1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1076223: tcputils,libbpf-tools: install program with same name (tcp

    From Andreas Tille@21:1/5 to All on Wed Mar 5 14:00:01 2025
    Hi Joel,

    Am Mon, Feb 17, 2025 at 08:42:38PM +0100 schrieb Joel Rosdahl:
    Thanks Andreas for following up on this bug report which has sat in my inbox far too long.

    You are welcome.

    I think that it could be of interest to mention what Fedora has chosen:

    * tcputils installs the programs without prefix or suffix in /usr/bin.
    * libbpf-tools installs the programs with a bpf- prefix in /usr/bin.

    I consider it an important data point to keep some compatibility with
    other Linux distributions. Thus I decided to not change the file
    layout.

    From my point of view I would prefer to only rename libbpf-tools' binaries.

    This was announced by Ritesh in his mail to the bug report[1] - at
    least this is my understanding.

    On the other hand, I would also be open to simply removing the tcputils package from Debian or to hand over maintainership of it.

    I'm not against removal at all but for the moment I do not see urgent
    need for removal if the suggested action is done in libbpf-tools. I
    also realised we did not found any human uploader inside the Salvage
    team. Thus I rather decided to move the package to the Debian/ team
    which might simplify finding someone who might care. I did so in some
    NMU to delayed=5 with the content you can find on Salsa[2].

    Hope this fits all interests well.

    Kind regards
    Andreas.


    [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076223#44
    [2] https://salsa.debian.org/debian/tcputils

    --
    https://fam-tille.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Hofstaedtler@21:1/5 to All on Mon Mar 17 12:00:01 2025
    * Ritesh Raj Sarraf <rrs@debian.org> [250317 11:08]:
    I've managed to prepare a fix for this issue. But am having some issues
    with the upload.

    Possibly, something recent with how keys are managed.

    @ dupload bpfcc_0.31.0+ds-5_source.changes
    dupload note: no announcement will be sent.
    Checking OpenPGP signatures on bpfcc_0.31.0+ds-5_source.changes...
    Using keyring: /usr/share/keyrings/debian-keyring.gpg
    Using keyring: /usr/share/keyrings/debian-nonupload.gpg
    Using keyring: /usr/share/keyrings/debian-maintainers.gpg
    Signing key on 43DEF582F9E67111CE008917F2F11C23F00A2BE6 is not bound:
    Error: Policy rejected non-revocation signature (SubkeyBinding) requiring second pre-image resistance
    because: SHA1 is not considered secure since 2023-02-01T00:00:00Z >0 authenticated signatures, 1 bad key.
    Error: Verification failed: could not authenticate any signatures
    openpgp-check: error: cannot verify OpenPGP signature for bpfcc_0.31.0+ds-5_source.changes: no acceptable signature found
    dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed for bpfcc_0.31.0+ds-5_source.changes

    and

    @ dput bpfcc_0.31.0+ds-5_source.changes
    Uploading bpfcc using ftp to ftp-master (host: ftp.upload.debian.org; directory: /pub/UploadQueue/)
    running allowed-distribution: check whether a local profile permits uploads to the target distribution
    running protected-distribution: warn before uploading to distributions where a special policy applies
    running checksum: verify checksums before uploading
    running suite-mismatch: check the target distribution for common errors >running gpg: check GnuPG signatures before the upload
    Uploading bpfcc_0.31.0+ds-5.dsc
    Could not upload file bpfcc_0.31.0+ds-5.dsc: 229 Extended Passive Mode Entered (|||65245|).


    I'll try figure out the reason of this failure. Just wanted to keep you >informed that the issue is being taken care of.

    You might be workaround this by using an older dupload/dput, which
    still uses gpg, or maybe by changing the crypto policy [1].

    There might also be a possibility to update your key to use a
    stronger hash (using sqv). However I don't know what effect this has
    on your key in the Debian ecosystem.

    Chris

    [1] https://unix.stackexchange.com/a/789406

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Hofstaedtler@21:1/5 to All on Tue Mar 18 18:10:02 2025
    * Ritesh Raj Sarraf <rrs@debian.org> [250318 15:36]:
    Back again with my current status. So as I mentioned I was able to
    manage to upload to ftp-master. But I'm getting no usual email
    response, whether the package is accepted or rejected, like we all
    usually do.

    My guess is that my keys in the debian-keyring might still be using the
    old outdated sha1 keys. I'm going to wait for some more time before I
    file an email request with the Debian RT team.

    I can see this on usper.d.o:

    | Mar 18 10:47:10 processing /bpfcc_0.31.0+ds-5_source.changes
    | Mar 18 10:47:10 GnuPG signature check failed on bpfcc_0.31.0+ds-5_source.changes
    | Mar 18 10:47:10 (Exit status 2)
    | Mar 18 10:47:10 /bpfcc_0.31.0+ds-5_source.changes has bad PGP/GnuPG signature!
    | Mar 18 10:47:10 Removing /bpfcc_0.31.0+ds-5_source.changes, but keeping its associated files for now.

    So this looks like your key changes will take some time to get
    applied. Not sure how often this happens.

    Chris

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)