xfs
[Top] [All Lists]

Re: [PATCH 0/4] Refactor release scripts to conform to using git archive

To: Ben Myers <bpm@xxxxxxx>
Subject: Re: [PATCH 0/4] Refactor release scripts to conform to using git archive
From: Dave Chinner <david@xxxxxxxxxxxxx>
Date: Fri, 15 Feb 2013 09:36:13 +1100
Cc: Nathan Scott <nathans@xxxxxxxxxx>, Andrew Dahl <adahl@xxxxxxx>, xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20130214162454.GH30652@xxxxxxx>
References: <20130214010853.GD22182@xxxxxxx> <1295709208.2558271.1360808077935.JavaMail.root@xxxxxxxxxx> <20130214162454.GH30652@xxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Thu, Feb 14, 2013 at 10:24:54AM -0600, Ben Myers wrote:
> Hey Nathan,
> 
> On Wed, Feb 13, 2013 at 09:14:37PM -0500, Nathan Scott wrote:
> > ----- Original Message -----
> > > On Wed, Feb 06, 2013 at 12:15:47PM +1100, Dave Chinner wrote:
> > > > ...
> > > > It breaks the 'make deb' command for all the trees.
> > > 
> > > xfsprogs: update 'make deb' to use tarball
> > > 
> > > This patch changes the build process so that 'make deb' uses the same
> > > process of creating a source tree as the release script.
> > > 
> > > * Add a list of files which go in the release tarball in .git_census
> > >   This is needed so that you can create a tarball in a bare release
> > >   tree, when .git is not available.
> > > 
> > 
> > I think you'll need .git_census in .gitignore (ala configure).
> > Possibly remove the underscore for naming consistency - *shrug*.
> 
> Will do.  Thanks.
> 
> > 
> > > 
> > > * 'make deb' now creates unsigned packages by default, 'make debsign'
> > >   creates signed packages.
> > > 
> > 
> > Ehrm - why?  Everything else in your patch worked, but this part broke
> > (which suggests a larger problem, in that this build path is no longer
> > checked on every build) ...
> > 
> > debsign: Can't find or can't read changes file !
> > 
> > > +debsign: deb
> > > + debsign
> > > +
> > 
> > (That's not valid usage, FWIW).
> >
> > I would recommend just removing that change in behaviour, "make deb"
> > was fine as it was (for me anyway, and evidently for Dave too).  Best
> > to go secure-by-default and not change this.
> 
> 'make deb' failed for me like this:
> 
> signfile xfsprogs_3.1.9.dsc
> gpg: skipped "Nathan Scott <nathans@xxxxxxxxxx>": secret key not available
> gpg: [stdin]: clearsign failed: secret key not available
> 
> dpkg-genchanges  >../xfsprogs_3.1.9_amd64.changes
> dpkg-genchanges: including full source code in upload
> dpkg-buildpackage: full upload; Debian-native package (full source is 
> included)
> dpkg-buildpackage: warning: Failed to sign .dsc and .changes file
> make: *** [deb] Error 1

Don't know what you are doing differently to me, but make deb is not
even trying to build signed packages on my build machine. It never
has, and I don't ever recall seeing make deb fail because it was
trying to build signed packages in the last 5 years on any of my
machines...

I'm not passing -uc -us to dpkg-buildpackage, so somewhere aling the
line it is working out that it shouldn't be signing the packages
itself...

> I think it is also reasonable for devs to be able to build test debs on
> machines that have empty keyrings.

That's exactly what I have been doing for a long time.

Cheers,

Dave.
-- 
Dave Chinner
david@xxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>