> > If there really is a problem with those files I would appreciate your > > letting me know what I missed. Otherwise I hope you can avoid the > > repacking trouble in the future. > Probably not, but the repacking is not trouble. Without a good reason, you really shouldn't repack [1]. I do not understand your motivation for removing those files since they don't end up in the binary packages. Repacking means that you, collaborators, and volunteers working on quality assurance can't * use tools like uupdate to upgrade to a new upstream version very easily * can't verify the tarball against upstream's signature * package those parts being removed from Coreboot later on without duplicating effort into another source package Perhaps you're not aware that it is typical to disregard parts of the package that aren't built (yet). Otherwise I would like to know what advantage it has for my own potential applications, and you should explain in debian/copyright how the source differs [2]. > You can save you that pain. I already stole your watch file, now it > says: > E: coreboot source: debian-watch-file-pubkey-file-is-missing I thought I had sent a merge request, but seeing no trace I must not have. I wanted it to have an explanation of how to modify the watch file to do the repacking for you. It's necessary to put the Coreboot team's minimal OpenPGP key in debian/upstream/signing-key.asc, and I didn't do it because of the sensitivity of the key material. The wiki [3] explains what you need to do, and to determine the key you need, GnuPG will say or complain which if you try verifying the tarball. [1] https://perl-team.pages.debian.net/howto/repacking.html#0._INTRODUCTION [2] https://wiki.debian.org/BenFinney/software/repack [3] https://wiki.debian.org/debian/watch#Cryptographic_signature_verification
Attachment:
signature.asc
Description: This is a digitally signed message part.