Re: How to include information about a source package ?

To: debian-mentors@lists.debian.org
Subject: Re: How to include information about a source package ?
From: George Danchev <danchev@spnet.net>
Date: Sat, 29 Apr 2006 16:02:55 +0300
Message-id: <200604291602.56339.danchev@spnet.net>
In-reply-to: <87psj159cc.fsf@windlord.stanford.edu>
References: <20060428212050.GA4797@gevaerts.be> <20060429011609.GA17589@andromeda> <87psj159cc.fsf@windlord.stanford.edu>

On Saturday 29 April 2006 06:50, Russ Allbery wrote:
> Justin Pryzby <justinpryzby@users.sourceforge.net> writes:
--snip--
> > I think ./debian/copyright is relevant, and for saods9 I have made
> > mention in both places.  I feel that it should be a machine readable
> > copy, too, even if the comments are extra-descriptive.  But this is kind
> > of a PITA to do in practice, *especially* for a sponsored upload.  The
> > instructions for a sponsor would look like:
> >
> >   . open the .diff.gz in vim
> >   . cut out the README.Debian-source and get rid of the prefixing +'s
> >     (and perhaps ./debian/rules too)
> >   . mkdir debian
> >   . mv README.Debian-source ./debian/
> >   . chmod 755 ./debian/*
> >   . ./debian/rules get-orig-source
> >   . mv -iv ./newsource/saods9_*.orig.tar.gz ../
> >   . mv -iv saods9_*.diff.gz ../
> >   . tar xzf ../saods9_*.orig.tar.gz
> >   . zcat ../saods9_*.diff.gz |patch -p1
> >
> > which is about 10 items more than anyone sponsoring the pacakge will
> > want to deal with.  I tried to include that in the README.Debian-source,
> > but have given up for now.
>
> I don't understand.  Why would a sponsor do all of that rather than just
> obtaining your source package, studying the get-orig-source target,
> running the get-orig-source target, and then comparing the resulting
> .orig.tar.gz file with the one that came with your source package to make
> sure that they're identical?  I don't think I'm following what you're
> getting at with the above or why editing of the .diff.gz would be
> required.

Just to mention that when the get-orig-source target fetches the tarball it 
must be checked every-single time to prevent silently (intentionaly or not) 
changed tarball files under the builder's feet or indicate for incomplete 
downloads too. Here is a sample one I use sometimes (hm, this target should 
be generalized and put together in cdbs, dpatch or so to be reused and not 
reinvented every now and then which could be quite error prone ;-)

UPATH=ftp://ftp.bigserver.dom/directory
UFILE_ORIG=biona-mini-0.6.4b-src.tar.gz
UFILE=biona-mini_0.6.4b.orig.tar.gz
MD5TRUSTED=af8f830baf081e3a1cf39e9299cf1b86
MD5CURRENT=`md5sum $(UDIR)/$(UFILE) | awk '{print $$1}'`
.....
DEST_DIR = debian/biona-mini
TMP_DIR = $(DEST_DIR)
# debuild expects to find orig tarball in ../
UDIR = ..
SRC_DIR = .
TOP_DIR = biona_mini_src
BUILD_DIR = $(SRC_DIR)
....
....
....
get-orig-source:
	if [ ! -f $(UDIR)/$(UFILE) ] ; then \
		wget -O $(UDIR)/$(UFILE) $(UPATH)/$(UFILE_ORIG) ; \
	else \
		echo "Upstream source tarball have been already downloaded" ; \
	fi
	
	if [ "$(MD5CURRENT)" != "$(MD5TRUSTED)" ] ; then \
		echo "md5sum changed!" ; \
		false ; \
	else \
		echo "md5sum is ok!" ; \
	fi


-- 
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB

Reply to:

Follow-Ups:
- Re: How to include information about a source package ?
  - From: Russ Allbery <rra@debian.org>

References:
- How to include information about a source package ?
  - From: Frank Gevaerts <frank@gevaerts.be>
- Re: How to include information about a source package ?
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>
- Re: How to include information about a source package ?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: i18l, gettext and (X)dialog
Next by Date: Re: How to include information about a source package ?
Previous by thread: Re: How to include information about a source package ?
Next by thread: Re: How to include information about a source package ?
Index(es):
- Date
- Thread