On Sun, Mar 10, 2024 at 4:46 PM Sebastian Andrzej Siewior <
sebastian@breakpoint.cc> wrote:
I've prepared an NMU for pristine-tar (versioned as 1.50+nmu2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Could someone check this, please?
Did you try running autopkgtests on this version? The autopkgtests fail for me.
I assume that the largest use of pristine-tar in Debian is with git-buildpackage. The 1.50+nmu1 upload **caused** pristine-tar to
break in many cases for me. If I revert back to 1.50, I no longer get mismatched tarballs errors. Here are some test cases to demonstrate:
Test Case 1
==========
gbp clone --add-upstream-vcs
https://salsa.debian.org/jbicha/pangomm2.48
cd pangomm2.48
gbp import-orig --uscan
gbp buildpackage
What happens
------
The exact hashes will probably vary but I get an error like this:
gbp:error: Pristine-tar couldn't verify
"pangomm2.48_2.50.2.orig.tar.xz": pristine-tar: /home/jeremy/build-area/pangomm2.48_2.50.2.orig.tar.xz does not match
stored hash (expected e99b6a9c89e9c284bf44f5ae8125c06515d6ab8f8577d75d2887726dacb5a372, got 826ad52f53ac8e15c9ceba4dc6e616efddae5e089f36bf4e60081c177d80d4b6)
Other info
-----
pangomm2.48 uses Files-Excluded in debian/copyright so uscan will
rebuild a tarball and its hash will vary depending on the time it was
created. (Perhaps the hash should be reproducible but that's not
relevant to this bug.)
Test Case 2
=========
gbp clone
https://salsa.debian.org/gnome-team/gtk4
cd gtk4
gbp buildpackage
What happens
------------
gbp:error: Pristine-tar couldn't verify "gtk4_4.12.5+ds.orig.tar.xz": pristine-tar: /home/jeremy/devel/pkg-gnome/temp/build-area/gtk4_4.12.5+ds.orig.tar.xz
does not match stored hash (expected 3338a691d774ae031af65299e9a1c6207f543f13b256539717a1970f752358cb, got 70ac33e0f37dc1b657d6560f1b8a40b3f4b67e956936633ced495d8b880d3fb0)
Other info
----
This pristine-tar tarball was committed January 19 so it did not use
either the new xz-utils or pristine-tar.
Test Case 3
=========
gbp clone
https://salsa.debian.org/gnome-team/pango
cd pango
gbp buildpackage
What happens
-------------------
gbp:error: Pristine-tar couldn't verify
"pango1.0_1.52.1+ds.orig.tar.xz": pristine-tar: /home/jeremy/devel/pkg-gnome/temp/build-area/pango1.0_1.52.1+ds.orig.tar.xz does not match stored hash (expected 12d67d8182cbb2ae427406df9bab5ce2ff5619102bf2a0fc6331d80a9914b139, got a641d29d2d7df7843e44762a0733987dc8220d238b697b382dd96fafe5fc890a)
Other info
-------------
This tarball was committed a few days ago with the new xz-utils and pristine-tar 1.50+nmu1.
pango also uses Files-Excluded
Conclusion
========
Test cases 1, 2, and 3 pass with pristine-tar 1.50 but fail with
pristine-tar 1.50+nmu1
Thank you,
Jeremy BÃcha
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)