[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates)

On Tue, May 28, 2019 at 6:21 AM Emmanuel Bourg <ebourg@apache.org> wrote:
> Le 28/05/2019 à 11:11, Paul Wise a écrit :
> > FTR, uscan is now flexible enough that it can apply arbitrary
> > transformations to the HTML and download URL so it is easy enough to
> > create a watch file that works:
> >
> > version=4
> > opts="pagemangle=s{<a
> > href=\"/jdk-updates/jdk11u/rev/[^\"]*\">\s*(jdk-11\.[^<\s]*)}{<a
> > href=\"archive/$1.tar.gz">$1}g" \
> > https://hg.openjdk.java.net/jdk-updates/jdk11u/tags \
> > .*/jdk-(.*).tar.gz
> >
> > $ uscan --watchfile watch --package openjdk --upstream-version 0
> > uscan: Newest version of openjdk on remote site is 11.0.4+4, local version is 0
> > uscan:    => Newer package available from
> >       https://hg.openjdk.java.net/jdk-updates/jdk11u/archive/jdk-11.0.4+4.tar.gz
> Thank you Paul. After I posted the previous message I dug into the uscan
> documentation and found the new pagemangle option.
> Here is the watch file I wrote to match the OpenJDK 11 GA releases:
> version=4
> opts="repack,compression=xz,pagemangle=s%(jdk-.*)%<a
> href='http://hg.openjdk.java.net/jdk-updates/jdk11u/archive/$1.tar.gz'>$1</a>%g"
> \
> http://hg.openjdk.java.net/jdk-updates/jdk11u-dev/tags
> .*/archive/jdk-(11\..*)-ga.tar.gz
> Emmanuel Bourg


Bellow is the watch file that I have been using for openjdk-11 in
Ubuntu which was not copied to Debian. It tracks the upstream tarballs
that RedHat has been generating since they got project leadership for
OpenJDK 11. Kudos to RedHat for such tarballs!

opts=pgpmode=auto https://openjdk-sources.osci.io/openjdk11/

They only provide tarballs for official releases, so one would find
only "GA" equivalent tags there. My aim is to use those tarballs to
generate Ubuntu security updates for our openjdk-11 package. I would
appreciate feedback on why this is better or worse than following the
mercurial tags for the official releases. The advantage I see is that
the tarballs are signed and do not need to be repacked, the downside
being that such watch file cannot track "pre"-releases (as that helps
testing the pre-releases) and won't work for openjdk-12 or openjdk-13
as Oracle does no such tarballs releases.

And compared to the "previous" way of updating openjdk-11 (ie. running
"debian/rule get-orig") it won't clear up the tree from some system
libraries - I don't find that to be a problem for builds, in all the
tests I did the libraries don't get used due to the configure flags we
(already) set. Matthias did mention something about the licenses from
those libraries. I tested adding Files-Excluded rules to
debian/copyright, which worked okay-ish: libjavajpeg required manually
listing files as a couple need to be kept, so does not scale that well
when new files get added (somebody will need to notice it and manually
add them to the list).

Emmanuel and Paul,

Great work on getting a watch file that works with the mercurial tags!
I know it is only meant to tracks ga, but with a few tweaks it can be
used to track pre-releases which might help testing those.


Tiago Stürmer Daitx
Software Engineer

PGP Key: 4096R/F5B213BE (hkp://keyserver.ubuntu.com)
Fingerprint = 45D0 FE5A 8109 1E91 866E  8CA4 1931 8D5E F5B2 13BE

Reply to: