



However only the main archive has non-free autobuilding thus far, 
security does not. (See 
wuiet:/srv/wanna-build/triggers/trigger.{debian,security})



What needs to be done to get "amd64-micocode" in version 
"3.20181128.1~deb9u1" into "stretch-security"?

Build it manually and upload it somewhere?


Can we so something to prevent this from happening again: The source 
package is already available, but the binary packages are missing.


Philipp Hahn

























					Reply via email to