Hi Bagas, Andrey Rahmatullin <firstname.lastname@example.org> writes: > On Sat, Mar 07, 2020 at 03:47:56PM +0700, Bagas Sanjaya wrote: >> > Packages must be self-contained, using only their contents and the Debian >> > repo during the build process. There are multiple technical and >> > non-technical reasons for this requirement, including knowing that the >> > package is DFSG-compliant and being able to always rebuild the package. >> But I found that `configure` script shipped with the OLS sources also invoke >> `git-clone` > So? That's unacceptable too. > In other words, here are a few options to investigate: 1) ask upstream to provide a standard configure script that doesn't depend on network access and to move the convenience stuff to build.sh, 2) or define overrides in rules to ignore the upstream-provided build.sh and configure scripts (CMake + accurate build-deps in control should be enough to build the package), 3) or patch these scripts, 4) or maintain a custom Debian-specific rules or build script. These options are ranked from most to least desirable btw. I'm assuming there aren't custom network-dependent CMake targets and that the Policy violating stuff is limited to build.sh and configure. I would generally test if #2 works, because upstream may respond to #1 with "have you tried ignoring build.sh and configure and using plain CMake"...so imho testing #2 is a due diligence thing, but not everyone will agree on this point ;-) Regards, Nicholas P.S. There should be CMake-specific packaging info in one of the docs listed at https://www.debian.org/doc/devel-manuals eg: CMake shouldn't need build.sh or configure, and if it does then that would sound like an actionable upstream bug.
Description: PGP signature