Centurion_Dan | LeePen: no we will have consolekit2 in beowulf. | 00:28 |
---|---|---|
Centurion_Dan | LeePen: I've updated beowulf to have all the packages from unstable at the dak level. | 04:31 |
LeePen | Centurion_Dan: thanks. | 08:07 |
palinuro | hello. dbus and alim orig packages have a hash mismatch with the same file in debian and upstream | 17:39 |
palinuro | and util-linux | 17:39 |
palinuro | wtf is going on with the devuan repository? | 17:40 |
drawkula | why is this a problem? | 17:49 |
drawkula | maybe they really are different? | 17:50 |
drawkula | just other timestamps wold lead to different checksums | 17:50 |
drawkula | woUld | 17:50 |
fsmithred | palinuro, we believe the problem is due to changes in dpkg about a month ago. Centurion_Dan is looking into it. | 19:49 |
palinuro | drawkula the orig package should have the same hash of the upstream tarball if possible, otherwise files with the same name can't have different hashes, otherwise they have different content and the names should be different as well | 20:11 |
palinuro | i just don't remember the point i the debian standards where such behavuors are described | 20:12 |
palinuro | fsmithred ok thank you | 20:12 |
fsmithred | palinuro, here's a piece of conversation from #devuan-ci about 12 hours ago: | 20:14 |
fsmithred | <rrq> I've totally misunderstood debsign. It signs files differently every time. Even rsync copies with the same timestamp. | 20:14 |
fsmithred | <Centurion_Dan> rrq: yeah it uses gpg to sign them and gpg will always result in a different signature value every single time. I don't know why this hasn't bitten us before now.... | 20:14 |
palinuro | but debsign touches only the dsc file, not the orig file | 20:16 |
fsmithred | ok, maybe it's a different issue | 20:28 |
drawkula | palinuro: you'll have to unpack the sources and run diff | 20:50 |
drawkula | $ for i in 1 2 ; do touch hello.txt ; sleep 1 ; tar cf hello$i.tar hello.txt ; done ; shasum hello?.tar | 20:52 |
drawkula | 813221c6795f58dd24636a92d38502730494232c hello1.tar | 20:52 |
drawkula | 0dd9e33771840060e3ae312d0d2e8b1c8eea5386 hello2.tar | 20:52 |
drawkula | so if at least 1 files timestamp in the tar differs, the checksumm will do too | 20:53 |
palinuro | drawkula my issue is not with orig trust. having the same file with the same name but different hashes in buster and beowulf raises me import errors when i trigger an upstream update with reprepro | 20:56 |
drawkula | maybe I'm currently too exhausted to understand... | 20:57 |
drawkula | <--- silent now until I do understand | 20:57 |
drawkula | :-D | 20:57 |
fsmithred | I'm getting that, too. My packages are just scripts. No orig tarball. (or any tarball) | 21:02 |
fsmithred | I'm getting hash mismatch between package built for unstable which worked and then building exact same for beowulf it fails. | 21:05 |
fsmithred | Dan and Ralph will probable be here in an hour or two. | 21:08 |
fsmithred | probably | 21:08 |
Evilham | to compare tarballs and the like, it's best to use diffoscope.org | 22:48 |
Evilham | if you run it on the tarballs, you'll see that they only difer in metadata (e.g. https://try.diffoscope.org/hsrbvdasuevh.txt) | 22:49 |
Evilham | and that's because ci re-creates the tarbals from the original sources | 22:49 |
Evilham | https://ci.devuan.org/job/util-linux-source/lastBuild/console | 22:50 |
Evilham | 21:57:58 gbp:info: Creating util-linux_2.33.1.orig.tar.xz from 'upstream/2.33.1' | 22:50 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!