Bug#827246: debsnap: downloading source package versions with multiple .dsc files gives broken source packages
Paul Wise
pabs at debian.org
Tue Jun 14 04:45:07 UTC 2016
Package: devscripts
Version: 2.16.5
Severity: normal
File: /usr/bin/debsnap
X-Debbugs-CC: debian-snapshot at lists.debian.org
User: devscripts at packages.debian.org
Usertags: debsnap
Downloading gxine 0.5.908-3.1 gives a broken source package. It looks
like it is getting the debian.tar.xz file from the debian archive and
the .dsc file from the debian-ports archive.
The snapshot API is returning multiple .dsc and debian.tar.xz files,
the first .dsc is from the debian-ports archive while the first
debian.tar.xz is from the debian/debian-debug archives.
debsnap appears to download all of the files but doesn't pay attention
to identical file names with different contents from different
archives, which means that it overwrites some files with contents from
other archives.
I think the solution here might be to print an error when there are
multiple .dsc files with different contents, print the URLs to the .dsc
files, suggest downloading with `dget -q` and exit with an error:
Error: found multiple .dsc files, please choose one:
cd destdir ; dget -q http://snapshot.debian.org/archive/debian-ports/20150303T013353Z/pool-hurd-i386/main/g/gxine/gxine_0.5.908-3.1.dsc
cd destdir ; dget -q http://snapshot.debian.org/archive/debian/20141230T220552Z/pool/main/g/gxine/gxine_0.5.908-3.1.dsc
pabs at chianamo ~ $ debsnap --destdir . --verbose gxine 0.5.908-3.1
Getting json http://snapshot.debian.org/mr/package/gxine/
Getting json http://snapshot.debian.org/mr/package/gxine//0.5.908-3.1/srcfiles?fileinfo=1
Getting file gxine_0.5.908-3.1.dsc: http://snapshot.debian.org/file/9a46e23f17864660be5f09a85fbd6842eb53ce6d
Getting file gxine_0.5.908-3.1.debian.tar.xz: http://snapshot.debian.org/file/154eada9d3e94a0c641e60fc515a74afb736eb49
Getting file gxine_0.5.908-3.1.debian.tar.xz: http://snapshot.debian.org/file/663d85e0a8895d5054fe8c1a4d2f3f66252a5cda
Getting file gxine_0.5.908.orig.tar.xz: http://snapshot.debian.org/file/542e723c9c2d396a1da68272fae4cec762cb086f
Getting file gxine_0.5.908-3.1.dsc: http://snapshot.debian.org/file/d002e2f5bc3da9a097ee93111ce8d69a0f59d3c5
pabs at chianamo ~ $ dpkg-source -x gxine_0.5.908-3.1.dsc
dpkg-source: error: file ./gxine_0.5.908-3.1.debian.tar.xz has checksum a61c85b5cd28a15dd4e01063eaa98d9b instead of expected 8b949bf5393848697298052ec60e6eb1 (algorithm md5)
pabs at chianamo ~ $ sha1sum gxine*
154eada9d3e94a0c641e60fc515a74afb736eb49 gxine_0.5.908-3.1.debian.tar.xz
9a46e23f17864660be5f09a85fbd6842eb53ce6d gxine_0.5.908-3.1.dsc
542e723c9c2d396a1da68272fae4cec762cb086f gxine_0.5.908.orig.tar.xz
pabs at chianamo ~ $ dget -q http://snapshot.debian.org/archive/debian-ports/20150303T013353Z/pool-hurd-i386/main/g/gxine/gxine_0.5.908-3.1.dsc
gxine_0.5.908-3.1.dsc:
Good signature found
validating gxine_0.5.908.orig.tar.xz
validating gxine_0.5.908-3.1.debian.tar.xz
All files validated successfully.
dpkg-source: info: extracting gxine in gxine-0.5.908
dpkg-source: info: unpacking gxine_0.5.908.orig.tar.xz
dpkg-source: info: unpacking gxine_0.5.908-3.1.debian.tar.xz
dpkg-source: info: applying debian-changes
pabs at chianamo ~ $ sha1sum gxine*
sha1sum: gxine-0.5.908: Is a directory
663d85e0a8895d5054fe8c1a4d2f3f66252a5cda gxine_0.5.908-3.1.debian.tar.xz
9a46e23f17864660be5f09a85fbd6842eb53ce6d gxine_0.5.908-3.1.dsc
542e723c9c2d396a1da68272fae4cec762cb086f gxine_0.5.908.orig.tar.xz
pabs at chianamo ~ $ dget -q http://snapshot.debian.org/archive/debian/20141230T220552Z/pool/main/g/gxine/gxine_0.5.908-3.1.dsc
gxine_0.5.908-3.1.dsc:
Good signature found
validating gxine_0.5.908.orig.tar.xz
validating gxine_0.5.908-3.1.debian.tar.xz
All files validated successfully.
dpkg-source: info: extracting gxine in gxine-0.5.908
dpkg-source: info: unpacking gxine_0.5.908.orig.tar.xz
dpkg-source: info: unpacking gxine_0.5.908-3.1.debian.tar.xz
dpkg-source: info: applying debian-changes
pabs at chianamo ~ $ sha1sum gxine*
sha1sum: gxine-0.5.908: Is a directory
154eada9d3e94a0c641e60fc515a74afb736eb49 gxine_0.5.908-3.1.debian.tar.xz
d002e2f5bc3da9a097ee93111ce8d69a0f59d3c5 gxine_0.5.908-3.1.dsc
542e723c9c2d396a1da68272fae4cec762cb086f gxine_0.5.908.orig.tar.xz
pabs at chianamo ~ $ curl -s http://snapshot.debian.org/mr/package/gxine/0.5.908-3.1/srcfiles?fileinfo=1 | jq
{
"_comment": "foo",
"version": "0.5.908-3.1",
"result": [
{
"hash": "663d85e0a8895d5054fe8c1a4d2f3f66252a5cda"
},
{
"hash": "9a46e23f17864660be5f09a85fbd6842eb53ce6d"
},
{
"hash": "542e723c9c2d396a1da68272fae4cec762cb086f"
},
{
"hash": "d002e2f5bc3da9a097ee93111ce8d69a0f59d3c5"
},
{
"hash": "154eada9d3e94a0c641e60fc515a74afb736eb49"
}
],
"fileinfo": {
"9a46e23f17864660be5f09a85fbd6842eb53ce6d": [
{
"name": "gxine_0.5.908-3.1.dsc",
"archive_name": "debian-ports",
"path": "/pool-hurd-i386/main/g/gxine",
"first_seen": "20150303T013353Z",
"size": 2131
}
],
"d002e2f5bc3da9a097ee93111ce8d69a0f59d3c5": [
{
"name": "gxine_0.5.908-3.1.dsc",
"archive_name": "debian",
"path": "/pool/main/g/gxine",
"first_seen": "20141230T220552Z",
"size": 2261
},
{
"name": "gxine_0.5.908-3.1.dsc",
"archive_name": "debian-debug",
"path": "/pool/main/g/gxine",
"first_seen": "20160315T212933Z",
"size": 2261
}
],
"154eada9d3e94a0c641e60fc515a74afb736eb49": [
{
"name": "gxine_0.5.908-3.1.debian.tar.xz",
"archive_name": "debian",
"path": "/pool/main/g/gxine",
"first_seen": "20141230T220552Z",
"size": 12176
},
{
"name": "gxine_0.5.908-3.1.debian.tar.xz",
"archive_name": "debian-debug",
"path": "/pool/main/g/gxine",
"first_seen": "20160315T212933Z",
"size": 12176
}
],
"542e723c9c2d396a1da68272fae4cec762cb086f": [
{
"name": "gxine_0.5.908.orig.tar.xz",
"archive_name": "debian",
"path": "/pool/main/g/gxine",
"first_seen": "20140510T042022Z",
"size": 917780
},
{
"name": "gxine_0.5.908.orig.tar.xz",
"archive_name": "debian-ports",
"path": "/pool-hurd-i386/main/g/gxine",
"first_seen": "20150303T013353Z",
"size": 917780
},
{
"name": "gxine_0.5.908.orig.tar.xz",
"archive_name": "debian-debug",
"path": "/pool/main/g/gxine",
"first_seen": "20160315T212933Z",
"size": 917780
}
],
"663d85e0a8895d5054fe8c1a4d2f3f66252a5cda": [
{
"name": "gxine_0.5.908-3.1.debian.tar.xz",
"archive_name": "debian-ports",
"path": "/pool-hurd-i386/main/g/gxine",
"first_seen": "20150303T013353Z",
"size": 12176
}
]
},
"package": "gxine"
}
-- System Information:
Debian Release: stretch/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.7
ii libc6 2.22-11
ii perl 5.22.2-1
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.2.12
ii at 3.1.18-2
ii curl 7.47.0-1
ii dctrl-tools 2.24-2
ii debian-keyring 2016.04.22
ii dput 0.9.6.4
ii dupload 2.7.0
ii equivs 2.0.9+nmu1
ii fakeroot 1.20.2-2
ii file 1:5.25-2
ii gnupg 1.4.20-6
ii gnupg2 2.1.11-7
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.05-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.19-1
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii lintian 2.5.44
ii man-db 2.7.5-1
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii pseudo [fakeroot] 1.7.5-5
ii python3-debian 0.1.27
ii python3-magic 1:5.25-2
ii sensible-utils 0.0.9
ii strace 4.12-3
ii unzip 6.0-20
ii wdiff 1.2.2-1+b1
ii wget 1.18-1
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages devscripts suggests:
ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-3
ii build-essential 11.7
pn cvs-buildpackage <none>
pn devscripts-el <none>
ii diffoscope 54
pn dose-extra <none>
pn gnuplot <none>
ii gpgv 1.4.20-6
pn libauthen-sasl-perl <none>
ii libfile-desktopentry-perl 0.22-1
ii libnet-smtp-ssl-perl 1.03-1
ii libterm-size-perl 0.207-1+b3
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mozilla-devscripts 0.45.1
ii mutt 1.6.0-1
ii openssh-client [ssh-client] 1:7.2p2-5
ii svn-buildpackage 0.8.5+nmu1
ii w3m 0.5.3-28
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20160614/c2d0b114/attachment-0001.sig>
More information about the devscripts-devel
mailing list