From 7570d2daab66a952bd4b58eccbc33f36a207e1ca Mon Sep 17 00:00:00 2001
From: Markus Fritsche <mfritsche@reauktion.de>
Date: Wed, 20 May 2026 16:37:30 +0200
Subject: [PATCH] check-already-published.sh: use dpkg vercmp for debian (skip
 when pool >= source)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Old logic curl-HEAD-checked an exact pkgname_pkgver-pkgrel_arch.deb URL.
That breaks when source PKGREL has rolled back below pools current head:
reprepro rejects the lower-version upload but our exact-URL check still
404s, so CI rebuilds the package on EVERY push without ever updating
the pool — endless rebuild trap.

New logic parses the canonical Packages index (what apt consults) and
uses dpkg --compare-versions to skip iff pool >= source.

Pool view today:
- ffmpeg-v4l2-request-fourier: pool=2:8.1+rfourier+gb57fbbe-4 vs
                               source=2:8.1+rfourier+gb57fbbe-2
                               4 >= 2 → skip (was: 404 → rebuild)
- mpv-fourier:                 pool=1:0.41.0+rfourier-3 vs
                               source=1:0.41.0+rfourier-1
                               3 >= 1 → skip (was: 404 → rebuild)

set +o pipefail before the curl|awk pipeline — awks early `exit`
closes the pipe, curl gets SIGPIPE and returns 23 ("Failure writing
output"), which under our pipefail/-e header aborts the script with
empty pool_ver. Localised pipefail-off keeps the global -euo behaviour
elsewhere.
---
 .gitea/scripts/check-already-published.sh | 28 +++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/.gitea/scripts/check-already-published.sh b/.gitea/scripts/check-already-published.sh
index 1c19dc853..21f000e15 100755
--- a/.gitea/scripts/check-already-published.sh
+++ b/.gitea/scripts/check-already-published.sh
@@ -193,13 +193,33 @@ debian)
   esac
 
   pkg_name=$(basename "$RECIPE_DIR")
-  first_letter="${pkg_name:0:1}"
 
-  url="${REPO_BASE}/debian/pool/main/${first_letter}/${pkg_name}/${pkg_name}_${ver_full}_${file_arch}.deb"
-  code=$(http_head "$url")
-  if [ "$code" = "200" ]; then
+  # Compare against the canonical Packages index (what apt actually
+  # consults).  reprepro refuses lower-version uploads, so checking
+  # only an exact source-pkgrel URL produces an endless-rebuild trap
+  # whenever source PKGREL has rolled back below pool head.  We skip
+  # if pools published version >= source version-tuple.
+  source_full="${ver_full}"
+  if [ -n "${PKGVER#*:}" ] && [ "${PKGVER}" != "${PKGVER#*:}" ]; then
+    # PKGVER had an epoch — keep it for dpkg --compare-versions.
+    source_full="${PKGVER}-${PKGREL}"
+  fi
+
+  # Determine suite: most recipes publish to both bookworm and trixie;
+  # checking trixie is sufficient (changelogs share Distribution).
+  suite="trixie"
+  pkg_arch_label="$file_arch"
+  [ "$file_arch" = "all" ] && pkg_arch_label="all"
+  packages_url="${REPO_BASE}/debian/dists/${suite}/main/binary-arm64/Packages"
+  [ "$file_arch" = "amd64" ] && packages_url="${REPO_BASE}/debian/dists/${suite}/main/binary-amd64/Packages"
+
+  pool_ver=$(set +o pipefail; curl -sS --max-time "$HEAD_TIMEOUT" "$packages_url" 2>/dev/null     | awk -v p="$pkg_name" '$1=="Package:" && $2==p {found=1; next} found && $1=="Version:" {print $2; exit}')
+
+  if [ -n "$pool_ver" ] && command -v dpkg >/dev/null &&        dpkg --compare-versions "$pool_ver" ge "$source_full"; then
+    echo "pool has $pool_ver >= source $source_full" >&2
     emit 1
   fi
+  echo "pool has $pool_ver, source wants $source_full — build" >&2
   emit 0
   ;;