Ubuntu
dpkg package

dpkg-source should fail if maintainer is not ubuntu and DEBEMAIL contains @canonical.com

Bug #1951988 reported by William Wilson
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dpkg (Debian)
Fix Released
Unknown
dpkg (Ubuntu)
Fix Released
Low
Unassigned
Focal
Fix Released
Undecided
Brian Murray
Impish
Fix Released
Undecided
Brian Murray

Bug Description

[Impact]
dpkg-source will do a check for a scenario where the maintainer field in d/control does not contain "ubuntu" and the DEBEMAIL environment variable ends in @ubuntu.com. There are some Canonical employees that use an @canonical.com email address instead, so we should expand this check to also trigger on DEBEMAIL values that end in @canonical.com

[Test Case]
In a source package that doesn't have XSBC-Original-Maintainer set run
1) <email address hidden> debuild -i -I -S -d

With version of the dpkg in the release pocket you'll receive a warning, with the version of the package from -updates you'll instead receive an error.

dpkg-source: error: Version number suggests Ubuntu changes, but Maintainer: does not have Ubuntu address
dpkg-source: info: using options from sed-4.8/debian/source/options: --single-debian-patch --auto-commit
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-buildpackage: error: dpkg-source -i.pc* -I.bzr -I.svn -ICVS -I.pc -i -I -b . subprocess returned exit status 2
debuild: fatal error at line 1182:
dpkg-buildpackage -us -uc -ui -i.pc* -I.bzr -I.svn -ICVS -I.pc -i -I -S -d failed

[Other Info]
Having every Ubuntu user update dpkg for a change that'll only benefit Ubuntu developers seems like a bit much. So instead we'll stage this in -proposed and in the event there is an SRU of dpkg or a security update we'll get this included.

See original description
Revision history for this message
William Wilson (jawn-smith) wrote :
Changed in dpkg (Ubuntu):
status: New → Confirmed
summary: - dpkg-source should fail if maintainer is wrong and DEBEMAIL contains
- @canonical.com
+ dpkg-source should fail if maintainer is not ubuntu and DEBEMAIL
+ contains @canonical.com
Revision history for this message
Simon Quigley (tsimonq2) wrote :

While I agree that this patch would be useful, it should be upstreamed first.

Revision history for this message
William Wilson (jawn-smith) wrote :

tsimonq2: I have submitted the patch to Debian and linked the bug number here.

Bug Watch Updater (bug-watch-updater)
Changed in dpkg (Debian):
status: Unknown → New
Mathew Hodson (mhodson)
Changed in dpkg (Ubuntu):
importance: Undecided → Low
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dpkg - 1.20.9ubuntu3

---------------
dpkg (1.20.9ubuntu3) jammy; urgency=medium

  * scripts/Dpkg/Vendor/Ubuntu.pm: When checking for the correct
    maintainer field, also look for canonical.com email addresses
    (LP: #1951988)

 -- William 'jawn-smith' Wilson <email address hidden> Thu, 02 Dec 2021 15:38:08 -0600

Changed in dpkg (Ubuntu):
status: Confirmed → Fix Released
Brian Murray (brian-murray)
Changed in dpkg (Ubuntu Focal):
status: New → In Progress
Changed in dpkg (Ubuntu Impish):
status: New → In Progress
Changed in dpkg (Ubuntu Focal):
assignee: nobody → Brian Murray (brian-murray)
Changed in dpkg (Ubuntu Impish):
assignee: nobody → Brian Murray (brian-murray)
Brian Murray (brian-murray)
description: updated
Brian Murray (brian-murray)
tags: added: block-proposed-focal block-proposed-impish
Brian Murray (brian-murray)
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

+1 on getting this into -proposed but not releasing into -updates *for now*. Thanks for the block-proposed tags!

Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello William, or anyone else affected,

Accepted dpkg into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dpkg/1.20.9ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in dpkg (Ubuntu Impish):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-impish
Changed in dpkg (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello William, or anyone else affected,

Accepted dpkg into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dpkg/1.19.7ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (dpkg/1.19.7ubuntu3.1)

All autopkgtests for the newly accepted dpkg (1.19.7ubuntu3.1) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

pkg-perl-tools/0.59 (armhf)
nftables/0.9.3-2 (armhf)
perl/5.30.0-9ubuntu0.2 (armhf)
reprotest/0.7.14 (amd64)
pkg-components/0.13 (armhf)
python-sysv-ipc/1.0.0-2build1 (armhf)
dgit/9.10 (arm64, armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#dpkg

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (dpkg/1.20.9ubuntu2.1)

All autopkgtests for the newly accepted dpkg (1.20.9ubuntu2.1) for impish have finished running.
The following regressions have been reported in tests triggered by the package:

pdl/1:2.025-1 (armhf)
systemd/248.3-1ubuntu8 (amd64)
libreoffice/1:7.2.3-0ubuntu0.21.10.1 (armhf)
pkg-config/0.29.2-1ubuntu1 (armhf)
pudb/2020.1-1 (armhf)
needrestart/3.5-4ubuntu2 (armhf)
openssh/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/impish/update_excuses.html#dpkg

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Bug Watch Updater (bug-watch-updater)
Changed in dpkg (Debian):
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

These changes were included as part of the latest security update.

Changed in dpkg (Ubuntu Focal):
status: Fix Committed → Fix Released
Changed in dpkg (Ubuntu Impish):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.