[SRU] backport fdroidserver 1.0.9-1 from cosmic to bionic

Thank you for driving this!

I'm concerned about the dependency changes and the Debian tracker suggesting that syncing this will result in installability problems. Separately though, following our IRC discussion I believe this is blocked on bug 1758199.

Status changed to 'Confirmed' because the bug affects multiple users.

The changes are large, since we were working to get the latest version into Debian in time for the Bionic Debian Import Freeze, which we narrowly missed. We've been testing against Bionic for the past couple months, so that is the target for this work.

What's the plan for Bionic? The currently packaged fdroidserver 1.0.2-1 appears to be broken (unusable). Will it simply be updated to 1.0.6-1? Or will the individual bugs be fixed?

My plan is to get Ubuntu to accept the whole new package, since I've
been working upstream fixing Ubuntu/bionic bugs.

All the updates since fdroidserver 1.0.2 that are in 1.0.8-3 have been made to polish the release for bionic. So no new features, only directly related bugfixes. It also now has autopkgtest passing on ARM and x86 https://autopkgtest.ubuntu.com/packages/fdroidserver, and also in Debian: https://ci.debian.net/packages/f/fdroidserver/testing/amd64/

Also, for the record, the upstream dev process includes a large test suite:
https://gitlab.com/fdroid/fdroidserver/pipelines/25114656

This release fixes 1763090 and 1762183

> The currently packaged fdroidserver 1.0.2-1 appears to be broken (unusable).

If this is the case, then we may not have to worry as much about regression risk to users as there aren't any users of the package in 18.04. So please could you elaborate on how exactly it's currently broken so that we (the SRU team) can assess regression risk?

Syncing backwards is generally not done - usually we need a rebuild to ensure that dependencies determined at build time can be met at runtime. Can somebody prepare, test and upload a backport to 18.04? This would have no changes except for a changelog addition if that works, with any other changes needed to make the backport work as necessary.

For backports, we maintain a PPA with official releases, which includes a bionic backport that is a pure rebuild of 1.0.8-3:
* https://launchpad.net/~fdroid/+archive/ubuntu/fdroidserver/+packages?field.name_filter=fdroidserver&field.status_filter=published&field.series_filter=

We also include a full test suite run on Ubuntu LTS/bionic for all commits pushed to upstream's _master_ branch:
* https://gitlab.com/fdroid/fdroidserver/-/jobs/80758179
* https://gitlab.com/fdroid/fdroidserver/blob/1.0.8/.gitlab-ci.yml#L62

As for how it is currently broken in bionic, see:
* https://bugs.launchpad.net/ubuntu/+source/fdroidserver/+bug/1763090
* https://bugs.launchpad.net/ubuntu/+source/fdroidserver/+bug/1762183

Backport requested:
https://bugs.launchpad.net/bionic-backports/+bug/1781570

I think you misunderstand me. A backport via the backports pocket (feature updates that are opt in for users) is fine. But we can also ship a backport via the updates pocket (updates that are recommended for automatic upgrade by users). In this case it looks like it'll meet the stricter requirements of the updates pocket as it'd a bugfix-only backport.

My point was that you can't do a "sync"; you have to do a "backport" of the package (by adding another changelog entry with a bug reference etc) and get that sponsored/uploaded in order for me (in the SRU team) to be able to accept it. This is distinct from the backports process, which is a separate process to provide opt-in feature enhancements.

Ok, following the example of https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553, I hope I got it right this time. I have made a debdiff for the bugfix-only, rebuild-only, backport from Cosmic. It is just a change to the changelog with the bug numbers. It is attached.

I made an upstream 1.0.9 release with a couple of key bugs we just found in a big round of testing. I included this fixes upstream so there is also a stable release in the other channels. The target platform for the 1.0.9 release is still Ubuntu/bionic.

Changing the version based on apw's recommended version: "a quick look says your version number is suspect, as that would be higher than cosmic, 1.0.9-1~18.04.1 would be fine I think"

Reviewed and sponsored to bionic-proposed.

Hello Hans-Christoph, or anyone else affected,

Accepted fdroidserver into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fdroidserver/1.0.9-1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Tested upgrading from 1.0.2-1 and ran the full test suite. This was in a chroot starting with a minimal install.

Both tags are now switched to done, I think that's the correct thing to do, since this SRU only affects bionic.

This bug was fixed in the package fdroidserver - 1.0.9-1~18.04.1

---------------
fdroidserver (1.0.9-1~18.04.1) bionic; urgency=medium

  * Backport from Cosmic. (LP: #1758196)
  * fix broken openjdk dependency (LP: #1763090)
  * fix missing Python distutils dependency (LP: #1762183)

fdroidserver (1.0.9-1) unstable; urgency=medium

  * New upstream version

fdroidserver (1.0.8-3) unstable; urgency=medium

  * hack to get autopkgtest to skip failing gpg test

fdroidserver (1.0.8-2) unstable; urgency=medium

  * autopkgtest: explicitly purge gnupg so tests pass

fdroidserver (1.0.8-1) unstable; urgency=medium

  * New upstream version
  * remove python3-distutils, it is no longer needed

fdroidserver (1.0.7-2) unstable; urgency=medium

  * Depends: python3-distutils so its always there

fdroidserver (1.0.7-1) unstable; urgency=medium

  * New upstream release
  * fix autopkgtest

fdroidserver (1.0.6-1) unstable; urgency=medium

  * New upstream release

fdroidserver (1.0.4-3) unstable; urgency=medium

  * fix autopkgtest run: working dir, and UTF-8 environment

fdroidserver (1.0.4-2) unstable; urgency=medium

  * run upstream testsuite using autopkgtest

fdroidserver (1.0.4-1) unstable; urgency=medium

  * New upstream version 1.0.4
  * Standards-Version: 4.1.4 no changes
  * support all the Java 10 and 11 packages
  * works with only androguard, removed optional deps
  * add debian/upstream/metadata file
  * Depends: androguard only on arches where it works

fdroidserver (1.0.3-2) unstable; urgency=medium

  * only depend on aapt/androguard/zipalign on arches where available

fdroidserver (1.0.3-1) unstable; urgency=medium

  * New upstream version
  * tighten up Depends to install fewer packages

 -- Hans-Christoph Steiner <email address hidden> Tue, 10 Jul 2018 21:12:38 +0200

The verification of the Stable Release Update for fdroidserver has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.