[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tarball in tarball: opinions

Jay Berkenbilt <qjb@debian.org> writes:

>  * I like to have an exact copy of the downloaded source tarball with
>    the same md5 checksum, gpg detached signature, etc.  Using the
>    rules/tarball.mk from cdbs provides a very convenient way of
>    handling this.

Have you considered the debian/rules 'get-orig-source' target as an
alternative way of achieving this? If done right, that would allow you
to do this kind of checking *and* still follow recommended practice of
using the upstream tarball as yours.

I'm envisaging the 'get-orig-source' could download the upstream
tarball and rename it, along with the checksum and signature files, do
any checks, and exit with an error status if they don't match. If
everything *does* match, the checksum etc. files are removed, leaving
the upstream tarball with the standard name.

 \      “I have a large seashell collection, which I keep scattered on |
  `\    the beaches all over the world. Maybe you've seen it.” —Steven |
_o__)                                                           Wright |
Ben Finney

Reply to: