[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#626476: lintian: reduce dpkg-dev to Suggests

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2011-05-17 18:16, Colin Watson wrote:
> On Sat, May 14, 2011 at 07:50:45PM +0200, Niels Thykier wrote:
>> On 2011-05-13 11:19, Niels Thykier wrote:
>>> I had a short chat with Raphaël Hertzog (buxy) in #debian-qa about this
>>> and he said that the unpacking part of the module was rather stable and
>>> "it's certainly ok as a fallback when dpkg-source is not there".
>>>
>>> So as long as we only need dpkg-source -x (and not dpkg-source -b) we
>>> can use libdpkg-perl.
>>
>> Functional proof-of-concept patch; simply apply and profit!  The code is
>> stolen from dpkg-source and cooked down a bit (... a lot).
>>
>> The patch here disables dpkg-source unpacking all together (saves you
>> from peeling out dpkg-dev from a system).
> 
> That's a bit further than what Raphaël said this API was OK for - not
> just "a fallback when dpkg-source is not there".  Have you
> double-checked that with him?
> 

It was not my intention to apply this patch as is.  The argument for
disabling the dpkg-source usage was to ease your job as a tester (so you
did not have to uninstall dpkg-dev from your machines).

>> The patch does not account for updating the Lintian Depends; I suspect
>> that dpkg-dev should be replaced with bzip2, xz-utils and
>> libdpkg-perl.  The former two can be most likely be left out if you
>> know there are no bz2 / xz / lmza sources.
> 
> Or perhaps we can just rely on libdpkg-perl's Recommends of bzip2 and
> xz-utils?
> 

Possibly, I hope some of the other Lintian maintainers have a comment on
this.  Should we just go with Depends: dpkg-dev | libdpkg-perl or do we
want ...

Recommends: dpkg-dev
Depends/Recommends: bzip2, xz-utils

?

>> I had to redirect STDOUT of unpacked to keeping it the unpack process
>> quiet (otherwise it would break the output format of Lintian)[1].
> 
> You're right that Dpkg::ErrorHandling::report_options isn't marked as
> stable, but shouldn't we at least be using options => { quiet => 1 } as
> an argument to Dpkg::Source::Package->new as well as this, to match
> dpkg-source -q?  It doesn't do much right now, but in principle it seems
> as though it might avoid noise on stderr.
>

Sure, I can add that.


>> +        libdpkg_unpack_dsc ('dsc', 'unpacked');
> 
> Style nit: no space before the open parenthesis.
> 

Right...

>> +sub libdpkg_unpack_dsc {
>> +    my ($dsc, $target) = @_;
>> +    require Dpkg::Source::Package;
>> +    open(STDOUT, '>', '/dev/null') or fail "Redirecting stdout failed: $!";
>> +    # Create the object that does everything
>> +    my $srcpkg = Dpkg::Source::Package->new(filename => $dsc);
>> +
>> +    $srcpkg->check_checksums();
>> +
>> +    # Unpack the source package (delegated to Dpkg::Source::Package::*)
>> +    $srcpkg->extract($target);
>> +    return 1;
>> +}
> 
> This drops the signature check currently performed by dpkg-source, so it
> changes Lintian's behaviour to (a) accept .dsc files with bad signatures
> and (b) stop issuing a warning for unsigned .dsc files.  This seems
> undesirable.
> 
> Aside from that, the patch does seem to work as advertised.  Thanks!
> 

Actually as far as I can tell, we do not get any warnings on unsigned
source packages (possibly due to the -q option), but sure, checking
signatures should not be an issue either.

~Niels

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJN0qrIAAoJEAVLu599gGRCKnwP/09LXM1Ot3G5UGuWXaEESuvO
kfH3/Q7OoGz5oqa3DqkcYcIlyD1cdDwD1f7aJKbVaTtlNa7obwMRNBoO48uDX0Zn
Y205vlnZXUUubyjCrl5c8/JJEoLktRIsZgBMSPBmcOrpEDMunWS64CZbj2B/MZzk
BTzrZrcc/DdvVvuNNbbwM4KNzHUN4l23njsnHI8sTPcpSHQ8xYT5EUxXU0IftEkP
32SSOgQarG4ijRZqDqZWiGuidIhEl5lgLlbN+5ag8ElIcVnAgPZ+LOpPPTDgfsWW
COVOKeKlyZs3qUn5tYS8vOlc3bNnjmhT/g+OgnNdWdLq5iU+LonZFKwYWhRWnOz6
hjC3YaB4MziRYxcjeIZYWxM8vYy/k/QnA7vevip/bQ36UMHTY9dpEvFfVN2RRydl
4RugmVSNGlfkIc0nHT0RCTVfTzQsWpjYRwH/DbIlv4TDg6qkqbZJjmVH4717t1ik
UBtJg842Q5CrMWqCx+6mQ4AZDMhvjZABmzESOpj3vleHRn/RlGANfn5kEZjNlrhN
VhPgO0awx+Rs55mF4Lcb4t8cH089s90enQkCmZklOI1MXlMsnhQol30Ru+rZsjPl
Ipbt0/y6kXtHjxMoRzj6LHq5lUtSsFDuaVod6h8Z81cUEij4cNcwPMXoOamxEfom
Uflp27Q8cRRJ5tYUEJ5N
=I+qh
-----END PGP SIGNATURE-----
Reply to: