Ownership issue when repacking source in get-orig-source target
I was concerned about an issue Charles Plessy reported in a recent
thread on Debian Med when he realised that the directories in the
unpacked tarball are featuring his UID/GID. I simply looked into the
uscan source how it is be done there and found:
GZIP=-9 tar --owner=root --group=root --mode=a+rX -czf <target_tarball> <source_dir>
I think this is also to weak because gzip seems to have the behaviour to
not always create byte identical results without the option --no-name
(I did not checked but trusted other DDs who reported this) and thus the
complete command should rather be
GZIP="--best --no-name" tar --owner=root --group=root --mode=a+rX -czf <target_tarball> <source_dir>
I wonder whether we should rather implement a fool proof solution which
can be simply used in get-orig-source targets (and as well in uscan).
This would avoid random results and might be flexible enough to enable
changes at a single place in case further changes will be needed (so not
every single get-orig-source target needs to be touched. So I'd suggest
GZIP="--best --no-name" tar --owner=root --group=root --mode=a+rX -czf $1 $2
Well, suggestions for better names are welcome and some checking of the
arguments etc. might enhance this - but just to get the idea. This
script could be shipped with the devscripts package.
I'd volunteer to write a bug report including patch but I want to hear
your opinion first whether I did overlooked something.
What do you think