Import from Debian fails for source packages with included tarball .asc

Bug #1587667 reported by Jeremy Bicha on 2016-05-31
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
High
Colin Watson
dpkg (Ubuntu)
High
Unassigned
Precise
High
Colin Watson
Trusty
High
Colin Watson
Xenial
High
Unassigned

Bug Description

SRU justification:

[Impact] Launchpad can't import some source packages from Debian unstable. The fix is to cherry-pick changes from unstable that support unpacking (but, for minimality, not creating) such source packages.
[Test Case] For the format 3.0 case, download the limnoria source package from Debian unstable and unpack it with "dpkg-source -x". For the format 1.0 case, there are no examples as yet in unstable, but it's easy to construct one: download a 1.0 package (e.g. makepasswd), sign its .orig.tar.gz with "gpg --armor --clearsign", rebuild the source package using unstable's toolchain, and then try to unpack it with "dpkg-source -x" in precise/trusty.
[Regression Potential] Confined to "dpkg-source -x", so it should be sufficient to check that unpacking packages without .orig.*.asc still works.

Original report follows:

https://launchpad.net/debian/+source/vlc/ is missing Debian branches for sid and stretch.

This then also breaks auto-sync of some of Debian's packages to Ubuntu's development branch.

This is apparently what broke the auto-import:

dpkg-source: error: unrecognized file for a v2.0 source package:
vlc_2.2.3.orig.tar.xz.asc

See this discussion about including .asc files in Debian source packages which requires dpkg to be updated:
https://lists.debian.org/debian-dpkg/2016/05/msg00041.html

Initial discussion:
http://irclogs.ubuntu.com/2016/05/31/%23ubuntu-devel.html#t22:44

Related branches

Jeremy Bicha (jbicha) on 2016-05-31
description: updated
Jeremy Bicha (jbicha) on 2016-05-31
description: updated
description: updated
Colin Watson (cjwatson) wrote :

In order to fix this, we'll need to cherry-pick the patches to allow extraction (but not building!) of such source packages back to precise/trusty/xenial dpkg.

description: updated
Changed in launchpad:
status: New → Triaged
importance: Undecided → High
tags: added: lp-soyuz
tags: added: gina
Changed in dpkg (Ubuntu):
status: New → Fix Released
Colin Watson (cjwatson) wrote :

... but note that we need to model the new source package files in Launchpad first.

Colin Watson (cjwatson) on 2016-06-01
Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
status: Triaged → In Progress
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Colin Watson (cjwatson) wrote :

Can't test this properly until the dpkg backport is in place, but at least ordinary uploads still work fine.

tags: added: qa-ok
removed: qa-needstesting
Jeremy Bicha (jbicha) wrote :

vlc was auto-synced to yakkety because a new version was uploaded to Debian that did not include the .asc.

https://launchpad.net/debian/+source/limnoria is a good test case then.

Mattia Rizzolo (mapreri) wrote :

with dpkg's xenial I can happily `dpkg-source -x` a package with a .asc file. Indeed trusty and precise (?) need to be patched for them.

Changed in dpkg (Ubuntu Xenial):
status: New → Fix Released
Colin Watson (cjwatson) on 2016-06-14
Changed in dpkg (Ubuntu Precise):
status: New → In Progress
description: updated
Changed in dpkg (Ubuntu Precise):
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)
Changed in dpkg (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)

Hello Jeremy, or anyone else affected,

Accepted dpkg into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dpkg/1.17.5ubuntu5.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in dpkg (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in dpkg (Ubuntu Precise):
status: In Progress → Fix Committed
Chris J Arges (arges) wrote :

Hello Jeremy, or anyone else affected,

Accepted dpkg into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dpkg/1.16.1.2ubuntu7.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in dpkg (Ubuntu):
importance: Undecided → High
Changed in dpkg (Ubuntu Xenial):
importance: Undecided → High
Colin Watson (cjwatson) wrote :

All looks fine in both precise-proposed and trusty-proposed.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dpkg - 1.16.1.2ubuntu7.8

---------------
dpkg (1.16.1.2ubuntu7.8) precise; urgency=medium

  * Backport from Debian (LP: #1587667):
    - Allow detached upstream signatures for upstream orig.tar files in the
      .dsc file. Suggested by Daniel Kahn Gillmor <email address hidden>.
      Closes: #759478
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages.

 -- Colin Watson <email address hidden> Tue, 14 Jun 2016 19:22:53 +0100

Changed in dpkg (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for dpkg has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dpkg - 1.17.5ubuntu5.7

---------------
dpkg (1.17.5ubuntu5.7) trusty; urgency=medium

  * Backport from Debian (LP: #1587667):
    - Allow detached upstream signatures for upstream orig.tar files in the
      .dsc file. Suggested by Daniel Kahn Gillmor <email address hidden>.
      Closes: #759478
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages.

 -- Colin Watson <email address hidden> Tue, 14 Jun 2016 19:31:28 +0100

Changed in dpkg (Ubuntu Trusty):
status: Fix Committed → Fix Released
Jeremy Bicha (jbicha) wrote :

limnoria has been imported to LP's Debian branch and successfully auto-synced to yakkety. Thank you!

Changed in launchpad:
status: Fix Committed → Fix Released
Mattia Rizzolo (mapreri) wrote :

yay!
(limnoria maintainer)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers