aptly repo include reports an error when used for a backports distribution

[npf]

The changes file for a backported Debian packages (e.g. suffixed with ~bpo8+1) does not include a references for the orig.tar.gz tarball, nor is the file pushed by dput.

However, aptly tries to import the file.

Typical error output:

[!] Unable to import file /tmp/aptly259445817/oar_2.5.5~rc1.orig.tar.gz into pool: open /tmp/aptly259445817/oar_2.5.5~rc1.orig.tar.gz: no such file or directory
[!] Some files were skipped due to errors:
  oar_2.5.5~rc1-1~bpo8+1.dsc
ERROR: some files failed to be added

See the related changes files here: https://gist.github.com/npf/64a7432e6ae04e9fa0c6

[smira]

.changes file references orig.tar.gz:

 f59d49bd7a25aa5647b47a7fbbfd29d7275a7f54 4803977 oar_2.5.5~rc1.orig.tar.gz

[npf]

Hello,
not the changes file for the bpo (there are 2 files in my gist)

[npf]

Hello,

The same issue occurs with a new package release of a same upstream version: by default, dpkg buildpackage does not ship the orig.tar.gz file again.

For instance, uploading oar_2.5.5rc1-3 (3rd package release for upstream version 2.5.5rc1) , I get the error:

[!] Unable to import file /tmp/aptly971643183/oar_2.5.5~rc1.orig.tar.gz into pool: open /tmp/aptly971643183/oar_2.5.5~rc1.orig.tar.gz: no such file or directory
[!] Some files were skipped due to errors:
  oar_2.5.5~rc1-3.dsc
ERROR: some files failed to be added

See the second and third files of https://gist.github.com/npf/64a7432e6ae04e9fa0c6

[smira]

This sounds like a bug in aptly, but don't have time right now to investigate

[npf]

Section 5.6.21 of https://www.debian.org/doc/debian-policy/ch-controlfields.html, gives some specifications. Hope this could help.
Thanks for your reply.

[npf]

Hello, I see that issue #370 is closed, however, for the case I reported here, I'd like to mention that I still see the problem with aptly 1.0.1:

$ aptly version
aptly version: 1.0.1

First I include packages for sid (no error):

aptly repo -repo=sid_beta -no-remove-files=true -force-replace=true include incoming/oar_2.5.8~rc4-1_amd64.changes
gpgv: Signature made Mon 26 Jun 2017 10:55:12 PM CEST
gpgv:                using RSA key 60600425A3FE263CA4DFDD9DC9406ECEDB9F6404
gpgv: Good signature from "XXX"
Loading repository sid_beta for changes file oar_2.5.8~rc4-1_amd64.changes...
[+] liboar-perl_2.5.8~rc4-1_amd64 added
[+] oar-common-dbgsym_2.5.8~rc4-1_amd64 added
[+] oar-common_2.5.8~rc4-1_amd64 added
[+] oar-doc_2.5.8~rc4-1_all added
[+] oar-node_2.5.8~rc4-1_amd64 added
[+] oar-restful-api-dbgsym_2.5.8~rc4-1_amd64 added
[+] oar-restful-api_2.5.8~rc4-1_amd64 added
[+] oar-server-dbgsym_2.5.8~rc4-1_amd64 added
[+] oar-server-mysql_2.5.8~rc4-1_amd64 added
[+] oar-server-pgsql_2.5.8~rc4-1_amd64 added
[+] oar-server_2.5.8~rc4-1_amd64 added
[+] oar-user-dbgsym_2.5.8~rc4-1_amd64 added
[+] oar-user-mysql_2.5.8~rc4-1_amd64 added
[+] oar-user-pgsql_2.5.8~rc4-1_amd64 added
[+] oar-user_2.5.8~rc4-1_amd64 added
[+] oar-web-status_2.5.8~rc4-1_all added
[+] oar_2.5.8~rc4-1_source added

Then, including some backports, I get the error at the end:

aptly repo -repo=stretch-backports_beta -no-remove-files=true -force-replace=true include incoming/oar_2.5.8~rc4-1~bpo9+1_amd64.changes
gpgv: Signature made Tue 27 Jun 2017 10:08:23 AM CEST
gpgv:                using RSA key 60600425A3FE263CA4DFDD9DC9406ECEDB9F6404
gpgv: Good signature from "XXX"
Loading repository stretch-backports_beta for changes file oar_2.5.8~rc4-1~bpo9+1_amd64.changes...
[+] liboar-perl_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-common-dbgsym_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-common_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-doc_2.5.8~rc4-1~bpo9+1_all added
[+] oar-node_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-restful-api-dbgsym_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-restful-api_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-server-dbgsym_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-server-mysql_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-server-pgsql_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-server_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-user-dbgsym_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-user-mysql_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-user-pgsql_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-user_2.5.8~rc4-1~bpo9+1_amd64 added
[+] oar-web-status_2.5.8~rc4-1~bpo9+1_all added
[!] Unable to import file /tmp/aptly386260638/oar_2.5.8~rc4.orig.tar.gz into pool: open /tmp/aptly386260638/oar_2.5.8~rc4.orig.tar.gz: no such file or directory
[!] Some files were skipped due to errors:
  incoming/oar_2.5.8~rc4-1~bpo9+1.dsc
ERROR: some files failed to be added

Hope this is useful.
Thanks.

[smira]

Thanks for bringing this up, @npf. This has never been fixed, pushing to 1.2.0

[wwentland]

Does it work if you force the inclusion of the original source by passing -sa to dpkg-genchanges ? That way you should have a reference to the orig.tar.gz in the .changes file.

[npf]

Hi @BABILEN ,
Thanks for the tip ! the ERROR vanishes indeed.
(I'm using sbuild, so I actually added the --force-orig-source flag)

However, in my opinion, this is only a workaround, right ? This does not close the issue ?

aptly should be able to handle the cases where the original source is not included, which is the default behavior for backports, but also if not an initial package release of an upstream version of a software, e.g. software-x.y-r with r > 1, from what I understand ?

[wwentland]

The assumption is basically that the orig source is included if you upload a new package and, conversely, that you would only skip it if you have uploaded it previously (e.g. when uploading software-x.y-r you expect the orig source to have been included in software-x.y-1).

[npf]

@BABILEN : Yep agreed. Unless I'm mistaken the error appears even though the orig source was indeed uploaded previously with software-x-y-1.

[smira]

So basically when searching for matching files, we should expand our scope to aptly's internal package pool - if matching file is there, we can assume safely we can use it. If file is missing, we should give back error (like today). Does that make sense?

[wwentland]

@smira: That sounds about right. You essentially want to make sure that you can find the orig source tarball somewhere in the repo, but not enforce that it has to be included in the current upload if it is present already.

[smira]

Should be fixed now, fix available in nightly build aptly_1.1.1+35+g5ef45bd

[wwentland]

Cheers!

[npf]

Thanks for fixing!