- Package:
- src:dupload
- Source:
- src:dupload
- Submitter:
- John Paul Adrian Glaubitz
- Date:
- 2025-04-20 20:27:01 UTC
- Severity:
- normal
Hello, the latest version of dupload breaks buildd-uploader from the src:sbuild package: Feb 28 14:35:42 buildd-uploader[42155]: 2 jobs to upload in upload: dde-calendar_5.14.13-1_alpha.changes searchandrescue_1.7.0+dfsg-1_alpha.changes Use of uninitialized value $u in substitution (s///) at /usr/share/perl5/Buildd/Uploader.pm line 254. Use of uninitialized value $u in unlink at /usr/share/perl5/Buildd/Uploader.pm line 255. Use of uninitialized value $u in concatenation (.) or string at /usr/share/perl5/Buildd/Uploader.pm line 256. Use of uninitialized value $u in concatenation (.) or string at /usr/share/perl5/Buildd/Uploader.pm line 257. Feb 28 14:35:44 buildd-uploader[42155]: dupload exit status 25/0 Feb 28 14:35:44 buildd-uploader[42155]: Removed due to upload errors. I have not investigated the problem in detail yet. However, downgrading dupload to 2.11.2 fixes the problem for me. Thanks, Adrian
Hi! I'd assume this is due to the new OpenPGP multi-backend support, which makes the openpgp-hook require explicit keyrings options. I suppose buildd might be failing like this if dupload exited with a failure? (Which I think deserves its own bug report, to handle that more gracefully.) Before the upload I coordinated with Aurelien Jarno to make sure this time around the buildds had the required config changes: https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/44cb84d9f0a85d29c82e63f2e8ad1eb9b92530cc But, I guess the instance you are reporting for might be independent from DSA? The default debian hosts configured in the shipped conffile contain the required changes so if you are using a custom one, then that might need to be adapted? Otherwise it would be nice to know what's going wrong. I improved the error reporting on git, and will be adding a NEWS entry because this fallout I guess was unexpected. Thanks, Guillem
Hello, OK. The DSA-maintained instances are only building the packages for the release architectures. Debian Ports packages are built on separate machines and therefore such configuration changes would have to be applied there as well: https://salsa.debian.org/debian-ports-team/dsa-puppet Not sure what you mean with "default Debian hosts"? Yes, breaking changes should be communicated in the NEWS file and I suggest that the required configuration changes are added to the default configuration files of the src:sbuild package which also contains the buildd binary package. Adrian
Hi! Ah, sorry, I assumed this was all handled as part of the same dsa-puppet repo that Aurelien fixed. The changes that were done for the main buildds were to make sure the GnuPG pubring was in OpenPGP format instead of the GnuPG specific keybox format (which is not portable), and then those specific commits: https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/d4e099680d3bd964b0837849b68728ec3ce7b52e https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/44cb84d9f0a85d29c82e63f2e8ad1eb9b92530cc This was done in stages, introducing the new keyring support in dupload 2.12.0, the buildd setup updated, then 2.13.0 uploaded which then required the keyrings support. Given that the keyrings settings are optional it could be done even with the old version, then you should be safe to upgrade dupload. As I was not sure how this was being used I just tried to give enough information to try to track this down. With "default Debian hosts" I meant the stuff present in /etc/dupload.conf. But from your explanation I assume this just needs the same treatment as the official buildds. I'm not sure the needed changes can be automated. In this case the buildds need to add their own OpenPGP certificates into a keyring that dupload can use, because those certificates are not present in any of the official keyrings from the debian-keyring package. (I've created an MR to use the new canonical name for the upload hosts, but that should not change anything related to this issue <https://salsa.debian.org/debian/sbuild/-/merge_requests/152>. I'll also file a report about the Perl warnings.) Thanks, Guillem
Hi, Hmm, I'm not sure which of these changes I need to pick up now. I'm a bit overwhelmed. Also, I have seen even dupload 2.11.2 have the openpgp-check hook fail so I have to force the upload with "--skip-hook=openpgp-check". What would you suggest to do now on the Debian Ports buildds to avoid breakage when updating? Can't we just use the old system for the buildds? I'm not sure why dupload has to make such complicated checks. Adrian
Hello, this issue still persists and I assume an entry needs to be added for dports: glaubitz@stadler:~/libxml2$ dupload --to dports libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes dupload note: no announcement will be sent. Checking OpenPGP signatures on libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes... openpgp-check: error: no OpenPGP keyring specified or present for host dports dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed for libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes glaubitz@stadler:~/libxml2$ dupload --to dports --skip-hook=openpgp-check libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes dupload note: no announcement will be sent. dupload: warning: skipping pre-upload changes hook /usr/share/dupload/openpgp-check %1 Uploading (ftp) to ports-master.debian.org:/incoming/ [ Preparing job libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64 from libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes libxml2-dbgsym_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok libxml2-dev_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok libxml2-utils-dbgsym_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok libxml2-utils_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.buildinfo, size ok, md5sum ok, sha1sum ok, sha256sum ok libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok python3-libxml2-dbgsym_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok python3-libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb, size ok, md5sum ok, sha1sum ok, sha256sum ok libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes ok ] Uploading (ftp) to dports (ports-master.debian.org) + FTP passive mode selected [ Uploading job libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64 libxml2-dbgsym_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 1746.4 kB, ok (0 s, 1746.39 kB/s) libxml2-dev_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 702.9 kB, ok (1 s, 702.86 kB/s) libxml2-utils-dbgsym_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 74.8 kB, ok (0 s, 74.82 kB/s) libxml2-utils_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 94.2 kB, ok (0 s, 94.17 kB/s) libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.buildinfo 8.7 kB, ok (0 s, 8.67 kB/s) libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 556.5 kB, ok (1 s, 556.52 kB/s) python3-libxml2-dbgsym_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 232.7 kB, ok (0 s, 232.68 kB/s) python3-libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.deb 171.3 kB, ok (0 s, 171.28 kB/s) libxml2_2.12.7+dfsg+really2.9.14-0.3_sparc64.changes 4.4 kB, ok (1 s, 4.41 kB/s) ] glaubitz@stadler:~/libxml2$ dpkg -l dupload Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-============-============-================================= ii dupload 2.13.2 all Debian package upload tool glaubitz@stadler:~/libxml2$ Adrian
That is not linked with debian-ports, just that you need to reconfigure the build daemons. You need to update the dupload.conf to point to ~buildd/.gnupg/pubring.gpg and enforce the old keyring format in ~buildd/.gnupg/gpg.conf. This is the purpose of the following puppet commits: https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/d4e099680d3bd964b0837849b68728ec3ce7b52e https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/44cb84d9f0a85d29c82e63f2e8ad1eb9b92530cc Then you also need to convert the gnupg keyring to the old format. You can do that with the following command: gpg --export > ~/.gnupg/pubring.gpg && mv ~/.gnupg/pubring.kbx ~/.gnupg/pubring.kbx.disabled Aurelien
Hi Aurelien, OK, thanks for the instructions. I will perform this transition once I have the time for touch all buildds at once and also can coordinate the change with Michael Cree for imago. Is there any particular reason why we should stick with he old GPG format? Thanks, Adrian
Hi, Note that all thoses changes are compatible with dupload version 2.12.0 Because of the GPG schism, and that's actually the reason of all those changes in dupload. Cheers Aurelien
Hi Guillem, is there a way to just turn these checks off globally? I have observed that even old versions of dupload now randomly try to verify the signature which means I'm being spammed with failure mails. I'm not sure why this happens despite dupload not being upgraded but in any case I just want to turn these checks off. I have seen that there is an environment variable called DUPLOAD_SKIP_HOOKS but there doesn't seem to be an option which I can just add to /etc/dupload.conf or ~/.dupload.conf. Thanks, Adrian
Hi Guillem, Never mind. Turned out the signing key actually expired in this case and the buildd in question had just been turned off for a long time and was recently restarted without a heads-up, so the key was just old. Sorry for the noise! Adrian