Bug #17493
open
deb Packages changing within the same version
Description
Some packages on the deb.theforeman.org repo have been repeatingly changed but the version number stayed the same.
I noticed that because I maintain an archive of packages from this repo.
I see this happening for at least the following packages on both trusty and xenial:
foreman:
ruby-hammer-cli_0.7.0-1_all
ruby-dynflow_0.8.11-1_all
ruby-libvirt_0.6.0-2_amd64
foreman-plugins:
ruby-foreman-default-hostgroup_4.0.0-1_all
ruby-foreman-bootdisk_8.0.2-1_all
ruby-foreman-ansible_1.0-1_all
ruby-foreman-azure_1.0.1-1_all
ruby-foreman-templates_3.0.0-1_all
ruby-foreman-templates_3.1.0-1_all
ruby-foreman-xen_0.3.1-1_all
ruby-smart-proxy-salt_2.1.7-1_all
ruby-smart-proxy-chef_0.1.8-1_all
ruby-puppetdb-foreman_1.0.4-1_all
ruby-foreman-cockpit_2.0.2-1_all
Example:
First I have got ruby-foreman-azure_1.0.1-1_all.deb with md5sum 6f6b4e7e545bbb4f0c42b12b2d24175d, a few days later you provided ruby-foreman-azure_1.0.1-1_all.deb with md5sum 6878d695bc006ee74602d1f2cf518752. When I compare the content of both packages, the diff is only a diffent date in /var/lib/foreman/public/assets/foreman_azure/foreman_azure.json.
diff r ruby-foreman-azure_1.0.1-1_all/var/lib/foreman/public/assets/foreman_azure/foreman_azure.json ruby-foreman-azure_1.0.1-1_all2/var/lib/foreman/public/assets/foreman_azure/foreman_azure.json
1c1
< {"files":{"foreman_azure/host_os_azure_selected-a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc.js":{"logical_path":"foreman_azure/host_os_azure_selected.js","mtime":"2016-06-07T07:29:12+00:00","size":500,"digest":"a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc","integrity":"sha256-of9XzyMDC3cDRyQDxQ3ElED/g+FxDS+3Oxy//4Wl2bw="}},"assets":{"foreman_azure/host_os_azure_selected.js":"foreman_azure/host_os_azure_selected-a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc.js"}}
\ No newline at end of file
--
{"files":{"foreman_azure/host_os_azure_selected-a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc.js":{"logical_path":"foreman_azure/host_os_azure_selected.js","mtime":"2016-06-03T08:39:35+00:00","size":500,"digest":"a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc","integrity":"sha256-of9XzyMDC3cDRyQDxQ3ElED/g+FxDS+3Oxy//4Wl2bw="}},"assets":{"foreman_azure/host_os_azure_selected.js":"foreman_azure/host_os_azure_selected-a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc.js"}}
\ No newline at end of file
Binary files ruby-foreman-azure_1.0.1-1_all/var/lib/foreman/public/assets/foreman_azure/host_os_azure_selected-a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc.js.gz and ruby-foreman-azure_1.0.1-1_all2/var/lib/foreman/public/assets/foreman_azure/host_os_azure_selected-a1ff57cf23030b7703472403c50dc49440ff83e1710d2fb73b1cbfff85a5d9bc.js.gz differ
The content of a package should not change without a change of the version.
Please ensure that you do not republish packages with different content.
Updated by Dominic Cleal over 7 years ago
- Status changed from New to Feedback
Are you looking at files across different components (Foreman versions)? There will be a ruby-foreman_azure-1.0.1 built for say, 1.11, 1.12 and 1.13 all separately as they may have changes.
Looking at the timestamps and MD5s provided, I think you're comparing these different files:
http://deb.theforeman.org/pool/plugins/1.11/r/ruby-foreman-azure/
http://deb.theforeman.org/pool/plugins/1.12/r/ruby-foreman-azure/
http://deb.theforeman.org/pool/plugins/1.13/r/ruby-foreman-azure/
Updated by S W over 7 years ago
I am fetching packages from "stable" (http://deb.theforeman.org/pool/plugins/stable) which may explain the issue if it changes its reference to another version quite often.
Updated by Dominic Cleal over 7 years ago
- Status changed from Feedback to New
Yes, it will change about every three months. It's perhaps best to use the named versions and clear your copies when changing versions if possible.
This will happen in a couple of cases where packages are built on version branches:
- plugins
- dependency packages
For RPMs we introduced a suffix to give plugins different version numbers, while for RPMs we tag/copy dependencies between releases rather than building per-component.
Updated by S W over 7 years ago
Using the named versions is not really an option in my use-case and using the stable branch should not break Debian package tools because your repo does not follow the rules. If a component has not been changed between versions, you should copy the existing package instead of rebuilding it with the same name but different content. As an alternative, you could tag the release in the package version.