Report forwarded to debian-bugs-dist@lists.debian.org, Stephane Bortzmeyer <bortzmeyer@debian.org>:
Bug#65630; Package dupload.   debian-bugs-dist@lists.debian.orgStephane Bortzmeyer  Subject: Bug#65630: dupload: Dupload does not check that dsc and changes have been signed Reply-To: Oliver Elphick , 65630@bugs.debian.org Resent-From: Oliver Elphick Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: Stephane Bortzmeyer Resent-Date: Wed, 14 Jun 2000 11:33:48 GMT Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: X-Loop: owner@bugs.debian.org Received: via spool by bugs@bugs.debian.org id=B.96098181126049 (code B ref -1); Wed, 14 Jun 2000 11:33:48 GMT Date: Wed, 14 Jun 2000 12:18:45 +0100 Message-Id: <200006141118.e5EBIj412414@linda.lfix.co.uk> From: Oliver Elphick To: submit@bugs.debian.org X-Mailer: bug 3.3.2 Delivered-To: submit@bugs.debian.org Package: dupload Version: 2.4.1 Severity: wishlist dupload does not chjeck that the .dsc and .changes files have been signed. It would be nice if it did. -- System Information Debian Release: 2.2 Kernel Version: Linux linda 2.2.14 #1 Mon Feb 14 12:24:12 GMT 2000 i686 unknown Versions of the packages dupload depends on: ii libnet-perl 1.0703-4 Implementation of Internet protocols for Per ii perl-5.005 5.005.03-7.1 Larry Wall's Practical Extracting and Report ^^^ (Provides virtual package perl5) perl Not installed or no info   Acknowledgement sent to Oliver Elphick <olly@lfix.co.uk>:
New Bug report received and forwarded. Copy sent to Stephane Bortzmeyer <bortzmeyer@debian.org>.   -t  From: owner@bugs.debian.org (Debian Bug Tracking System) To: Oliver Elphick Subject: Bug#65630: Acknowledgement (dupload: Dupload does not check that dsc and changes have been signed) Message-ID: In-Reply-To: <200006141118.e5EBIj412414@linda.lfix.co.uk> References: <200006141118.e5EBIj412414@linda.lfix.co.uk> X-Debian-PR-Message: ack 65630 Thank you for the problem report you have sent regarding Debian. This is an automatically generated reply, to let you know your message has been received. It is being forwarded to the developers mailing list for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Stephane Bortzmeyer If you wish to submit further information on your problem, please send it to 65630@bugs.debian.org (and *not* to bugs@bugs.debian.org). Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Darren Benham (administrator, Debian Bugs database)   Received: (at submit) by bugs.debian.org; 14 Jun 2000 11:23:31 +0000 From olly@lfix.co.uk Wed Jun 14 06:23:30 2000 Return-path: Received: from mail.enterprise.net [194.72.192.18] by master.debian.org with esmtp (Exim 3.12 2 (Debian)) id 132BGc-0006lx-00; Wed, 14 Jun 2000 06:23:30 -0500 Received: from linda.lfix.co.uk (cmax06-116.enterprise.net [212.161.115.116]) by mail.enterprise.net (8.8.5/8.8.5) with ESMTP id MAA08965 for ; Wed, 14 Jun 2000 12:23:27 +0100 (GMT/BST) Received: (from olly@localhost) by linda.lfix.co.uk (8.11.0.Beta1/8.11.0.Beta1/Debian 8.11.0-1) id e5EBIj412414; Wed, 14 Jun 2000 12:18:45 +0100 Date: Wed, 14 Jun 2000 12:18:45 +0100 Message-Id: <200006141118.e5EBIj412414@linda.lfix.co.uk> From: Oliver Elphick Subject: dupload: Dupload does not check that dsc and changes have been signed To: submit@bugs.debian.org X-Mailer: bug 3.3.2 Delivered-To: submit@bugs.debian.org Package: dupload Version: 2.4.1 Severity: wishlist dupload does not chjeck that the .dsc and .changes files have been signed. It would be nice if it did. -- System Information Debian Release: 2.2 Kernel Version: Linux linda 2.2.14 #1 Mon Feb 14 12:24:12 GMT 2000 i686 unknown Versions of the packages dupload depends on: ii libnet-perl 1.0703-4 Implementation of Internet protocols for Per ii perl-5.005 5.005.03-7.1 Larry Wall's Practical Extracting and Report ^^^ (Provides virtual package perl5) perl Not installed or no info   Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#65630; Package dupload.   debian-bugs-dist@lists.debian.org  Subject: Bug#65630: dupload: Dupload does not check that dsc and changes have been signed Reply-To: Stephane Bortzmeyer , 65630@bugs.debian.org Resent-From: Stephane Bortzmeyer Orignal-Sender: bortz@pasteur.fr Resent-To: debian-bugs-dist@lists.debian.org Resent-Date: Wed, 14 Jun 2000 15:03:21 GMT Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: X-Loop: owner@bugs.debian.org Received: via spool by 65630-bugs@bugs.debian.org id=B65630.96099490819617 (code B ref 65630); Wed, 14 Jun 2000 15:03:21 GMT Message-Id: <200006141501.RAA10870@ezili.sis.pasteur.fr> X-Authentication-Warning: ezili.sis.pasteur.fr: Host localhost [127.0.0.1] claimed to be pasteur.fr X-Mailer: exmh version 2.1.1 10/15/1999 (debian) From: Stephane Bortzmeyer To: Oliver Elphick , 65630@bugs.debian.org In-reply-to: Oliver Elphick 's message of "Wed, 14 Jun 2000 12:18:45 BST." <200006141118.e5EBIj412414@linda.lfix.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Wed, 14 Jun 2000 17:01:33 +0200 Sender: bortz@pasteur.fr Delivered-To: 65630@bugs.debian.org On Wednesday 14 June 2000, at 12 h 18, the keyboard of Oliver Elphick wrote: > dupload does not chjeck that the .dsc and .changes files have been signed. > It would be nice if it did. Use the hooks to do so. (And submit me the hook so I can put it in contrib/.) It doesn't belong in dupload's core.   Acknowledgement sent to Stephane Bortzmeyer <bortzmeyer@debian.org>:
Extra info received and forwarded to list.   -t  From: owner@bugs.debian.org (Debian Bug Tracking System) To: Stephane Bortzmeyer Subject: Bug#65630: Info received (was Bug#65630: dupload: Dupload does not check that dsc and changes have been signed) Message-ID: In-Reply-To: <200006141501.RAA10870@ezili.sis.pasteur.fr> References: <200006141501.RAA10870@ezili.sis.pasteur.fr> X-Debian-PR-Message: ack-info-maintonly 65630 Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the developer(s) and to the developers mailing list to accompany the original report. If you wish to continue to submit further information on your problem, please send it to 65630@bugs.debian.org, as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Darren Benham (administrator, Debian Bugs database)   Received: (at 65630) by bugs.debian.org; 14 Jun 2000 15:01:48 +0000 From bortz@pasteur.fr Wed Jun 14 10:01:48 2000 Return-path: Received: from nefertiti.pasteur.fr [157.99.64.20] by master.debian.org with esmtp (Exim 3.12 2 (Debian)) id 132Efr-00056G-00; Wed, 14 Jun 2000 10:01:47 -0500 Received: from ezili.sis.pasteur.fr (ezili.sis.pasteur.fr [157.99.60.56]) by nefertiti.pasteur.fr (8.10.1/8.10.1) with ESMTP id e5EF1jV05578; Wed, 14 Jun 2000 17:01:45 +0200 (MET DST) Received: from pasteur.fr (localhost [127.0.0.1]) by ezili.sis.pasteur.fr (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id RAA10870; Wed, 14 Jun 2000 17:01:33 +0200 Message-Id: <200006141501.RAA10870@ezili.sis.pasteur.fr> X-Authentication-Warning: ezili.sis.pasteur.fr: Host localhost [127.0.0.1] claimed to be pasteur.fr X-Mailer: exmh version 2.1.1 10/15/1999 (debian) From: Stephane Bortzmeyer To: Oliver Elphick , 65630@bugs.debian.org Subject: Re: Bug#65630: dupload: Dupload does not check that dsc and changes have been signed In-reply-to: Oliver Elphick 's message of "Wed, 14 Jun 2000 12:18:45 BST." <200006141118.e5EBIj412414@linda.lfix.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Wed, 14 Jun 2000 17:01:33 +0200 Sender: bortz@pasteur.fr Delivered-To: 65630@bugs.debian.org On Wednesday 14 June 2000, at 12 h 18, the keyboard of Oliver Elphick wrote: > dupload does not chjeck that the .dsc and .changes files have been signed. > It would be nice if it did. Use the hooks to do so. (And submit me the hook so I can put it in contrib/.) It doesn't belong in dupload's core.   Merged 54344 56877 65630. Request was from Adam Heath <adam@doogie.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 1 Oct 2000 10:50:53 +0000 From adam@doogie.org Sun Oct 01 05:50:53 2000 Return-path: Received: from c304216-a.alntn1.tx.home.com (outrout.private.brainfood.com) [::ffff:24.4.56.191] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 13fghp-0007mO-00; Sun, 01 Oct 2000 05:50:53 -0500 Received: from localhost ([127.0.0.1]) by outrout.private.brainfood.com with esmtp (Exim 3.12 #1 (Debian)) id 13fghp-0001X4-00 for ; Sun, 01 Oct 2000 05:50:53 -0500 Date: Sun, 1 Oct 2000 05:50:53 -0500 (CDT) From: Adam Heath X-Sender: adam@outrout.private.brainfood.com To: control@bugs.debian.org Subject: stuff Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Delivered-To: control@bugs.debian.org merge 54344 56877 65630 thanks ----BEGIN GEEK CODE BLOCK---- Version: 3.12 GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS-- PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z? -----END GEEK CODE BLOCK----- ----BEGIN PGP INFO---- Adam Heath Finger Print | KeyID 67 01 42 93 CA 37 FB 1E 63 C9 80 1D 08 CF 84 0A | DE656B05 PGP AD46 C888 F587 F8A3 A6DA 3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG -----END PGP INFO-----   Information forwarded to debian-bugs-dist@lists.debian.org, Stephane Bortzmeyer <bortzmeyer@debian.org>:
Bug#65630; Package dupload.   debian-bugs-dist@lists.debian.orgStephane Bortzmeyer  Subject: Bug#65630: dupload: Dupload does not check that dsc and changes have been signed Reply-To: "Oliver Elphick" , 65630@bugs.debian.org Resent-From: "Oliver Elphick" Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: Stephane Bortzmeyer Resent-Date: Wed, 01 Aug 2001 11:48:30 GMT Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: X-Loop: owner@bugs.debian.org Received: via spool by 65630-submit@bugs.debian.org id=B65630.99666619126566 (code B ref 65630); Wed, 01 Aug 2001 11:48:30 GMT Message-Id: <200108011142.f71BgtGn029042@linda.lfix.co.uk> X-Mailer: exmh version 2.3.1 01/18/2001 (debian 2.3.1-1) with nmh-1.0.4+dev X-URL: http://www.lfix.co.uk/oliver X-face: "xUFVDj+ZJtL_IbURmI}!~xAyPC"Mrk=MkAm&tPQnNq(FWxv49R}\>0oI8VM?O2VY+N7@F- KMLl*!h}B)u@TW|B}6 cc: 65630@bugs.debian.org In-reply-to: Message from Stephane Bortzmeyer of Wed, 14 Jun 2000 17:01:33 +0200. <200006141501.RAA10870@ezili.sis.pasteur.fr> Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_-21429859570" Date: Wed, 01 Aug 2001 12:42:55 +0100 From: "Oliver Elphick" Delivered-To: 65630@bugs.debian.org This is a multipart MIME message. --==_Exmh_-21429859570 Content-Type: text/plain; charset=us-ascii Stephane Bortzmeyer wrote: >On Wednesday 14 June 2000, at 12 h 18, >the keyboard of Oliver Elphick wrote: > >> dupload does not chjeck that the .dsc and .changes files have been signed. >> It would be nice if it did. > >Use the hooks to do so. (And submit me the hook so I can put it in contrib/. >) It doesn't belong in dupload's core. > So here's the hook: $preupload{'changes'} = 'check_dupload %1'; --==_Exmh_-21429859570 Content-Type: text/plain ; name="check_dupload"; charset=us-ascii Content-Description: check_dupload Content-Disposition: attachment; filename="check_dupload" #!/bin/bash # Verify that a changes file and the equivalent dsc file have been # signed and that the signatures are good echo Checking signatures before upload... if ! gpg --status-fd 1 --verify $1 2>/dev/null | grep -q GOODSIG then echo ...$1 has a bad signature exit 1 fi DSC=`dirname $1`/`basename $1 _i386.changes`.dsc if ! gpg --status-fd 1 --verify $DSC 2>/dev/null | grep -q GOODSIG then echo ...$DSC has a bad signature exit 1 fi echo ...signatures are ok exit 0 --==_Exmh_-21429859570 Content-Type: text/plain; charset=us-ascii Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "And why call ye me, Lord, Lord, and do not the things which I say?" Luke 6:46 --==_Exmh_-21429859570--   Acknowledgement sent to "Oliver Elphick" <olly@lfix.co.uk>:
Extra info received and forwarded to list. Copy sent to Stephane Bortzmeyer <bortzmeyer@debian.org>.   -t  From: owner@bugs.debian.org (Debian Bug Tracking System) To: "Oliver Elphick" Subject: Bug#65630: Info received (was Bug#65630: dupload: Dupload does not check that dsc and changes have been signed) Message-ID: In-Reply-To: <200108011142.f71BgtGn029042@linda.lfix.co.uk> References: <200108011142.f71BgtGn029042@linda.lfix.co.uk> X-Debian-PR-Message: ack-info-maintonly 65630 Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the developer(s) and to the developers mailing list to accompany the original report. Your message has been sent to the package maintainer(s): Stephane Bortzmeyer If you wish to continue to submit further information on your problem, please send it to 65630@bugs.debian.org, as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Darren Benham (administrator, Debian Bugs database)   Received: (at 65630) by bugs.debian.org; 1 Aug 2001 11:43:11 +0000 From olly@lfix.co.uk Wed Aug 01 06:43:11 2001 Return-path: Received: from anchor-post-31.mail.demon.net [::ffff:194.217.242.89] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 15RuP2-0006uO-00; Wed, 01 Aug 2001 06:43:04 -0500 Received: from lfix.demon.co.uk ([158.152.59.127] helo=linda.lfix.co.uk) by anchor-post-31.mail.demon.net with esmtp (Exim 2.12 #1) id 15RuOs-000O7y-0V; Wed, 1 Aug 2001 12:42:55 +0100 Received: from lfix.co.uk (olly@localhost [127.0.0.1]) by localhost (8.12.0.Beta16/8.12.0.Beta16/Debian 8.12.0.Beta16) with ESMTP id f71BgtGn029042; Wed, 1 Aug 2001 12:42:56 +0100 Message-Id: <200108011142.f71BgtGn029042@linda.lfix.co.uk> X-Mailer: exmh version 2.3.1 01/18/2001 (debian 2.3.1-1) with nmh-1.0.4+dev X-URL: http://www.lfix.co.uk/oliver X-face: "xUFVDj+ZJtL_IbURmI}!~xAyPC"Mrk=MkAm&tPQnNq(FWxv49R}\>0oI8VM?O2VY+N7@F- KMLl*!h}B)u@TW|B}6 cc: 65630@bugs.debian.org Subject: Re: Bug#65630: dupload: Dupload does not check that dsc and changes have been signed In-reply-to: Message from Stephane Bortzmeyer of Wed, 14 Jun 2000 17:01:33 +0200. <200006141501.RAA10870@ezili.sis.pasteur.fr> Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_-21429859570" Date: Wed, 01 Aug 2001 12:42:55 +0100 From: "Oliver Elphick" Delivered-To: 65630@bugs.debian.org This is a multipart MIME message. --==_Exmh_-21429859570 Content-Type: text/plain; charset=us-ascii Stephane Bortzmeyer wrote: >On Wednesday 14 June 2000, at 12 h 18, >the keyboard of Oliver Elphick wrote: > >> dupload does not chjeck that the .dsc and .changes files have been signed. >> It would be nice if it did. > >Use the hooks to do so. (And submit me the hook so I can put it in contrib/. >) It doesn't belong in dupload's core. > So here's the hook: $preupload{'changes'} = 'check_dupload %1'; --==_Exmh_-21429859570 Content-Type: text/plain ; name="check_dupload"; charset=us-ascii Content-Description: check_dupload Content-Disposition: attachment; filename="check_dupload" #!/bin/bash # Verify that a changes file and the equivalent dsc file have been # signed and that the signatures are good echo Checking signatures before upload... if ! gpg --status-fd 1 --verify $1 2>/dev/null | grep -q GOODSIG then echo ...$1 has a bad signature exit 1 fi DSC=`dirname $1`/`basename $1 _i386.changes`.dsc if ! gpg --status-fd 1 --verify $DSC 2>/dev/null | grep -q GOODSIG then echo ...$DSC has a bad signature exit 1 fi echo ...signatures are ok exit 0 --==_Exmh_-21429859570 Content-Type: text/plain; charset=us-ascii Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "And why call ye me, Lord, Lord, and do not the things which I say?" Luke 6:46 --==_Exmh_-21429859570--   Merged 54344 56877 65630 101882. Request was from Josip Rodin <joy@cibalia.gkvk.hr> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 11 Apr 2002 19:03:58 +0000 From joy@cibalia.gkvk.hr Thu Apr 11 14:03:58 2002 Return-path: Received: from cibalia.gkvk.hr [161.53.211.3] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 16vjrS-0003tI-00; Thu, 11 Apr 2002 14:03:58 -0500 Received: from joy by cibalia.gkvk.hr with local (Exim 3.33 #1 (Debian)) id 16vjwC-0003lA-00 for ; Thu, 11 Apr 2002 21:08:52 +0200 Date: Thu, 11 Apr 2002 21:08:52 +0200 To: control@bugs.debian.org Subject: stuff Message-ID: <20020411190852.GK13582@cibalia.gkvk.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i From: Josip Rodin Delivered-To: control@bugs.debian.org merge 54344 101882 -- 2. That which causes joy or happiness.   Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>:
Bug#65630; Package dupload.   debian-bugs-dist@lists.debian.orgJosip Rodin  X-Loop: owner@bugs.debian.org Subject: Bug#65630: Patch for proposed NMU for dupload: bug fixing Reply-To: Javier Fernández-Sanguino Peña , 65630@bugs.debian.org Resent-From: Javier Fernández-Sanguino Peña Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: Josip Rodin Resent-Date: Tue, 26 Jul 2005 23:33:10 UTC Resent-Message-ID: Resent-Sender: owner@bugs.debian.org X-Debian-PR-Message: report 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: Received: via spool by 65630-submit@bugs.debian.org id=B65630.112241995224714 (code B ref 65630); Tue, 26 Jul 2005 23:33:10 UTC Received: (at 65630) by bugs.debian.org; 26 Jul 2005 23:19:12 +0000 Received: from 148.red-213-96-98.pooles.rima-tde.net (silicio) [213.96.98.148] (Debian-exim) by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxYha-0006MR-00; Tue, 26 Jul 2005 16:19:11 -0700 Received: from jfs by silicio with local (Exim 4.52) id 1DxYhX-0006SP-NW; Wed, 27 Jul 2005 01:19:07 +0200 Date: Wed, 27 Jul 2005 01:19:07 +0200 From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= To: 54344@bugs.debian.org, 56877@bugs.debian.org, 65630@bugs.debian.org, 98949@bugs.debian.org, 101882@bugs.debian.org, 225400@bugs.debian.org, 226101@bugs.debian.org, 251286@bugs.debian.org, 319910@bugs.debian.org Cc: Josip Rodin Message-ID: <20050726231907.GA28947@silicio> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Oiv9uiLrevHtW1RS" Content-Disposition: inline User-Agent: Mutt/1.5.9i Delivered-To: 65630@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 8 --Oiv9uiLrevHtW1RS Content-Type: multipart/mixed; boundary="fXStkuK2IQBfcDe+" Content-Disposition: inline --fXStkuK2IQBfcDe+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Attached is a proposal for a dupload NMU. The package has not seen any upload in over two years and it's default configuration is inaccurate.=20 I have duploaded this new version to the DELAYED queue, if no=20 action is taken by the maintainer it will be installed in 7 days (if master is back online, of course) Regards Javier --fXStkuK2IQBfcDe+ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="dupload-2.6.3.1.NMU.diff" Content-Transfer-Encoding: quoted-printable diff -Nru dupload-2.6.3.old/debian/changelog dupload-2.6.3.1/debian/changel= og --- dupload-2.6.3.old/debian/changelog 2003-09-22 11:40:29.000000000 +0200 +++ dupload-2.6.3.1/debian/changelog 2005-07-27 01:02:04.000000000 +0200 @@ -1,3 +1,35 @@ +dupload (2.6.3.1) unstable; urgency=3Dlow + + * NMU to remove obsolete queues, based on=20 + http://www.debian.org/doc/developers-reference/ch-pkgs.en.html + and + http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950= =2Ehtml> + also cleaned up the bug list. + * Removed non-functioning upload queues: anonymous-non-us, non-us, + chiark, erlangen, uk, jp, and samosa. (Closes #222938, #229744) + * Added notes extracted from the Developer's reference regarding=20 + uploads to security and commented out these entries to prevent + developers from uploading there unintentionally. (Closes: #251286) + * Added a default configuration for uploading to mentors.debian.net + (Closes: #226101) + * Changed default (commented) upload queue to be anonymous-ftp-master + * Use Goswin's patch to add an 'options' field in the configuration file + which can be used to setup --progress and -L in rsync calls, or=20 + additional options to SSH if needed (Closes: #98949, #319910, #225400) + * Check the .changes signature using gpg or pgp (if available) in order = to + prevent unsigned uploads. This is active by default for GPG but can be= =20 + disabled in dupload.conf at will. Also, added two new simple scripts + gpg-check and pgp-check to provide a wrapper to the check so that the + error message in case of a failure is more user-friendly. I've impleme= nted + this as hooks rather than as new code in dupload to allow users to + customise as needed. Note: DSC files are not checked since that should + be done in a separate hook (and there is none for those files). + (Closes: #54344, #56877, #65630, #101882) + * Related to the above add references to the preupload/postupload hooks + in the dupload.conf file. + + -- Javier Fernandez-Sanguino Pen~a Tue, 26 Jul 2005 2= 3:45:04 +0200 + dupload (2.6.3) unstable; urgency=3Dmedium =20 * Fixed package build directory to actually include the contents diff -Nru dupload-2.6.3.old/dupload dupload-2.6.3.1/dupload --- dupload-2.6.3.old/dupload 2003-09-21 13:17:03.000000000 +0200 +++ dupload-2.6.3.1/dupload 2005-07-27 00:48:57.000000000 +0200 @@ -40,6 +40,7 @@ my $method =3D "ftp"; # transfer method my $login =3D "anonymous"; # default login my $passwd =3D "$user\@$myhost"; # ... +my $options =3D ""; # extra options for rsync or scp =20 my $sendmail =3D "/usr/sbin/sendmail"; =20 @@ -144,6 +145,7 @@ { my $nick =3D $config::cfg{$host}; $method =3D $nick->{method} || $method; + $options =3D $nick->{options} || $options; $fqdn =3D $nick->{fqdn} or fatal("Nothing known about host $host\n"); $incoming =3D $nick->{incoming} or fatal("No Incoming dir\n"); $queuedir =3D $nick->{queuedir}; @@ -513,7 +515,7 @@ } elsif ($method eq "scp") { $mode =3D (stat($file))[2]; unless ($dry) { - system("scp -p -q $file $login\@$fqdn:$incoming"); + system("scp -p -q $options $file $login\@$fqdn:$incoming"); fatal("scp $file failed\n") if $?; $t =3D time() - $t; # Small optimization @@ -522,7 +524,7 @@ fatal("ssh ... chmod 0644 failed\n") if $?; } } else { - p "\n+ scp -p -q $file $login\@$fqdn:$incoming"; + p "\n+ scp -p -q $options $file $login\@$fqdn:$incoming"; if ($mode !=3D 33188) { # rw-r--r-- aka 06= 44 p "\n+ ssh -x -l $login $fqdn chmod 0= 644 $incoming/$file"; } @@ -591,7 +593,7 @@ "'"; unless ($dry) { p "\n"; - system("scp $scpfiles $login\@$fqdn:$incoming"); + system("scp $options $scpfiles $login\@$fqdn:$incoming"); if ($?) { unlink $log{$job}; fatal("scp $scpfiles failed\n"); @@ -601,7 +603,7 @@ } fatal("$cmd failed\n") if $?; } else { - p "\n+ scp $scpfiles $login\@$fqdn:$incoming"; + p "\n+ scp $options $scpfiles $login\@$fqdn:$incoming"; p "\n+ $cmd"; } $allfiles =3D $scpfiles; @@ -613,7 +615,7 @@ "'"; unless ($dry) { p "\n"; - system("rsync --partial -zave ssh -x $rsyncfiles $login" . "@" . "$fqdn= :$incoming"); + system("rsync --partial -zave ssh $options -x $rsyncfiles $login" . "@"= . "$fqdn:$incoming"); if ($?) { unlink $log{$job}; fatal("rsync $rsyncfiles failed\n"); @@ -623,7 +625,7 @@ } fatal("$cmd failed\n") if $?; } else { - p "\n+ rsync --partial -zave ssh -x $rsyncfiles $login" . "@" . "$fqdn:= $incoming"; + p "\n+ rsync --partial -zave ssh $options -x $rsyncfiles $login" . "@" = =2E "$fqdn:$incoming"; p "\n+ $cmd"; } $allfiles =3D $rsyncfiles; diff -Nru dupload-2.6.3.old/dupload.conf dupload-2.6.3.1/dupload.conf --- dupload-2.6.3.old/dupload.conf 2003-09-21 13:27:34.000000000 +0200 +++ dupload-2.6.3.1/dupload.conf 2005-07-27 01:13:46.000000000 +0200 @@ -31,8 +31,38 @@ # (defaults to what your local MTA uses) =20 # Example of a default host: -#$default_host =3D "ftp-master"; +#$default_host =3D "anonymous-ftp-master"; =20 +# ----------------- +# Pre-defined hooks +# ----------------- +# Check changes file for valid signatures +# Using GPG: +$preupload{'changes'} =3D '/usr/share/dupload/gpg-check %1'; +# or using PGP: +# $preupload{'changes'} =3D '/usr/share/dupload/pgp-check %1'; + +# Lintian check of packages +# $preupload{'deb'} =3D 'lintian -v -i %1'; + +# Other hooks: +# $preupload{'sourcepackage'} +# $preupload{'file'} +# $preupload{'package'} +# $postupload{'changes'} +# $postupload{'sourcepackage'} +# $postupload{'file'} +# $postupload{'deb'} +# $postupload{'package'} + +# Note: hooks can also be defined in a per-host basis + +# ----------------- +# Pre-defined hosts +# ----------------- + +# Notice: There are login restriction on this host, scp will not +# work unless you are authorised. $cfg{'ftp-master'} =3D { fqdn =3D> "ftp-master.debian.org", method =3D> "scpb", @@ -47,93 +77,58 @@ dinstall_runs =3D> 1, }; =20 +# For Delayed uploads use this. You can use 0-day, which is uploaded +# one hour before dinstall runs. $delay =3D ($ENV{DEBDELAY} || 7); $cfg{'delayed'} =3D { - fqdn =3D> "ftp-master.debian.org", + fqdn =3D> "gluck.debian.org", method =3D> "scpb", - incoming =3D> "/org/ftp.debian.org/incoming/DELAYED/$delay-day/", + incoming =3D> "/home/tfheen/DELAYED/$delay-day/", # The dinstall on ftp-master sends emails itself dinstall_runs =3D> 1, }; =20 -# Upload queue in place of the old canonical Incoming directory -# Note: this is no longer the "right" place to upload to, it's as good -# as any other upload queue -$cfg{master} =3D { - fqdn =3D> "master.debian.org", - method =3D> "scpb", - incoming =3D> "/home/Debian/ftp/private/project/Incoming/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{chiark} =3D { - fqdn =3D> "ftp.chiark.greenend.org.uk", - incoming =3D> "/pub/debian/private/project/Incoming/", - queuedir =3D> "../queue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{erlangen} =3D { - fqdn =3D> "ftp.uni-erlangen.de", - incoming =3D> "/public/pub/Linux/debian/UploadQueue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{uk} =3D { - fqdn =3D> "ftp.uk.debian.org", - incoming =3D> "debian/UploadQueue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{jp} =3D { - fqdn =3D> "master.debian.or.jp", - incoming =3D> "/pub/Incoming/upload/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{samosa} =3D { - fqdn =3D> "samosa.debian.org", - incoming =3D> "/pub/UploadQueue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{'non-us'} =3D { - fqdn =3D> "non-us.debian.org", - method =3D> "scpb", - incoming =3D> "/org/non-us.debian.org/incoming", - # The dinstall on non-us sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; -$cfg{'anonymous-non-us'} =3D { - fqdn =3D> "non-us.debian.org", - incoming =3D> "/org/non-us.debian.org/incoming", - # files pass on to dinstall on non-us which sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; - -$cfg{'security'} =3D { - fqdn =3D> "security.debian.org", - method =3D> "scpb", - incoming =3D> "/org/security.debian.org/queue/unchecked", - # The dinstall on security sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; -$cfg{'anonymous-security'} =3D { - fqdn =3D> "security.debian.org", - incoming =3D> "/pub/SecurityUploadQueue", - # files pass on to dinstall on security which sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; +# Mentors upload queue, see +# http://mentors.debian.net/signup.php +$cfg{'mentors'} =3D { + fqdn =3D>'mentors.debian.net', + method =3D>'scpb', + login =3D>'incoming', + incoming=3D>'~', +# Change these to the user and domain part of your email address +# and uncomment them +# visibleuser=3D>'hugo', +# visiblename=3D>'mydomain.tld', + mailtx =3D>'incoming@mentors.debian.net', + preupload=3D> { + deb=3D>'chmod 0644 %1', + changes=3D>'chmod 0644 %1', + file=3D>'chmod 0644 %1', + }, +}; + +# NOTE: Do _NOT_ upload a package to the security upload queue=20 +# (oldstable-security, stable-security, etc.) without prior authorization= =20 +# from the security team. Please read: +# http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-sec= urity + +# Notice: There are login restriction on this host, scp will not +# work unless you are authorised. +#$cfg{'security'} =3D { +# fqdn =3D> "security.debian.org", +# method =3D> "scpb", +# incoming =3D> "/org/security.debian.org/queue/unchecked", +# # The dinstall on security sends emails itself +# dinstall_runs =3D> 1, +# nonus =3D> 1, +#}; +#$cfg{'anonymous-security'} =3D { +# fqdn =3D> "security.debian.org", +# incoming =3D> "/pub/SecurityUploadQueue", +# # files pass on to dinstall on security which sends emails itself +# dinstall_runs =3D> 1, +# nonus =3D> 1, +#}; =20 =20 # Don't remove the following line. Perl needs it. diff -Nru dupload-2.6.3.old/gpg-check dupload-2.6.3.1/gpg-check --- dupload-2.6.3.old/gpg-check 1970-01-01 01:00:00.000000000 +0100 +++ dupload-2.6.3.1/gpg-check 2005-07-27 01:14:56.000000000 +0200 @@ -0,0 +1,22 @@ +#!/bin/sh +# Verify that a changes has been signed and that the signatures are good +# (using GPG) + +FILE=3D$1 +# If no gpg is found just exit +[ ! -x "`which gpg`" ] && exit 0 +# If the file is not found just exit with error +[ ! -r "$FILE" ] && exit 2 + +echo -n Checking signatures before upload... + +# Use the exit status to determine if the signature is ok or not +if ! gpg --verify "$FILE" >/dev/null 2>&1 ; then + echo "GPG verification of $FILE failed!" + exit 1 +fi + +echo ...signatures are ok + +exit 0 + diff -Nru dupload-2.6.3.old/Makefile dupload-2.6.3.1/Makefile --- dupload-2.6.3.old/Makefile 2002-04-11 19:24:52.000000000 +0200 +++ dupload-2.6.3.1/Makefile 2005-07-27 01:04:08.000000000 +0200 @@ -7,6 +7,7 @@ MAN1 =3D dupload.1 MAN5 =3D dupload.conf.5 MAN =3D $(MAN1) $(MAN5) +EXTRA_FILES =3D gpg-check pgp-check =20 prefix =3D /usr/local confdir =3D /etc @@ -14,6 +15,7 @@ mandir =3D $(prefix)/man man1dir =3D $(mandir)/man1 man5dir =3D $(mandir)/man5 +extradir =3D $(prefix)/share/dupload =20 INSTALL =3D install POD2MAN =3D pod2man @@ -26,10 +28,11 @@ all: dupload $(MAN) =20 install: all - $(mkdirhier) $(bindir) $(man1dir) $(man5dir) + $(mkdirhier) $(bindir) $(man1dir) $(man5dir) $(extradir) $(inst_script) dupload $(bindir) $(inst_data) $(MAN1) $(man1dir) $(inst_data) $(MAN5) $(man5dir) + $(inst_script) $(EXTRA_FILES) $(extradir) @echo; echo "** You should install dupload.conf to $(confdir)"; echo =20 clean: diff -Nru dupload-2.6.3.old/pgp-check dupload-2.6.3.1/pgp-check --- dupload-2.6.3.old/pgp-check 1970-01-01 01:00:00.000000000 +0100 +++ dupload-2.6.3.1/pgp-check 2005-07-27 01:15:12.000000000 +0200 @@ -0,0 +1,20 @@ +#!/bin/sh +# Verify that a changes has been signed and that the signatures are good +# (using PGP) + +FILE=3D$1 +# If no pgp is found just exit +[ ! -x "`which pgpv`" ] && exit 0 +# If the file is not found just exit with error +[ ! -r "$FILE" ] && exit 2 + +echo -n Checking signatures before upload... + +if [ -z "`cat \"$FILE\" | pgpv -fq 2>&1 | grep \"^Signature by\"`" ] ; then + echo "PGP verification of $FILE failed!" + exit 1 +fi + +echo ...signatures are ok + +exit 0 --fXStkuK2IQBfcDe+-- --Oiv9uiLrevHtW1RS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC5sTqsandgtyBSwkRAnd5AJ9WsD1a+ag3vxM1XO3aorT0tHeNcwCeNpV9 CS/XmrTAgxlnh3H7K1OI5oU= =BPb6 -----END PGP SIGNATURE----- --Oiv9uiLrevHtW1RS--   Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.   -t  X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Javier Fernández-Sanguino Peña Subject: Bug#65630: Info received (was Patch for proposed NMU for dupload: bug fixing) Message-ID: In-Reply-To: <20050726231907.GA28947@silicio> References: <20050726231907.GA28947@silicio> Precedence: bulk X-Debian-PR-Message: ack-info 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: Thank you for the additional information you have supplied regarding this problem report. It has been forwarded to the package maintainer(s) and to other interested parties to accompany the original report. Your message has been sent to the package maintainer(s): Josip Rodin If you wish to continue to submit further information on your problem, please send it to 65630@bugs.debian.org, as before. Please do not reply to the address at the top of this message, unless you wish to report a problem with the Bug-tracking system. Debian bug tracking system administrator (administrator, Debian Bugs database)   Received: (at 65630) by bugs.debian.org; 26 Jul 2005 23:19:12 +0000 From jfs@computer.org Tue Jul 26 16:19:12 2005 Return-path: Received: from 148.red-213-96-98.pooles.rima-tde.net (silicio) [213.96.98.148] (Debian-exim) by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxYha-0006MR-00; Tue, 26 Jul 2005 16:19:11 -0700 Received: from jfs by silicio with local (Exim 4.52) id 1DxYhX-0006SP-NW; Wed, 27 Jul 2005 01:19:07 +0200 Date: Wed, 27 Jul 2005 01:19:07 +0200 From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= To: 54344@bugs.debian.org, 56877@bugs.debian.org, 65630@bugs.debian.org, 98949@bugs.debian.org, 101882@bugs.debian.org, 225400@bugs.debian.org, 226101@bugs.debian.org, 251286@bugs.debian.org, 319910@bugs.debian.org Cc: Josip Rodin Subject: Patch for proposed NMU for dupload: bug fixing Message-ID: <20050726231907.GA28947@silicio> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Oiv9uiLrevHtW1RS" Content-Disposition: inline User-Agent: Mutt/1.5.9i Delivered-To: 65630@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 8 --Oiv9uiLrevHtW1RS Content-Type: multipart/mixed; boundary="fXStkuK2IQBfcDe+" Content-Disposition: inline --fXStkuK2IQBfcDe+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Attached is a proposal for a dupload NMU. The package has not seen any upload in over two years and it's default configuration is inaccurate.=20 I have duploaded this new version to the DELAYED queue, if no=20 action is taken by the maintainer it will be installed in 7 days (if master is back online, of course) Regards Javier --fXStkuK2IQBfcDe+ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="dupload-2.6.3.1.NMU.diff" Content-Transfer-Encoding: quoted-printable diff -Nru dupload-2.6.3.old/debian/changelog dupload-2.6.3.1/debian/changel= og --- dupload-2.6.3.old/debian/changelog 2003-09-22 11:40:29.000000000 +0200 +++ dupload-2.6.3.1/debian/changelog 2005-07-27 01:02:04.000000000 +0200 @@ -1,3 +1,35 @@ +dupload (2.6.3.1) unstable; urgency=3Dlow + + * NMU to remove obsolete queues, based on=20 + http://www.debian.org/doc/developers-reference/ch-pkgs.en.html + and + http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950= =2Ehtml> + also cleaned up the bug list. + * Removed non-functioning upload queues: anonymous-non-us, non-us, + chiark, erlangen, uk, jp, and samosa. (Closes #222938, #229744) + * Added notes extracted from the Developer's reference regarding=20 + uploads to security and commented out these entries to prevent + developers from uploading there unintentionally. (Closes: #251286) + * Added a default configuration for uploading to mentors.debian.net + (Closes: #226101) + * Changed default (commented) upload queue to be anonymous-ftp-master + * Use Goswin's patch to add an 'options' field in the configuration file + which can be used to setup --progress and -L in rsync calls, or=20 + additional options to SSH if needed (Closes: #98949, #319910, #225400) + * Check the .changes signature using gpg or pgp (if available) in order = to + prevent unsigned uploads. This is active by default for GPG but can be= =20 + disabled in dupload.conf at will. Also, added two new simple scripts + gpg-check and pgp-check to provide a wrapper to the check so that the + error message in case of a failure is more user-friendly. I've impleme= nted + this as hooks rather than as new code in dupload to allow users to + customise as needed. Note: DSC files are not checked since that should + be done in a separate hook (and there is none for those files). + (Closes: #54344, #56877, #65630, #101882) + * Related to the above add references to the preupload/postupload hooks + in the dupload.conf file. + + -- Javier Fernandez-Sanguino Pen~a Tue, 26 Jul 2005 2= 3:45:04 +0200 + dupload (2.6.3) unstable; urgency=3Dmedium =20 * Fixed package build directory to actually include the contents diff -Nru dupload-2.6.3.old/dupload dupload-2.6.3.1/dupload --- dupload-2.6.3.old/dupload 2003-09-21 13:17:03.000000000 +0200 +++ dupload-2.6.3.1/dupload 2005-07-27 00:48:57.000000000 +0200 @@ -40,6 +40,7 @@ my $method =3D "ftp"; # transfer method my $login =3D "anonymous"; # default login my $passwd =3D "$user\@$myhost"; # ... +my $options =3D ""; # extra options for rsync or scp =20 my $sendmail =3D "/usr/sbin/sendmail"; =20 @@ -144,6 +145,7 @@ { my $nick =3D $config::cfg{$host}; $method =3D $nick->{method} || $method; + $options =3D $nick->{options} || $options; $fqdn =3D $nick->{fqdn} or fatal("Nothing known about host $host\n"); $incoming =3D $nick->{incoming} or fatal("No Incoming dir\n"); $queuedir =3D $nick->{queuedir}; @@ -513,7 +515,7 @@ } elsif ($method eq "scp") { $mode =3D (stat($file))[2]; unless ($dry) { - system("scp -p -q $file $login\@$fqdn:$incoming"); + system("scp -p -q $options $file $login\@$fqdn:$incoming"); fatal("scp $file failed\n") if $?; $t =3D time() - $t; # Small optimization @@ -522,7 +524,7 @@ fatal("ssh ... chmod 0644 failed\n") if $?; } } else { - p "\n+ scp -p -q $file $login\@$fqdn:$incoming"; + p "\n+ scp -p -q $options $file $login\@$fqdn:$incoming"; if ($mode !=3D 33188) { # rw-r--r-- aka 06= 44 p "\n+ ssh -x -l $login $fqdn chmod 0= 644 $incoming/$file"; } @@ -591,7 +593,7 @@ "'"; unless ($dry) { p "\n"; - system("scp $scpfiles $login\@$fqdn:$incoming"); + system("scp $options $scpfiles $login\@$fqdn:$incoming"); if ($?) { unlink $log{$job}; fatal("scp $scpfiles failed\n"); @@ -601,7 +603,7 @@ } fatal("$cmd failed\n") if $?; } else { - p "\n+ scp $scpfiles $login\@$fqdn:$incoming"; + p "\n+ scp $options $scpfiles $login\@$fqdn:$incoming"; p "\n+ $cmd"; } $allfiles =3D $scpfiles; @@ -613,7 +615,7 @@ "'"; unless ($dry) { p "\n"; - system("rsync --partial -zave ssh -x $rsyncfiles $login" . "@" . "$fqdn= :$incoming"); + system("rsync --partial -zave ssh $options -x $rsyncfiles $login" . "@"= . "$fqdn:$incoming"); if ($?) { unlink $log{$job}; fatal("rsync $rsyncfiles failed\n"); @@ -623,7 +625,7 @@ } fatal("$cmd failed\n") if $?; } else { - p "\n+ rsync --partial -zave ssh -x $rsyncfiles $login" . "@" . "$fqdn:= $incoming"; + p "\n+ rsync --partial -zave ssh $options -x $rsyncfiles $login" . "@" = =2E "$fqdn:$incoming"; p "\n+ $cmd"; } $allfiles =3D $rsyncfiles; diff -Nru dupload-2.6.3.old/dupload.conf dupload-2.6.3.1/dupload.conf --- dupload-2.6.3.old/dupload.conf 2003-09-21 13:27:34.000000000 +0200 +++ dupload-2.6.3.1/dupload.conf 2005-07-27 01:13:46.000000000 +0200 @@ -31,8 +31,38 @@ # (defaults to what your local MTA uses) =20 # Example of a default host: -#$default_host =3D "ftp-master"; +#$default_host =3D "anonymous-ftp-master"; =20 +# ----------------- +# Pre-defined hooks +# ----------------- +# Check changes file for valid signatures +# Using GPG: +$preupload{'changes'} =3D '/usr/share/dupload/gpg-check %1'; +# or using PGP: +# $preupload{'changes'} =3D '/usr/share/dupload/pgp-check %1'; + +# Lintian check of packages +# $preupload{'deb'} =3D 'lintian -v -i %1'; + +# Other hooks: +# $preupload{'sourcepackage'} +# $preupload{'file'} +# $preupload{'package'} +# $postupload{'changes'} +# $postupload{'sourcepackage'} +# $postupload{'file'} +# $postupload{'deb'} +# $postupload{'package'} + +# Note: hooks can also be defined in a per-host basis + +# ----------------- +# Pre-defined hosts +# ----------------- + +# Notice: There are login restriction on this host, scp will not +# work unless you are authorised. $cfg{'ftp-master'} =3D { fqdn =3D> "ftp-master.debian.org", method =3D> "scpb", @@ -47,93 +77,58 @@ dinstall_runs =3D> 1, }; =20 +# For Delayed uploads use this. You can use 0-day, which is uploaded +# one hour before dinstall runs. $delay =3D ($ENV{DEBDELAY} || 7); $cfg{'delayed'} =3D { - fqdn =3D> "ftp-master.debian.org", + fqdn =3D> "gluck.debian.org", method =3D> "scpb", - incoming =3D> "/org/ftp.debian.org/incoming/DELAYED/$delay-day/", + incoming =3D> "/home/tfheen/DELAYED/$delay-day/", # The dinstall on ftp-master sends emails itself dinstall_runs =3D> 1, }; =20 -# Upload queue in place of the old canonical Incoming directory -# Note: this is no longer the "right" place to upload to, it's as good -# as any other upload queue -$cfg{master} =3D { - fqdn =3D> "master.debian.org", - method =3D> "scpb", - incoming =3D> "/home/Debian/ftp/private/project/Incoming/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{chiark} =3D { - fqdn =3D> "ftp.chiark.greenend.org.uk", - incoming =3D> "/pub/debian/private/project/Incoming/", - queuedir =3D> "../queue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{erlangen} =3D { - fqdn =3D> "ftp.uni-erlangen.de", - incoming =3D> "/public/pub/Linux/debian/UploadQueue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{uk} =3D { - fqdn =3D> "ftp.uk.debian.org", - incoming =3D> "debian/UploadQueue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{jp} =3D { - fqdn =3D> "master.debian.or.jp", - incoming =3D> "/pub/Incoming/upload/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{samosa} =3D { - fqdn =3D> "samosa.debian.org", - incoming =3D> "/pub/UploadQueue/", - # files pass on to dinstall on ftp-master which sends emails itself - dinstall_runs =3D> 1, -}; - -$cfg{'non-us'} =3D { - fqdn =3D> "non-us.debian.org", - method =3D> "scpb", - incoming =3D> "/org/non-us.debian.org/incoming", - # The dinstall on non-us sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; -$cfg{'anonymous-non-us'} =3D { - fqdn =3D> "non-us.debian.org", - incoming =3D> "/org/non-us.debian.org/incoming", - # files pass on to dinstall on non-us which sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; - -$cfg{'security'} =3D { - fqdn =3D> "security.debian.org", - method =3D> "scpb", - incoming =3D> "/org/security.debian.org/queue/unchecked", - # The dinstall on security sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; -$cfg{'anonymous-security'} =3D { - fqdn =3D> "security.debian.org", - incoming =3D> "/pub/SecurityUploadQueue", - # files pass on to dinstall on security which sends emails itself - dinstall_runs =3D> 1, - nonus =3D> 1, -}; +# Mentors upload queue, see +# http://mentors.debian.net/signup.php +$cfg{'mentors'} =3D { + fqdn =3D>'mentors.debian.net', + method =3D>'scpb', + login =3D>'incoming', + incoming=3D>'~', +# Change these to the user and domain part of your email address +# and uncomment them +# visibleuser=3D>'hugo', +# visiblename=3D>'mydomain.tld', + mailtx =3D>'incoming@mentors.debian.net', + preupload=3D> { + deb=3D>'chmod 0644 %1', + changes=3D>'chmod 0644 %1', + file=3D>'chmod 0644 %1', + }, +}; + +# NOTE: Do _NOT_ upload a package to the security upload queue=20 +# (oldstable-security, stable-security, etc.) without prior authorization= =20 +# from the security team. Please read: +# http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-sec= urity + +# Notice: There are login restriction on this host, scp will not +# work unless you are authorised. +#$cfg{'security'} =3D { +# fqdn =3D> "security.debian.org", +# method =3D> "scpb", +# incoming =3D> "/org/security.debian.org/queue/unchecked", +# # The dinstall on security sends emails itself +# dinstall_runs =3D> 1, +# nonus =3D> 1, +#}; +#$cfg{'anonymous-security'} =3D { +# fqdn =3D> "security.debian.org", +# incoming =3D> "/pub/SecurityUploadQueue", +# # files pass on to dinstall on security which sends emails itself +# dinstall_runs =3D> 1, +# nonus =3D> 1, +#}; =20 =20 # Don't remove the following line. Perl needs it. diff -Nru dupload-2.6.3.old/gpg-check dupload-2.6.3.1/gpg-check --- dupload-2.6.3.old/gpg-check 1970-01-01 01:00:00.000000000 +0100 +++ dupload-2.6.3.1/gpg-check 2005-07-27 01:14:56.000000000 +0200 @@ -0,0 +1,22 @@ +#!/bin/sh +# Verify that a changes has been signed and that the signatures are good +# (using GPG) + +FILE=3D$1 +# If no gpg is found just exit +[ ! -x "`which gpg`" ] && exit 0 +# If the file is not found just exit with error +[ ! -r "$FILE" ] && exit 2 + +echo -n Checking signatures before upload... + +# Use the exit status to determine if the signature is ok or not +if ! gpg --verify "$FILE" >/dev/null 2>&1 ; then + echo "GPG verification of $FILE failed!" + exit 1 +fi + +echo ...signatures are ok + +exit 0 + diff -Nru dupload-2.6.3.old/Makefile dupload-2.6.3.1/Makefile --- dupload-2.6.3.old/Makefile 2002-04-11 19:24:52.000000000 +0200 +++ dupload-2.6.3.1/Makefile 2005-07-27 01:04:08.000000000 +0200 @@ -7,6 +7,7 @@ MAN1 =3D dupload.1 MAN5 =3D dupload.conf.5 MAN =3D $(MAN1) $(MAN5) +EXTRA_FILES =3D gpg-check pgp-check =20 prefix =3D /usr/local confdir =3D /etc @@ -14,6 +15,7 @@ mandir =3D $(prefix)/man man1dir =3D $(mandir)/man1 man5dir =3D $(mandir)/man5 +extradir =3D $(prefix)/share/dupload =20 INSTALL =3D install POD2MAN =3D pod2man @@ -26,10 +28,11 @@ all: dupload $(MAN) =20 install: all - $(mkdirhier) $(bindir) $(man1dir) $(man5dir) + $(mkdirhier) $(bindir) $(man1dir) $(man5dir) $(extradir) $(inst_script) dupload $(bindir) $(inst_data) $(MAN1) $(man1dir) $(inst_data) $(MAN5) $(man5dir) + $(inst_script) $(EXTRA_FILES) $(extradir) @echo; echo "** You should install dupload.conf to $(confdir)"; echo =20 clean: diff -Nru dupload-2.6.3.old/pgp-check dupload-2.6.3.1/pgp-check --- dupload-2.6.3.old/pgp-check 1970-01-01 01:00:00.000000000 +0100 +++ dupload-2.6.3.1/pgp-check 2005-07-27 01:15:12.000000000 +0200 @@ -0,0 +1,20 @@ +#!/bin/sh +# Verify that a changes has been signed and that the signatures are good +# (using PGP) + +FILE=3D$1 +# If no pgp is found just exit +[ ! -x "`which pgpv`" ] && exit 0 +# If the file is not found just exit with error +[ ! -r "$FILE" ] && exit 2 + +echo -n Checking signatures before upload... + +if [ -z "`cat \"$FILE\" | pgpv -fq 2>&1 | grep \"^Signature by\"`" ] ; then + echo "PGP verification of $FILE failed!" + exit 1 +fi + +echo ...signatures are ok + +exit 0 --fXStkuK2IQBfcDe+-- --Oiv9uiLrevHtW1RS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC5sTqsandgtyBSwkRAnd5AJ9WsD1a+ag3vxM1XO3aorT0tHeNcwCeNpV9 CS/XmrTAgxlnh3H7K1OI5oU= =BPb6 -----END PGP SIGNATURE----- --Oiv9uiLrevHtW1RS--   Tags added: fixed Request was from Javier Fernandez-Sanguino Pen~a <jfs@computer.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 2 Aug 2005 20:42:32 +0000 From katie@spohr.debian.org Tue Aug 02 13:42:32 2005 Return-path: Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1E03Qi-0004pu-00; Tue, 02 Aug 2005 13:32:04 -0700 From: Javier Fernandez-Sanguino Pen~a To: control@bugs.debian.org Cc: Javier Fernandez-Sanguino Pen~a , Josip Rodin X-Katie: $Revision: 1.56 $ Subject: Fixed in NMU of dupload 2.6.3.1 Message-Id: Sender: Archive Administrator Date: Tue, 02 Aug 2005 13:32:04 -0700 Delivered-To: control@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL autolearn=no version=2.60-bugs.debian.org_2005_01_02 tag 101882 + fixed tag 225400 + fixed tag 226101 + fixed tag 251286 + fixed tag 319910 + fixed tag 54344 + fixed tag 56877 + fixed tag 65630 + fixed tag 98949 + fixed quit This message was generated automatically in response to a non-maintainer upload. The .changes file follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 26 Jul 2005 23:45:04 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.3.1 Distribution: unstable Urgency: low Maintainer: Josip Rodin Changed-By: Javier Fernandez-Sanguino Pen~a Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 225400 226101 251286 319910 Changes: dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Files: f83b8584350f83bfa27e2aecdc3ed27c 651 devel optional dupload_2.6.3.1.dsc e3c8590436bb38d35547ff20b3e4baee 22321 devel optional dupload_2.6.3.1.tar.gz a78c4dd95212a1daaf1e2fa691d907a5 29074 devel optional dupload_2.6.3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQubEE/tEPvakNq0lAQIQfwP7BSNLRVpFWETeyrrHYcZyq5KdsgUpb8Bh rSkRvY4RoqaRjZWj2+wLPXcytTb0qazmRlnoo20xITV9QAKmqwW/6v/tXKH/uOsE cHZRyMpMb91G2OgeDa0S6eO/q0XeWmWnNsOcOvY6zZN6NWgoBY/HVUYVzGuhguNR 5nl2Gg2nBLw= =Ik0+ -----END PGP SIGNATURE-----   Tags added: fixed Request was from Javier Fernandez-Sanguino Pen~a <jfs@computer.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 2 Aug 2005 20:42:32 +0000 From katie@spohr.debian.org Tue Aug 02 13:42:32 2005 Return-path: Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1E03Qi-0004pu-00; Tue, 02 Aug 2005 13:32:04 -0700 From: Javier Fernandez-Sanguino Pen~a To: control@bugs.debian.org Cc: Javier Fernandez-Sanguino Pen~a , Josip Rodin X-Katie: $Revision: 1.56 $ Subject: Fixed in NMU of dupload 2.6.3.1 Message-Id: Sender: Archive Administrator Date: Tue, 02 Aug 2005 13:32:04 -0700 Delivered-To: control@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL autolearn=no version=2.60-bugs.debian.org_2005_01_02 tag 101882 + fixed tag 225400 + fixed tag 226101 + fixed tag 251286 + fixed tag 319910 + fixed tag 54344 + fixed tag 56877 + fixed tag 65630 + fixed tag 98949 + fixed quit This message was generated automatically in response to a non-maintainer upload. The .changes file follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 26 Jul 2005 23:45:04 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.3.1 Distribution: unstable Urgency: low Maintainer: Josip Rodin Changed-By: Javier Fernandez-Sanguino Pen~a Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 225400 226101 251286 319910 Changes: dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Files: f83b8584350f83bfa27e2aecdc3ed27c 651 devel optional dupload_2.6.3.1.dsc e3c8590436bb38d35547ff20b3e4baee 22321 devel optional dupload_2.6.3.1.tar.gz a78c4dd95212a1daaf1e2fa691d907a5 29074 devel optional dupload_2.6.3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQubEE/tEPvakNq0lAQIQfwP7BSNLRVpFWETeyrrHYcZyq5KdsgUpb8Bh rSkRvY4RoqaRjZWj2+wLPXcytTb0qazmRlnoo20xITV9QAKmqwW/6v/tXKH/uOsE cHZRyMpMb91G2OgeDa0S6eO/q0XeWmWnNsOcOvY6zZN6NWgoBY/HVUYVzGuhguNR 5nl2Gg2nBLw= =Ik0+ -----END PGP SIGNATURE-----   Tags added: fixed Request was from Javier Fernandez-Sanguino Pen~a <jfs@computer.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 2 Aug 2005 20:42:32 +0000 From katie@spohr.debian.org Tue Aug 02 13:42:32 2005 Return-path: Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1E03Qi-0004pu-00; Tue, 02 Aug 2005 13:32:04 -0700 From: Javier Fernandez-Sanguino Pen~a To: control@bugs.debian.org Cc: Javier Fernandez-Sanguino Pen~a , Josip Rodin X-Katie: $Revision: 1.56 $ Subject: Fixed in NMU of dupload 2.6.3.1 Message-Id: Sender: Archive Administrator Date: Tue, 02 Aug 2005 13:32:04 -0700 Delivered-To: control@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL autolearn=no version=2.60-bugs.debian.org_2005_01_02 tag 101882 + fixed tag 225400 + fixed tag 226101 + fixed tag 251286 + fixed tag 319910 + fixed tag 54344 + fixed tag 56877 + fixed tag 65630 + fixed tag 98949 + fixed quit This message was generated automatically in response to a non-maintainer upload. The .changes file follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 26 Jul 2005 23:45:04 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.3.1 Distribution: unstable Urgency: low Maintainer: Josip Rodin Changed-By: Javier Fernandez-Sanguino Pen~a Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 225400 226101 251286 319910 Changes: dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Files: f83b8584350f83bfa27e2aecdc3ed27c 651 devel optional dupload_2.6.3.1.dsc e3c8590436bb38d35547ff20b3e4baee 22321 devel optional dupload_2.6.3.1.tar.gz a78c4dd95212a1daaf1e2fa691d907a5 29074 devel optional dupload_2.6.3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQubEE/tEPvakNq0lAQIQfwP7BSNLRVpFWETeyrrHYcZyq5KdsgUpb8Bh rSkRvY4RoqaRjZWj2+wLPXcytTb0qazmRlnoo20xITV9QAKmqwW/6v/tXKH/uOsE cHZRyMpMb91G2OgeDa0S6eO/q0XeWmWnNsOcOvY6zZN6NWgoBY/HVUYVzGuhguNR 5nl2Gg2nBLw= =Ik0+ -----END PGP SIGNATURE-----   Tags added: fixed Request was from Javier Fernandez-Sanguino Pen~a <jfs@computer.org> to control@bugs.debian.org.   Received: (at control) by bugs.debian.org; 2 Aug 2005 20:42:32 +0000 From katie@spohr.debian.org Tue Aug 02 13:42:32 2005 Return-path: Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1E03Qi-0004pu-00; Tue, 02 Aug 2005 13:32:04 -0700 From: Javier Fernandez-Sanguino Pen~a To: control@bugs.debian.org Cc: Javier Fernandez-Sanguino Pen~a , Josip Rodin X-Katie: $Revision: 1.56 $ Subject: Fixed in NMU of dupload 2.6.3.1 Message-Id: Sender: Archive Administrator Date: Tue, 02 Aug 2005 13:32:04 -0700 Delivered-To: control@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL autolearn=no version=2.60-bugs.debian.org_2005_01_02 tag 101882 + fixed tag 225400 + fixed tag 226101 + fixed tag 251286 + fixed tag 319910 + fixed tag 54344 + fixed tag 56877 + fixed tag 65630 + fixed tag 98949 + fixed quit This message was generated automatically in response to a non-maintainer upload. The .changes file follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 26 Jul 2005 23:45:04 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.3.1 Distribution: unstable Urgency: low Maintainer: Josip Rodin Changed-By: Javier Fernandez-Sanguino Pen~a Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 225400 226101 251286 319910 Changes: dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Files: f83b8584350f83bfa27e2aecdc3ed27c 651 devel optional dupload_2.6.3.1.dsc e3c8590436bb38d35547ff20b3e4baee 22321 devel optional dupload_2.6.3.1.tar.gz a78c4dd95212a1daaf1e2fa691d907a5 29074 devel optional dupload_2.6.3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQubEE/tEPvakNq0lAQIQfwP7BSNLRVpFWETeyrrHYcZyq5KdsgUpb8Bh rSkRvY4RoqaRjZWj2+wLPXcytTb0qazmRlnoo20xITV9QAKmqwW/6v/tXKH/uOsE cHZRyMpMb91G2OgeDa0S6eO/q0XeWmWnNsOcOvY6zZN6NWgoBY/HVUYVzGuhguNR 5nl2Gg2nBLw= =Ik0+ -----END PGP SIGNATURE-----   Reply sent to Frank Lichtenheld <djpig@debian.org>:
You have taken responsibility.   -t  MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Frank Lichtenheld Subject: Bug#65630: marked as done (dupload: Dupload does not check that dsc and changes have been signed) Message-ID: References: <200006141118.e5EBIj412414@linda.lfix.co.uk> X-Debian-PR-Message: closed 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: fixed X-Debian-PR-Source: dupload Content-Type: multipart/mixed; boundary="----------=_1209741665-21920-0" This is a multi-part message in MIME format... ------------=_1209741665-21920-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Your message dated Fri, 02 May 2008 14:32:08 +0000 with message-id and subject line Bug#65630: fixed in dupload 2.6.4 has caused the Debian Bug report #65630, regarding dupload: Dupload does not check that dsc and changes have been si= gned to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) --=20 65630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D65630 Debian Bug Tracking System Contact owner@bugs.debian.org with problems ------------=_1209741665-21920-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.debian.org; 14 Jun 2000 11:23:31 +0000 Return-path: Received: from mail.enterprise.net [194.72.192.18] by master.debian.org with esmtp (Exim 3.12 2 (Debian)) id 132BGc-0006lx-00; Wed, 14 Jun 2000 06:23:30 -0500 Received: from linda.lfix.co.uk (cmax06-116.enterprise.net [212.161.115.116]) by mail.enterprise.net (8.8.5/8.8.5) with ESMTP id MAA08965 for ; Wed, 14 Jun 2000 12:23:27 +0100 (GMT/BST) Received: (from olly@localhost) by linda.lfix.co.uk (8.11.0.Beta1/8.11.0.Beta1/Debian 8.11.0-1) id e5EBIj412414; Wed, 14 Jun 2000 12:18:45 +0100 Date: Wed, 14 Jun 2000 12:18:45 +0100 Message-Id: <200006141118.e5EBIj412414@linda.lfix.co.uk> From: Oliver Elphick Subject: dupload: Dupload does not check that dsc and changes have been signed To: submit@bugs.debian.org X-Mailer: bug 3.3.2 Delivered-To: submit@bugs.debian.org Package: dupload Version: 2.4.1 Severity: wishlist dupload does not chjeck that the .dsc and .changes files have been signed. It would be nice if it did. -- System Information Debian Release: 2.2 Kernel Version: Linux linda 2.2.14 #1 Mon Feb 14 12:24:12 GMT 2000 i686 unknown Versions of the packages dupload depends on: ii libnet-perl 1.0703-4 Implementation of Internet protocols for Per ii perl-5.005 5.005.03-7.1 Larry Wall's Practical Extracting and Report ^^^ (Provides virtual package perl5) perl Not installed or no info ------------=_1209741665-21920-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 65630-close) by bugs.debian.org; 2 May 2008 15:08:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=4.0 tests=BAYES_00,FROMDEVELOPER, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_X_KATIE,IMPRONONCABLE_2, MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from ries.debian.org ([128.148.34.103]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JrwsA-0002fh-PP for 65630-close@bugs.debian.org; Fri, 02 May 2008 15:08:31 +0000 Received: from dak by ries.debian.org with local (Exim 4.63) (envelope-from ) id 1JrwIy-0002Vy-G4; Fri, 02 May 2008 14:32:08 +0000 From: Frank Lichtenheld To: 65630-close@bugs.debian.org X-DAK: dak process-unchecked X-Katie: $Revision: 1.65 $ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Bug#65630: fixed in dupload 2.6.4 Message-Id: Sender: Archive Administrator Date: Fri, 02 May 2008 14:32:08 +0000 X-CrossAssassin-Score: 11 Source: dupload Source-Version: 2.6.4 We believe that the bug you reported is fixed in the latest version of dupload, which is due to be installed in the Debian FTP archive: dupload_2.6.4.dsc to pool/main/d/dupload/dupload_2.6.4.dsc dupload_2.6.4.tar.gz to pool/main/d/dupload/dupload_2.6.4.tar.gz dupload_2.6.4_all.deb to pool/main/d/dupload/dupload_2.6.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 65630@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld (supplier of updated dupload package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 13:43:03 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.4 Distribution: unstable Urgency: low Maintainer: Frank Lichtenheld Changed-By: Frank Lichtenheld Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 222934 222938 225400 226101 226101 229744 249341 251286 279308 319910 321126 345078 356780 360161 384703 387678 395593 398135 420693 473518 477220 Changes: dupload (2.6.4) unstable; urgency=low . * Add myself to Uploaders with Josip's approval + acknowledge NMUs * Make a few clean-ups I refrained from in the NMUs: + Increase debhelper compat level to 5 + Add some missing dh_* calls (md5sums and installman) + Use dh_install and dh_link instead of install and ln + Bump Standards-Version to 3.7.3 (no changes) . dupload (2.6.3.4) unstable; urgency=low . * Non-maintainer upload (Closes: #477220) * Update mentors.debian.net configuration. Patch by Charles Plessy. (Closes: #226101) * Add volatile configuration. (Closes: #420693) * Add backports.org configuration. * Abort upload if distribution is UNRELEASED. (Closes: #384703) (also remove support for "frozen") * Add support for parsing and testing new checksums-* fields. dupload will not complain if the fields are absent. (Closes: #473518) * Check file sizes, too. (Closes: #360161) . dupload (2.6.3.3) unstable; urgency=low . * NMU (with maintainers consent) (Closes: #398135) * Recommend openssh-client instead of ssh, keep ssh as alternative for now. Reported by Aaron Schrab (Closes: #387678) * Setting $default_host from a local dupload.conf is now possible again. Reported by martin f krafft (Closes: #249341) * Add empty binary-arch target in debian/rules. Reported by Aurelien Jarno (Closes: #395593) * Treat DEBDELAY=0 correctly. Patch by Matej Vela (Closes: #356780) * Fix headers of man pages. Reported by Denis Barbier (Closes: #222934) * Update location of security upload queues. Reported by adrian (Closes: #345078) * Fix move of files to the queuedir. Patch by Bob Proulx (Closes: #279308) * Remove build-stamp in debian/rules' clean target . dupload (2.6.3.2) unstable; urgency=low . * NMU during BSP. * Try to differentiate between different gpg --verify error reasons to allow uploads from hosts where the public key is not available. (Closes: #321126) . dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes: #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Checksums-Sha1: 6330ce84c99a3e8bfca994743dfc93e514f3b9e2 775 dupload_2.6.4.dsc e3c7bfc39ad5b2f3ca187efd6cf9a92df35d3dc4 23738 dupload_2.6.4.tar.gz 33541d515c2d1380c9eeb4753dd2768e538e8423 30728 dupload_2.6.4_all.deb Checksums-Sha256: db4548b8b0e019ea9152a3c5ddea367845b21ecabe81387c1d87613d59a73572 775 dupload_2.6.4.dsc f6a0e8885d2175f47051d3e750c24f11fdc6e6269d191a10111a895c30be9a79 23738 dupload_2.6.4.tar.gz 85c5807b763f646dcc81aec80a0a3e934b120b698daf854dcaab9c74c4d0e2ca 30728 dupload_2.6.4_all.deb Files: 08eb237b551497e5408d26bdb5c2011f 775 devel optional dupload_2.6.4.dsc a1e39af16a50d77e57712814a26f7083 23738 devel optional dupload_2.6.4.tar.gz 7b64d850ac764f1f2bed94bde950d67c 30728 devel optional dupload_2.6.4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGxNnQbn06FtxPfARAle5AKDUo1N+B4LOePMTySQOCz6V+j+kpACfbstN DjPaoUjjiFU2l/KbJAgR14Y= =rsV0 -----END PGP SIGNATURE----- ------------=_1209741665-21920-0--   Notification sent to Oliver Elphick <olly@lfix.co.uk>:
Bug acknowledged by developer.   -t  MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Oliver Elphick Subject: Bug#65630 closed by Frank Lichtenheld (Bug#65630: fixed in dupload 2.6.4) Message-ID: References: <200006141118.e5EBIj412414@linda.lfix.co.uk> X-Debian-PR-Message: they-closed 65630 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: fixed X-Debian-PR-Source: dupload Reply-To: 65630@bugs.debian.org Content-Type: multipart/mixed; boundary="----------=_1209741665-21920-1" This is a multi-part message in MIME format... ------------=_1209741665-21920-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an automatic notification regarding your Bug report which was filed against the dupload package: #65630: dupload: Dupload does not check that dsc and changes have been sign= ed It has been closed by Frank Lichtenheld . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Frank Lichtenheld by replying to this email. --=20 65630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D65630 Debian Bug Tracking System Contact owner@bugs.debian.org with problems ------------=_1209741665-21920-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 65630-close) by bugs.debian.org; 2 May 2008 15:08:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=4.0 tests=BAYES_00,FROMDEVELOPER, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_X_KATIE,IMPRONONCABLE_2, MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from ries.debian.org ([128.148.34.103]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JrwsA-0002fh-PP for 65630-close@bugs.debian.org; Fri, 02 May 2008 15:08:31 +0000 Received: from dak by ries.debian.org with local (Exim 4.63) (envelope-from ) id 1JrwIy-0002Vy-G4; Fri, 02 May 2008 14:32:08 +0000 From: Frank Lichtenheld To: 65630-close@bugs.debian.org X-DAK: dak process-unchecked X-Katie: $Revision: 1.65 $ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Bug#65630: fixed in dupload 2.6.4 Message-Id: Sender: Archive Administrator Date: Fri, 02 May 2008 14:32:08 +0000 X-CrossAssassin-Score: 11 Source: dupload Source-Version: 2.6.4 We believe that the bug you reported is fixed in the latest version of dupload, which is due to be installed in the Debian FTP archive: dupload_2.6.4.dsc to pool/main/d/dupload/dupload_2.6.4.dsc dupload_2.6.4.tar.gz to pool/main/d/dupload/dupload_2.6.4.tar.gz dupload_2.6.4_all.deb to pool/main/d/dupload/dupload_2.6.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 65630@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld (supplier of updated dupload package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 13:43:03 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.4 Distribution: unstable Urgency: low Maintainer: Frank Lichtenheld Changed-By: Frank Lichtenheld Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 222934 222938 225400 226101 226101 229744 249341 251286 279308 319910 321126 345078 356780 360161 384703 387678 395593 398135 420693 473518 477220 Changes: dupload (2.6.4) unstable; urgency=low . * Add myself to Uploaders with Josip's approval + acknowledge NMUs * Make a few clean-ups I refrained from in the NMUs: + Increase debhelper compat level to 5 + Add some missing dh_* calls (md5sums and installman) + Use dh_install and dh_link instead of install and ln + Bump Standards-Version to 3.7.3 (no changes) . dupload (2.6.3.4) unstable; urgency=low . * Non-maintainer upload (Closes: #477220) * Update mentors.debian.net configuration. Patch by Charles Plessy. (Closes: #226101) * Add volatile configuration. (Closes: #420693) * Add backports.org configuration. * Abort upload if distribution is UNRELEASED. (Closes: #384703) (also remove support for "frozen") * Add support for parsing and testing new checksums-* fields. dupload will not complain if the fields are absent. (Closes: #473518) * Check file sizes, too. (Closes: #360161) . dupload (2.6.3.3) unstable; urgency=low . * NMU (with maintainers consent) (Closes: #398135) * Recommend openssh-client instead of ssh, keep ssh as alternative for now. Reported by Aaron Schrab (Closes: #387678) * Setting $default_host from a local dupload.conf is now possible again. Reported by martin f krafft (Closes: #249341) * Add empty binary-arch target in debian/rules. Reported by Aurelien Jarno (Closes: #395593) * Treat DEBDELAY=0 correctly. Patch by Matej Vela (Closes: #356780) * Fix headers of man pages. Reported by Denis Barbier (Closes: #222934) * Update location of security upload queues. Reported by adrian (Closes: #345078) * Fix move of files to the queuedir. Patch by Bob Proulx (Closes: #279308) * Remove build-stamp in debian/rules' clean target . dupload (2.6.3.2) unstable; urgency=low . * NMU during BSP. * Try to differentiate between different gpg --verify error reasons to allow uploads from hosts where the public key is not available. (Closes: #321126) . dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes: #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Checksums-Sha1: 6330ce84c99a3e8bfca994743dfc93e514f3b9e2 775 dupload_2.6.4.dsc e3c7bfc39ad5b2f3ca187efd6cf9a92df35d3dc4 23738 dupload_2.6.4.tar.gz 33541d515c2d1380c9eeb4753dd2768e538e8423 30728 dupload_2.6.4_all.deb Checksums-Sha256: db4548b8b0e019ea9152a3c5ddea367845b21ecabe81387c1d87613d59a73572 775 dupload_2.6.4.dsc f6a0e8885d2175f47051d3e750c24f11fdc6e6269d191a10111a895c30be9a79 23738 dupload_2.6.4.tar.gz 85c5807b763f646dcc81aec80a0a3e934b120b698daf854dcaab9c74c4d0e2ca 30728 dupload_2.6.4_all.deb Files: 08eb237b551497e5408d26bdb5c2011f 775 devel optional dupload_2.6.4.dsc a1e39af16a50d77e57712814a26f7083 23738 devel optional dupload_2.6.4.tar.gz 7b64d850ac764f1f2bed94bde950d67c 30728 devel optional dupload_2.6.4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGxNnQbn06FtxPfARAle5AKDUo1N+B4LOePMTySQOCz6V+j+kpACfbstN DjPaoUjjiFU2l/KbJAgR14Y= =rsV0 -----END PGP SIGNATURE----- ------------=_1209741665-21920-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.debian.org; 14 Jun 2000 11:23:31 +0000 Return-path: Received: from mail.enterprise.net [194.72.192.18] by master.debian.org with esmtp (Exim 3.12 2 (Debian)) id 132BGc-0006lx-00; Wed, 14 Jun 2000 06:23:30 -0500 Received: from linda.lfix.co.uk (cmax06-116.enterprise.net [212.161.115.116]) by mail.enterprise.net (8.8.5/8.8.5) with ESMTP id MAA08965 for ; Wed, 14 Jun 2000 12:23:27 +0100 (GMT/BST) Received: (from olly@localhost) by linda.lfix.co.uk (8.11.0.Beta1/8.11.0.Beta1/Debian 8.11.0-1) id e5EBIj412414; Wed, 14 Jun 2000 12:18:45 +0100 Date: Wed, 14 Jun 2000 12:18:45 +0100 Message-Id: <200006141118.e5EBIj412414@linda.lfix.co.uk> From: Oliver Elphick Subject: dupload: Dupload does not check that dsc and changes have been signed To: submit@bugs.debian.org X-Mailer: bug 3.3.2 Delivered-To: submit@bugs.debian.org Package: dupload Version: 2.4.1 Severity: wishlist dupload does not chjeck that the .dsc and .changes files have been signed. It would be nice if it did. -- System Information Debian Release: 2.2 Kernel Version: Linux linda 2.2.14 #1 Mon Feb 14 12:24:12 GMT 2000 i686 unknown Versions of the packages dupload depends on: ii libnet-perl 1.0703-4 Implementation of Internet protocols for Per ii perl-5.005 5.005.03-7.1 Larry Wall's Practical Extracting and Report ^^^ (Provides virtual package perl5) perl Not installed or no info ------------=_1209741665-21920-1--   Received: (at 65630-close) by bugs.debian.org; 2 May 2008 15:08:31 +0000 From dak@ftp-master.debian.org Fri May 02 15:08:31 2008 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=4.0 tests=BAYES_00,FROMDEVELOPER, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_X_KATIE,IMPRONONCABLE_2, MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from ries.debian.org ([128.148.34.103]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JrwsA-0002fh-PP for 65630-close@bugs.debian.org; Fri, 02 May 2008 15:08:31 +0000 Received: from dak by ries.debian.org with local (Exim 4.63) (envelope-from ) id 1JrwIy-0002Vy-G4; Fri, 02 May 2008 14:32:08 +0000 From: Frank Lichtenheld To: 65630-close@bugs.debian.org X-DAK: dak process-unchecked X-Katie: $Revision: 1.65 $ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Bug#65630: fixed in dupload 2.6.4 Message-Id: Sender: Archive Administrator Date: Fri, 02 May 2008 14:32:08 +0000 X-CrossAssassin-Score: 11 Source: dupload Source-Version: 2.6.4 We believe that the bug you reported is fixed in the latest version of dupload, which is due to be installed in the Debian FTP archive: dupload_2.6.4.dsc to pool/main/d/dupload/dupload_2.6.4.dsc dupload_2.6.4.tar.gz to pool/main/d/dupload/dupload_2.6.4.tar.gz dupload_2.6.4_all.deb to pool/main/d/dupload/dupload_2.6.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 65630@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld (supplier of updated dupload package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 13:43:03 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.4 Distribution: unstable Urgency: low Maintainer: Frank Lichtenheld Changed-By: Frank Lichtenheld Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 222934 222938 225400 226101 226101 229744 249341 251286 279308 319910 321126 345078 356780 360161 384703 387678 395593 398135 420693 473518 477220 Changes: dupload (2.6.4) unstable; urgency=low . * Add myself to Uploaders with Josip's approval + acknowledge NMUs * Make a few clean-ups I refrained from in the NMUs: + Increase debhelper compat level to 5 + Add some missing dh_* calls (md5sums and installman) + Use dh_install and dh_link instead of install and ln + Bump Standards-Version to 3.7.3 (no changes) . dupload (2.6.3.4) unstable; urgency=low . * Non-maintainer upload (Closes: #477220) * Update mentors.debian.net configuration. Patch by Charles Plessy. (Closes: #226101) * Add volatile configuration. (Closes: #420693) * Add backports.org configuration. * Abort upload if distribution is UNRELEASED. (Closes: #384703) (also remove support for "frozen") * Add support for parsing and testing new checksums-* fields. dupload will not complain if the fields are absent. (Closes: #473518) * Check file sizes, too. (Closes: #360161) . dupload (2.6.3.3) unstable; urgency=low . * NMU (with maintainers consent) (Closes: #398135) * Recommend openssh-client instead of ssh, keep ssh as alternative for now. Reported by Aaron Schrab (Closes: #387678) * Setting $default_host from a local dupload.conf is now possible again. Reported by martin f krafft (Closes: #249341) * Add empty binary-arch target in debian/rules. Reported by Aurelien Jarno (Closes: #395593) * Treat DEBDELAY=0 correctly. Patch by Matej Vela (Closes: #356780) * Fix headers of man pages. Reported by Denis Barbier (Closes: #222934) * Update location of security upload queues. Reported by adrian (Closes: #345078) * Fix move of files to the queuedir. Patch by Bob Proulx (Closes: #279308) * Remove build-stamp in debian/rules' clean target . dupload (2.6.3.2) unstable; urgency=low . * NMU during BSP. * Try to differentiate between different gpg --verify error reasons to allow uploads from hosts where the public key is not available. (Closes: #321126) . dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes: #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Checksums-Sha1: 6330ce84c99a3e8bfca994743dfc93e514f3b9e2 775 dupload_2.6.4.dsc e3c7bfc39ad5b2f3ca187efd6cf9a92df35d3dc4 23738 dupload_2.6.4.tar.gz 33541d515c2d1380c9eeb4753dd2768e538e8423 30728 dupload_2.6.4_all.deb Checksums-Sha256: db4548b8b0e019ea9152a3c5ddea367845b21ecabe81387c1d87613d59a73572 775 dupload_2.6.4.dsc f6a0e8885d2175f47051d3e750c24f11fdc6e6269d191a10111a895c30be9a79 23738 dupload_2.6.4.tar.gz 85c5807b763f646dcc81aec80a0a3e934b120b698daf854dcaab9c74c4d0e2ca 30728 dupload_2.6.4_all.deb Files: 08eb237b551497e5408d26bdb5c2011f 775 devel optional dupload_2.6.4.dsc a1e39af16a50d77e57712814a26f7083 23738 devel optional dupload_2.6.4.tar.gz 7b64d850ac764f1f2bed94bde950d67c 30728 devel optional dupload_2.6.4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGxNnQbn06FtxPfARAle5AKDUo1N+B4LOePMTySQOCz6V+j+kpACfbstN DjPaoUjjiFU2l/KbJAgR14Y= =rsV0 -----END PGP SIGNATURE-----   Reply sent to Frank Lichtenheld <djpig@debian.org>:
You have taken responsibility.   -t  MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Frank Lichtenheld Subject: Bug#54344: marked as done (dupload should check that the .changes is properly signed) Message-ID: References: X-Debian-PR-Message: closed 54344 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: fixed X-Debian-PR-Source: dupload Content-Type: multipart/mixed; boundary="----------=_1209741666-21920-2" This is a multi-part message in MIME format... ------------=_1209741666-21920-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Your message dated Fri, 02 May 2008 14:32:08 +0000 with message-id and subject line Bug#65630: fixed in dupload 2.6.4 has caused the Debian Bug report #65630, regarding dupload should check that the .changes is properly signed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) --=20 65630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D65630 Debian Bug Tracking System Contact owner@bugs.debian.org with problems ------------=_1209741666-21920-2 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.debian.org; 5 Jan 2000 21:51:09 +0000 Received: (qmail 7307 invoked from network); 5 Jan 2000 21:51:09 -0000 Received: from blood-axp.eradicator.org (mail@209.151.20.194) by master.debian.org with SMTP; 5 Jan 2000 21:51:09 -0000 Received: from dhd by blood-axp.eradicator.org with local (Exim 3.11 #1 (Debian)) id 125yKe-0000QX-00; Wed, 05 Jan 2000 16:51:04 -0500 From: dhd To: Debian Bug Tracking System Subject: dupload should check that the .changes is properly signed X-Reportbug-Version: 0.46 X-Mailer: reportbug 0.46 Date: Wed, 05 Jan 2000 16:51:03 -0500 Message-Id: Package: dupload Version: 2.4 Severity: wishlist Hi, Since I started using dupload, I've managed to upload a few packages without signed .changes files (I often build packages on other machines, then sign and upload them locally). It would be nice if dupload could protect me from my own stupidity, by checking that the .changes is signed, and possibly checking the signature on it as well. Cheers -- System Information Debian Release: potato Architecture: alpha Kernel: Linux blood-axp.eradicator.org 2.2.14pre12 #1 Fri Dec 10 15:59:26 EST 1999 alpha Versions of packages dupload depends on: ii libnet-perl 1.0606-3 Implementation of Internet protoco ii perl-5.004 [perl5] 5.004.05-4.1 Larry Wall's Practical Extracting ii perl-5.005 [perl5] 5.005.03-4.1 Larry Wall's Practical Extracting ------------=_1209741666-21920-2 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 65630-close) by bugs.debian.org; 2 May 2008 15:08:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=4.0 tests=BAYES_00,FROMDEVELOPER, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_X_KATIE,IMPRONONCABLE_2, MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from ries.debian.org ([128.148.34.103]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JrwsA-0002fh-PP for 65630-close@bugs.debian.org; Fri, 02 May 2008 15:08:31 +0000 Received: from dak by ries.debian.org with local (Exim 4.63) (envelope-from ) id 1JrwIy-0002Vy-G4; Fri, 02 May 2008 14:32:08 +0000 From: Frank Lichtenheld To: 65630-close@bugs.debian.org X-DAK: dak process-unchecked X-Katie: $Revision: 1.65 $ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Bug#65630: fixed in dupload 2.6.4 Message-Id: Sender: Archive Administrator Date: Fri, 02 May 2008 14:32:08 +0000 X-CrossAssassin-Score: 11 Source: dupload Source-Version: 2.6.4 We believe that the bug you reported is fixed in the latest version of dupload, which is due to be installed in the Debian FTP archive: dupload_2.6.4.dsc to pool/main/d/dupload/dupload_2.6.4.dsc dupload_2.6.4.tar.gz to pool/main/d/dupload/dupload_2.6.4.tar.gz dupload_2.6.4_all.deb to pool/main/d/dupload/dupload_2.6.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 65630@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld (supplier of updated dupload package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 13:43:03 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.4 Distribution: unstable Urgency: low Maintainer: Frank Lichtenheld Changed-By: Frank Lichtenheld Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 222934 222938 225400 226101 226101 229744 249341 251286 279308 319910 321126 345078 356780 360161 384703 387678 395593 398135 420693 473518 477220 Changes: dupload (2.6.4) unstable; urgency=low . * Add myself to Uploaders with Josip's approval + acknowledge NMUs * Make a few clean-ups I refrained from in the NMUs: + Increase debhelper compat level to 5 + Add some missing dh_* calls (md5sums and installman) + Use dh_install and dh_link instead of install and ln + Bump Standards-Version to 3.7.3 (no changes) . dupload (2.6.3.4) unstable; urgency=low . * Non-maintainer upload (Closes: #477220) * Update mentors.debian.net configuration. Patch by Charles Plessy. (Closes: #226101) * Add volatile configuration. (Closes: #420693) * Add backports.org configuration. * Abort upload if distribution is UNRELEASED. (Closes: #384703) (also remove support for "frozen") * Add support for parsing and testing new checksums-* fields. dupload will not complain if the fields are absent. (Closes: #473518) * Check file sizes, too. (Closes: #360161) . dupload (2.6.3.3) unstable; urgency=low . * NMU (with maintainers consent) (Closes: #398135) * Recommend openssh-client instead of ssh, keep ssh as alternative for now. Reported by Aaron Schrab (Closes: #387678) * Setting $default_host from a local dupload.conf is now possible again. Reported by martin f krafft (Closes: #249341) * Add empty binary-arch target in debian/rules. Reported by Aurelien Jarno (Closes: #395593) * Treat DEBDELAY=0 correctly. Patch by Matej Vela (Closes: #356780) * Fix headers of man pages. Reported by Denis Barbier (Closes: #222934) * Update location of security upload queues. Reported by adrian (Closes: #345078) * Fix move of files to the queuedir. Patch by Bob Proulx (Closes: #279308) * Remove build-stamp in debian/rules' clean target . dupload (2.6.3.2) unstable; urgency=low . * NMU during BSP. * Try to differentiate between different gpg --verify error reasons to allow uploads from hosts where the public key is not available. (Closes: #321126) . dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes: #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Checksums-Sha1: 6330ce84c99a3e8bfca994743dfc93e514f3b9e2 775 dupload_2.6.4.dsc e3c7bfc39ad5b2f3ca187efd6cf9a92df35d3dc4 23738 dupload_2.6.4.tar.gz 33541d515c2d1380c9eeb4753dd2768e538e8423 30728 dupload_2.6.4_all.deb Checksums-Sha256: db4548b8b0e019ea9152a3c5ddea367845b21ecabe81387c1d87613d59a73572 775 dupload_2.6.4.dsc f6a0e8885d2175f47051d3e750c24f11fdc6e6269d191a10111a895c30be9a79 23738 dupload_2.6.4.tar.gz 85c5807b763f646dcc81aec80a0a3e934b120b698daf854dcaab9c74c4d0e2ca 30728 dupload_2.6.4_all.deb Files: 08eb237b551497e5408d26bdb5c2011f 775 devel optional dupload_2.6.4.dsc a1e39af16a50d77e57712814a26f7083 23738 devel optional dupload_2.6.4.tar.gz 7b64d850ac764f1f2bed94bde950d67c 30728 devel optional dupload_2.6.4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGxNnQbn06FtxPfARAle5AKDUo1N+B4LOePMTySQOCz6V+j+kpACfbstN DjPaoUjjiFU2l/KbJAgR14Y= =rsV0 -----END PGP SIGNATURE----- ------------=_1209741666-21920-2--   Notification sent to dhd <dhd@eradicator.org>:
Bug acknowledged by developer.   -t  MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: dhd Subject: Bug#54344 closed by Frank Lichtenheld (Bug#65630: fixed in dupload 2.6.4) Message-ID: References: X-Debian-PR-Message: they-closed 54344 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: fixed X-Debian-PR-Source: dupload Reply-To: 54344@bugs.debian.org Content-Type: multipart/mixed; boundary="----------=_1209741667-21920-3" This is a multi-part message in MIME format... ------------=_1209741667-21920-3 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an automatic notification regarding your Bug report which was filed against the dupload package: #65630: dupload should check that the .changes is properly signed It has been closed by Frank Lichtenheld . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Frank Lichtenheld by replying to this email. --=20 65630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D65630 Debian Bug Tracking System Contact owner@bugs.debian.org with problems ------------=_1209741667-21920-3 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 65630-close) by bugs.debian.org; 2 May 2008 15:08:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=4.0 tests=BAYES_00,FROMDEVELOPER, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_X_KATIE,IMPRONONCABLE_2, MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from ries.debian.org ([128.148.34.103]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JrwsA-0002fh-PP for 65630-close@bugs.debian.org; Fri, 02 May 2008 15:08:31 +0000 Received: from dak by ries.debian.org with local (Exim 4.63) (envelope-from ) id 1JrwIy-0002Vy-G4; Fri, 02 May 2008 14:32:08 +0000 From: Frank Lichtenheld To: 65630-close@bugs.debian.org X-DAK: dak process-unchecked X-Katie: $Revision: 1.65 $ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Bug#65630: fixed in dupload 2.6.4 Message-Id: Sender: Archive Administrator Date: Fri, 02 May 2008 14:32:08 +0000 X-CrossAssassin-Score: 11 Source: dupload Source-Version: 2.6.4 We believe that the bug you reported is fixed in the latest version of dupload, which is due to be installed in the Debian FTP archive: dupload_2.6.4.dsc to pool/main/d/dupload/dupload_2.6.4.dsc dupload_2.6.4.tar.gz to pool/main/d/dupload/dupload_2.6.4.tar.gz dupload_2.6.4_all.deb to pool/main/d/dupload/dupload_2.6.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 65630@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld (supplier of updated dupload package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 13:43:03 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.4 Distribution: unstable Urgency: low Maintainer: Frank Lichtenheld Changed-By: Frank Lichtenheld Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 222934 222938 225400 226101 226101 229744 249341 251286 279308 319910 321126 345078 356780 360161 384703 387678 395593 398135 420693 473518 477220 Changes: dupload (2.6.4) unstable; urgency=low . * Add myself to Uploaders with Josip's approval + acknowledge NMUs * Make a few clean-ups I refrained from in the NMUs: + Increase debhelper compat level to 5 + Add some missing dh_* calls (md5sums and installman) + Use dh_install and dh_link instead of install and ln + Bump Standards-Version to 3.7.3 (no changes) . dupload (2.6.3.4) unstable; urgency=low . * Non-maintainer upload (Closes: #477220) * Update mentors.debian.net configuration. Patch by Charles Plessy. (Closes: #226101) * Add volatile configuration. (Closes: #420693) * Add backports.org configuration. * Abort upload if distribution is UNRELEASED. (Closes: #384703) (also remove support for "frozen") * Add support for parsing and testing new checksums-* fields. dupload will not complain if the fields are absent. (Closes: #473518) * Check file sizes, too. (Closes: #360161) . dupload (2.6.3.3) unstable; urgency=low . * NMU (with maintainers consent) (Closes: #398135) * Recommend openssh-client instead of ssh, keep ssh as alternative for now. Reported by Aaron Schrab (Closes: #387678) * Setting $default_host from a local dupload.conf is now possible again. Reported by martin f krafft (Closes: #249341) * Add empty binary-arch target in debian/rules. Reported by Aurelien Jarno (Closes: #395593) * Treat DEBDELAY=0 correctly. Patch by Matej Vela (Closes: #356780) * Fix headers of man pages. Reported by Denis Barbier (Closes: #222934) * Update location of security upload queues. Reported by adrian (Closes: #345078) * Fix move of files to the queuedir. Patch by Bob Proulx (Closes: #279308) * Remove build-stamp in debian/rules' clean target . dupload (2.6.3.2) unstable; urgency=low . * NMU during BSP. * Try to differentiate between different gpg --verify error reasons to allow uploads from hosts where the public key is not available. (Closes: #321126) . dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes: #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Checksums-Sha1: 6330ce84c99a3e8bfca994743dfc93e514f3b9e2 775 dupload_2.6.4.dsc e3c7bfc39ad5b2f3ca187efd6cf9a92df35d3dc4 23738 dupload_2.6.4.tar.gz 33541d515c2d1380c9eeb4753dd2768e538e8423 30728 dupload_2.6.4_all.deb Checksums-Sha256: db4548b8b0e019ea9152a3c5ddea367845b21ecabe81387c1d87613d59a73572 775 dupload_2.6.4.dsc f6a0e8885d2175f47051d3e750c24f11fdc6e6269d191a10111a895c30be9a79 23738 dupload_2.6.4.tar.gz 85c5807b763f646dcc81aec80a0a3e934b120b698daf854dcaab9c74c4d0e2ca 30728 dupload_2.6.4_all.deb Files: 08eb237b551497e5408d26bdb5c2011f 775 devel optional dupload_2.6.4.dsc a1e39af16a50d77e57712814a26f7083 23738 devel optional dupload_2.6.4.tar.gz 7b64d850ac764f1f2bed94bde950d67c 30728 devel optional dupload_2.6.4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGxNnQbn06FtxPfARAle5AKDUo1N+B4LOePMTySQOCz6V+j+kpACfbstN DjPaoUjjiFU2l/KbJAgR14Y= =rsV0 -----END PGP SIGNATURE----- ------------=_1209741667-21920-3 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.debian.org; 5 Jan 2000 21:51:09 +0000 Received: (qmail 7307 invoked from network); 5 Jan 2000 21:51:09 -0000 Received: from blood-axp.eradicator.org (mail@209.151.20.194) by master.debian.org with SMTP; 5 Jan 2000 21:51:09 -0000 Received: from dhd by blood-axp.eradicator.org with local (Exim 3.11 #1 (Debian)) id 125yKe-0000QX-00; Wed, 05 Jan 2000 16:51:04 -0500 From: dhd To: Debian Bug Tracking System Subject: dupload should check that the .changes is properly signed X-Reportbug-Version: 0.46 X-Mailer: reportbug 0.46 Date: Wed, 05 Jan 2000 16:51:03 -0500 Message-Id: Package: dupload Version: 2.4 Severity: wishlist Hi, Since I started using dupload, I've managed to upload a few packages without signed .changes files (I often build packages on other machines, then sign and upload them locally). It would be nice if dupload could protect me from my own stupidity, by checking that the .changes is signed, and possibly checking the signature on it as well. Cheers -- System Information Debian Release: potato Architecture: alpha Kernel: Linux blood-axp.eradicator.org 2.2.14pre12 #1 Fri Dec 10 15:59:26 EST 1999 alpha Versions of packages dupload depends on: ii libnet-perl 1.0606-3 Implementation of Internet protoco ii perl-5.004 [perl5] 5.004.05-4.1 Larry Wall's Practical Extracting ii perl-5.005 [perl5] 5.005.03-4.1 Larry Wall's Practical Extracting ------------=_1209741667-21920-3--   Received: (at 65630-close) by bugs.debian.org; 2 May 2008 15:08:31 +0000 From dak@ftp-master.debian.org Fri May 02 15:08:31 2008 X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 (2006-07-26) on rietz.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=4.0 tests=BAYES_00,FROMDEVELOPER, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,HEADER_X_KATIE,IMPRONONCABLE_2, MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2 autolearn=no version=3.1.4-bugs.debian.org_2005_01_02 Return-path: Received: from ries.debian.org ([128.148.34.103]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from ) id 1JrwsA-0002fh-PP for 65630-close@bugs.debian.org; Fri, 02 May 2008 15:08:31 +0000 Received: from dak by ries.debian.org with local (Exim 4.63) (envelope-from ) id 1JrwIy-0002Vy-G4; Fri, 02 May 2008 14:32:08 +0000 From: Frank Lichtenheld To: 65630-close@bugs.debian.org X-DAK: dak process-unchecked X-Katie: $Revision: 1.65 $ MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Bug#65630: fixed in dupload 2.6.4 Message-Id: Sender: Archive Administrator Date: Fri, 02 May 2008 14:32:08 +0000 X-CrossAssassin-Score: 11 Source: dupload Source-Version: 2.6.4 We believe that the bug you reported is fixed in the latest version of dupload, which is due to be installed in the Debian FTP archive: dupload_2.6.4.dsc to pool/main/d/dupload/dupload_2.6.4.dsc dupload_2.6.4.tar.gz to pool/main/d/dupload/dupload_2.6.4.tar.gz dupload_2.6.4_all.deb to pool/main/d/dupload/dupload_2.6.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 65630@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld (supplier of updated dupload package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 13:43:03 +0200 Source: dupload Binary: dupload Architecture: source all Version: 2.6.4 Distribution: unstable Urgency: low Maintainer: Frank Lichtenheld Changed-By: Frank Lichtenheld Description: dupload - utility to upload Debian packages Closes: 54344 56877 65630 98949 101882 222934 222938 225400 226101 226101 229744 249341 251286 279308 319910 321126 345078 356780 360161 384703 387678 395593 398135 420693 473518 477220 Changes: dupload (2.6.4) unstable; urgency=low . * Add myself to Uploaders with Josip's approval + acknowledge NMUs * Make a few clean-ups I refrained from in the NMUs: + Increase debhelper compat level to 5 + Add some missing dh_* calls (md5sums and installman) + Use dh_install and dh_link instead of install and ln + Bump Standards-Version to 3.7.3 (no changes) . dupload (2.6.3.4) unstable; urgency=low . * Non-maintainer upload (Closes: #477220) * Update mentors.debian.net configuration. Patch by Charles Plessy. (Closes: #226101) * Add volatile configuration. (Closes: #420693) * Add backports.org configuration. * Abort upload if distribution is UNRELEASED. (Closes: #384703) (also remove support for "frozen") * Add support for parsing and testing new checksums-* fields. dupload will not complain if the fields are absent. (Closes: #473518) * Check file sizes, too. (Closes: #360161) . dupload (2.6.3.3) unstable; urgency=low . * NMU (with maintainers consent) (Closes: #398135) * Recommend openssh-client instead of ssh, keep ssh as alternative for now. Reported by Aaron Schrab (Closes: #387678) * Setting $default_host from a local dupload.conf is now possible again. Reported by martin f krafft (Closes: #249341) * Add empty binary-arch target in debian/rules. Reported by Aurelien Jarno (Closes: #395593) * Treat DEBDELAY=0 correctly. Patch by Matej Vela (Closes: #356780) * Fix headers of man pages. Reported by Denis Barbier (Closes: #222934) * Update location of security upload queues. Reported by adrian (Closes: #345078) * Fix move of files to the queuedir. Patch by Bob Proulx (Closes: #279308) * Remove build-stamp in debian/rules' clean target . dupload (2.6.3.2) unstable; urgency=low . * NMU during BSP. * Try to differentiate between different gpg --verify error reasons to allow uploads from hosts where the public key is not available. (Closes: #321126) . dupload (2.6.3.1) unstable; urgency=low . * NMU to remove obsolete queues, based on http://www.debian.org/doc/developers-reference/ch-pkgs.en.html and http://lists.debian.org/debian-devel/2004/debian-devel-200401/msg01950.html> also cleaned up the bug list. * Removed non-functioning upload queues: anonymous-non-us, non-us, chiark, erlangen, uk, jp, and samosa. (Closes: #222938, #229744) * Added notes extracted from the Developer's reference regarding uploads to security and commented out these entries to prevent developers from uploading there unintentionally. (Closes: #251286) * Added a default configuration for uploading to mentors.debian.net (Closes: #226101) * Changed default (commented) upload queue to be anonymous-ftp-master * Use Goswin's patch to add an 'options' field in the configuration file which can be used to setup --progress and -L in rsync calls, or additional options to SSH if needed (Closes: #98949, #319910, #225400) * Check the .changes signature using gpg or pgp (if available) in order to prevent unsigned uploads. This is active by default for GPG but can be disabled in dupload.conf at will. Also, added two new simple scripts gpg-check and pgp-check to provide a wrapper to the check so that the error message in case of a failure is more user-friendly. I've implemented this as hooks rather than as new code in dupload to allow users to customise as needed. Note: DSC files are not checked since that should be done in a separate hook (and there is none for those files). (Closes: #54344, #56877, #65630, #101882) * Related to the above add references to the preupload/postupload hooks in the dupload.conf file. Checksums-Sha1: 6330ce84c99a3e8bfca994743dfc93e514f3b9e2 775 dupload_2.6.4.dsc e3c7bfc39ad5b2f3ca187efd6cf9a92df35d3dc4 23738 dupload_2.6.4.tar.gz 33541d515c2d1380c9eeb4753dd2768e538e8423 30728 dupload_2.6.4_all.deb Checksums-Sha256: db4548b8b0e019ea9152a3c5ddea367845b21ecabe81387c1d87613d59a73572 775 dupload_2.6.4.dsc f6a0e8885d2175f47051d3e750c24f11fdc6e6269d191a10111a895c30be9a79 23738 dupload_2.6.4.tar.gz 85c5807b763f646dcc81aec80a0a3e934b120b698daf854dcaab9c74c4d0e2ca 30728 dupload_2.6.4_all.deb Files: 08eb237b551497e5408d26bdb5c2011f 775 devel optional dupload_2.6.4.dsc a1e39af16a50d77e57712814a26f7083 23738 devel optional dupload_2.6.4.tar.gz 7b64d850ac764f1f2bed94bde950d67c 30728 devel optional dupload_2.6.4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGxNnQbn06FtxPfARAle5AKDUo1N+B4LOePMTySQOCz6V+j+kpACfbstN DjPaoUjjiFU2l/KbJAgR14Y= =rsV0 -----END PGP SIGNATURE-----   Reply sent to Frank Lichtenheld <djpig@debian.org>:
You have taken responsibility.   -t  MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) X-Loop: owner@bugs.debian.org From: owner@bugs.debian.org (Debian Bug Tracking System) To: Frank Lichtenheld Subject: Bug#56877: marked as done (dupload: Dupload should check for PGP signatures on .dsc and .changes before uploading) Message-ID: References: <20000202195717.9FC2C57DEE@kate.private.net> X-Debian-PR-Message: closed 56877 X-Debian-PR-Package: dupload X-Debian-PR-Keywords: fixed X-Debian-PR-Source: dupload Content-