libera/#devuan-dev/ Friday, 2019-07-19

Centurion_DanLeePen: no we will have consolekit2 in beowulf.00:28
Centurion_DanLeePen: I've updated beowulf to have all the packages from unstable at the dak level.04:31
LeePenCenturion_Dan: thanks.08:07
palinurohello. dbus and alim orig packages have a hash mismatch with the same file in debian and upstream17:39
palinuroand util-linux17:39
palinurowtf is going on with the devuan repository?17:40
drawkulawhy is this a problem?17:49
drawkulamaybe they really are different?17:50
drawkulajust other timestamps wold lead to different checksums17:50
drawkulawoUld17:50
fsmithredpalinuro, we believe the problem is due to changes in dpkg about a month ago. Centurion_Dan is looking into it.19:49
palinurodrawkula the orig package should have the same hash of the upstream tarball if possible, otherwise files with the same name can't have different hashes, otherwise they have different content and the names should be different as well20:11
palinuroi just don't remember the point i  the debian standards where such behavuors are described20:12
palinurofsmithred ok thank you20:12
fsmithredpalinuro, here's a piece of conversation from #devuan-ci about 12 hours ago:20:14
fsmithred<rrq> I've totally misunderstood debsign. It signs files differently every time. Even rsync copies with the same timestamp.20:14
fsmithred<Centurion_Dan> rrq:  yeah it uses gpg to sign them and gpg will always result in a different signature value every single time.  I don't know why this hasn't bitten us before now....20:14
palinurobut debsign touches only the dsc file, not the orig file20:16
fsmithredok, maybe it's a different issue20:28
drawkulapalinuro: you'll have to unpack the sources and run diff20:50
drawkula$ for i in 1 2 ; do touch hello.txt ; sleep 1 ; tar cf hello$i.tar hello.txt ; done ; shasum hello?.tar20:52
drawkula813221c6795f58dd24636a92d38502730494232c  hello1.tar20:52
drawkula0dd9e33771840060e3ae312d0d2e8b1c8eea5386  hello2.tar20:52
drawkulaso if at least 1 files timestamp in the tar differs, the checksumm will do too20:53
palinurodrawkula my issue is not with orig trust. having the same file with the same name but different hashes in buster and beowulf raises me import errors when i trigger an upstream update with reprepro20:56
drawkulamaybe I'm currently too exhausted to understand...20:57
drawkula<--- silent now until I do understand20:57
drawkula:-D20:57
fsmithredI'm getting that, too. My packages are just scripts. No orig tarball. (or any tarball)21:02
fsmithredI'm getting hash mismatch between package built for unstable which worked and then building exact same for beowulf it fails.21:05
fsmithredDan and Ralph will probable be here in an hour or two.21:08
fsmithredprobably21:08
Evilhamto compare tarballs and the like, it's best to use diffoscope.org22:48
Evilhamif you run it on the tarballs, you'll see that they only difer in metadata (e.g. https://try.diffoscope.org/hsrbvdasuevh.txt)22:49
Evilhamand that's because ci re-creates the tarbals from the original sources22:49
Evilhamhttps://ci.devuan.org/job/util-linux-source/lastBuild/console22:50
Evilham21:57:58 gbp:info: Creating util-linux_2.33.1.orig.tar.xz from 'upstream/2.33.1'22:50

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!