[FFe] request to get gsasl 2.2.0 into kinetic

Attached is the changelog (NEWS) diff beteween v2.0.1 and v2.2.0.

Recently gsasl was added to main as a mutt dependency (LP# 1972866). The TLS updates in this FFe offers a significant benefit in securing mutt.

The bug patches, additional tests, and demonstrating interoperability with other SASL suite tests help prove that the chance of regression is low.

Building v2.2.0 from Debian unstable went smoothly. As with previous release, some build tests are being skipped. Simon: can these be enabled?

Installing from deb file required `apt --fix-broken install` to install libgsasl18 dependency.

Re SKIP'ed tests, here is the situation:

SKIP: gsasl-mailutils-cram.sh
SKIP: gsasl-mailutils-tls.sh
SKIP: gsasl-mailutils-gs2krb5-gssapi.sh
SKIP: gsasl-dovecot-gssapi.sh

The scripts above require a kerberos KDC, dovecot, and some other tools not typically found during the build. Those scripts are invoked by debci/autopkgtest, do Ubuntu use that? So they should be covered by the more reliable debci/autopkgtest mechanism.

We could add all the dependencies as <!nocheck> Build-Depends, but mailutils and dovecot conflicts with each other, so it is impossible to install them both. It seemes simpler to rely on debci/autopkgtest's to me. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019010

SKIP: gssapi
SKIP: gs2-krb5

Those only work when gsasl is built with GNU GSS as the GSS-API library. GSSAPI is tested via the scripts above against Dovecot/MailUtils for non-GSS.

Thanks Simon! That sounds reasonable to me. The Foundations Team may have preferences.

Ubuntu does use autopkgtests: https://autopkgtest.ubuntu.com/packages/gsasl

Curious that i386 builds are failing for Ubuntu autopkgtests but not Debian's i386 autopkgtests.

Thanks for the autopkgtest link. The i386 builds fail autopkgtests because the 'libgsasl-dev' package isn't available in the Ubuntu i386 archive. Why does that happen?

The following packages have unmet dependencies:
 builddeps:/tmp/autopkgtest.plZZTL/1-autopkgtest-satdep.dsc:i386 : Depends: libgsasl-dev:i386 but it is not installable
E: Unable to correct problems, you have held broken packages.

In Ubuntu i386 is a partial port where only a subset of the archive is built, see:

  https://wiki.ubuntu.com/i386

The base list of packages is:

  https://people.canonical.com/~ubuntu-archive/seeds/i386.kinetic/i386

which by (build-)dependency expansion becomes this list:

https://people.canonical.com/~ubuntu-archive/germinate-output/i386.kinetic/i386+build-depends

The autopkgtest infra doesn't fully take this into account.

Thanks for explaining. I don't think gsasl on i386 is important, so a request to add does not seem warranted. I suppose then that the autopkgtests should not be run for 'gsasl' in Ubuntu? I maintain the package in Debian but do not know how to modify it in in Ubuntu. Mark, did you import the package, and can you modify this? I am not that familiar how Ubuntu's modifications of Debian packages are managed -- if it is possible for me to contribute, I could look into it.

Clarification: I meant disable autopkgtest on i386, not on all architecture. Probably add 'Architecture: [!i386]' to all stanzas in debian/tests/control?

gsasl is not built for i386 in Ubuntu, see previous builds https://launchpad.net/ubuntu/+source/gsasl/2.0.1-4ubuntu1

So it's expected that the autopkgtests would fail due to not being installable.
As this will not be considered a regression, no changes need to be made to the packaging regarding i386 stuff.

As Graham says, this does not require changes to gsasl.

Autopkgtests is attempting to build i386, because the debian/control file specifies `Architecture: any`.

Is this a request for a sync or a merge?
2.0.1-4ubuntu1 currently has a delta:

* Keep using libkrb5, to avoid a component-mismatch (LP: 1972866)

So if it's a sync, you'd need to explain why we can drop the delta, and if it's a merge it would be good to attach at least a debdiff of the new Ubuntu version vs the new Debian version.

I wasn't involved in the decision to use libkrb5 instead of libgssglue, but I assume it is one you wish to keep, and in that case I would go for a 'merge' and use the same debdiff as you do today:

http://launchpadlibrarian.net/620119015/gsasl_2.0.1-4_2.0.1-4ubuntu1.diff.gz

Is this sufficient? Sorry, I'll try to learn more about the Ubuntu processes for future work. I can't find simple instructions how to build Ubuntu packages on my Debian host using gbp, will try to learn that... or setup a Ubuntu machine for this purpose.

Simon, I can make a debdiff to merge.

Please see the attached debdiff for merging.

Uploaded. Thanks Mark for the merge, and thanks Simon for reporting this!

This bug was fixed in the package gsasl - 2.2.0-1ubuntu1

---------------
gsasl (2.2.0-1ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable (LP: #1989065). Remaining changes:
    - Keep using libkrb5, to avoid a component-mismatch

gsasl (2.2.0-1) unstable; urgency=medium

  * New upstream version 2.2.0
  * Use improved upstream self-checks for debci.

 -- Mark Esler <email address hidden> Mon, 19 Sep 2022 16:32:45 -0500