I'm trying to build the newest snmp packages on debian jessie.
However, https://packages.debian.org/jessie/snmp seems to show conflicting information. The page heading reads:
Package: snmp (5.7.2.1+dfsg-1+deb8u1 and others) [security]
And the link to the source package, net-snmp_5.7.2.1+dfsg-1+deb8u1.dsc has the exact same version string.
But towards the bottom, under "Download snmp", one can download version 5.7.2.1+dfsg-1+deb8u1+b1. Where does the +b1-suffix in the downloadable version come from?
http://security.debian.org/dists/jessie/updates/main/binary-amd64/Packages.gz
seems to agree that the downloadable version contains +b1 but the source package version doesn't:
> curl http://security.debian.org/dists/jessie/updates/main/binary-amd64/Packages.gz 2>/dev/null | zgrep -A 2 '^Package: snmp$'
Package: snmp
Source: net-snmp (5.7.2.1+dfsg-1+deb8u1)
Version: 5.7.2.1+dfsg-1+deb8u1+b1
When I try to build the packages from source with dget http://security.debian.org/debian-security/pool/updates/main/n/net-snmp/net-snmp_5.7.2.1+dfsg-1+deb8u1.dsc and cowbuilder I get packages built with file names like this: snmp_5.7.2.1+dfsg-1+deb8u1_amd64.deb (without the +b1 in the version), just as I would expect. I've grepped fro b1 in the unpacked net-snmp-5.7.2.1+dfsg folder generated by dget and don't find anything that should append +b1 to the package name.
I've also tried to clone git://anonscm.debian.org/pkg-net-snmp/pkg-net-snmp.git which is mentioned by net-snmp-5.7.2.1+dfsg/debian/control but there are no tags for either version. The most relevant tag seems to be debian/5.7.2.1+dfsg-1 without even the +deb8u1. Never mind.
So how do I build the 5.7.2.1+dfsg-1+deb8u1+b1 version of the snmp packages that apt wants to install? Do I have the right version of the source package? If not, where should I get it?
This is how you download the sources for any package on any debian-derived distribution:
It does not matter what websity X or Y says - they could be outdated, refer to different repositories than configured on your system, etc etc.. let apt figure out the details (and, perhaps more important: the verification of signatures).
About the
+b#suffix, which is explained here, it is not relevant in this context, as it does not indicate a change in the source package. It is merely there to notify the package managers to upgrade the binary - a binary produced from the unchanged source but with potentially changed build environment.What happens to change logs? The release team can push the change log in their wanna-build request, so after the next release, there might be no trace of the
+b#versions: