[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1081131: RFS: emacs-oauth2/0.17-1 [ITP] -- OAuth 2.0 Authorization Protocol

Phil Wyett <philip.wyett@kathenas.org> writes:

> On Tue, 2024-09-10 at 08:54 +0100, Phil Wyett wrote:
>> On Tue, 2024-09-10 at 00:25 -0700, Xiyue Deng wrote:
>> > Xiyue Deng <manphiz@gmail.com> writes:
>> > 
>> > > Phil Wyett <philip.wyett@kathenas.org> writes:
>> > > 
>> > > > On Sun, 2024-09-08 at 14:21 -0700, Xiyue Deng wrote:
>> > > > > Phil Wyett <philip.wyett@kathenas.org> writes:
>> > > > > 
>> > > > > > Control: tags -1 +moreinfo
>> > > > > > 
>> > > > > > Xiyue,
>> > > > > > 
>> > > > > > Preamble...
>> > > > > > 
>> > > > > > Thank you for taking the time to prepare this package and your contribution
>> > > > > > to the Debian project.
>> > > > > > 
>> > > > > > The review below is for assistance. This review is offered to help package
>> > > > > > submitters to Debian mentors inorder to improve their packages prior to
>> > > > > > possible sponsorship into Debian. There is no obligation on behalf of the
>> > > > > > submitter to make any alterations based upon information provided in the
>> > > > > > review.
>> > > > > > 
>> > > > > > Review...
>> > > > > > 
>> > > > > > 1. Build:
>> > > > > > 
>> > > > > >   * pbuilder [1]: Good
>> > > > > >   * sbuild [2]: Good
>> > > > > > 
>> > > > > > 2. Lintian [3]: Good
>> > > > > > 
>> > > > > > 3. Licenses [4]: Good
>> > > > > > 
>> > > > > > 4. Watch file [uscan --force-download]: Issue
>> > > > > > 
>> > > > > > philwyett@ks-tarkin:~/Development/builder/debian/mentoring/emacs-oauth2-0.17$
>> > > > > > uscan --force-download 
>> > > > > > uscan warn: Possible OpenPGP signature found at:
>> > > > > >    https://elpa.gnu.org/packages/oauth2-0.17.tar.sig
>> > > > > >  * Add opts=pgpsigurlmangle=s/$/.sig/ or opts=pgpmode=auto to debian/watch
>> > > > > >  * Add debian/upstream/signing-key.asc.
>> > > > > >  See uscan(1) for more details
>> > > > > > uscan: error: tar is not a supported compression
>> > > > > 
>> > > > > Note that on GNU ELPA (GNU Emacs Lisp Package Archive) tar is the
>> > > > > default option used by all packages.  I think this can be considered as
>> > > > > a restriction on uscan which should support tar.
>> > > > > 
>> > > > > On the other hand, I'm mainly using uscan to check for new upstream
>> > > > > version.  The Salsa repository uses DEP14 recommended layout and doesn't
>> > > > > use pristine-tar but tags and "git deborig" for generating the tarball
>> > > > > for Debian archive (which will be in .tar.xz), so this is not an actual
>> > > > > issue.
>> > > > > 
>> > > > > Hope this helps clarify the situation :)
>> > > > > 
>> > > > > 
>> > > > 
>> > > > Hi,
>> > > > 
>> > > > I feel tar support in uscan is not a discussion for Debian Mentors. An
>> > > > appropriate bug filed elsewhere to start a discussion is a better course.
>> > > > 
>> > > 
>> > > A bit of a backtrack: I was puzzled when you mentioned that uscan had an
>> > > error when running with "--force-download" because it worked for me.
>> > > Then I realized that I was running Bookworm which has an older version
>> > > of devscripts and uscan somehow still created the archive after it
>> > > didn't detect any compression suffix so it kind of worked by
>> > > unexpectedly.  I manually backported devscripts 2.23.7 and can reproduce
>> > > the issue.  I have filed Bug#1081182 for tracking this.
>> > > 
>> > > > We work with what we have. If a working 'debian/watch' file is not possible
>> > > > in the package, it would in my opinion be best to remove it.
>> > > > 
>> > > 
>> > > In fact, "uscan --report-status" still works and can be used for
>> > > detecting new versions.  I wonder whether UDD or qa.debian.org requires
>> > > actually downloading the newer archive for detecting newer versions, and
>> > > if "--report-status" is sufficient, maybe we can keep it as-is as I'm
>> > > not using pristine-tar anyway.  Alternatively, I can change it to track
>> > > the git head instead if desired.
>> > > 
>> > 
>> > When debugging another issue with watch file result (Bug#1081249) I
>> > found that DDPO may be using "uscan --dehs" for detecting newer
>> > versions.  The command succeeded and output the following for
>> > emacs-oauth2:
>> > 
>> > ,----
>> > > $ uscan --dehs
>> > > <dehs>
>> > > <package>emacs-oauth2</package>
>> > > <debian-uversion>0.17</debian-uversion>
>> > > <debian-mangled-uversion>0.17</debian-mangled-uversion>
>> > > <upstream-version>0.17</upstream-version>
>> > > <upstream-url>https://elpa.gnu.org/packages/oauth2-0.17.tar</upstream-url>
>> > > <status>up to date</status>
>> > > </dehs>
>> > `----
>> > 
>> > So hopefully this is good enough for new-version-detection purpose.
>> > 
>> > > 
>> > 
>> 
>> Hi,
>> 
>> The test as is "uscan --force-download" caters primarily for submissions to
>> Mentors, so packaged and with a ".dsc" file. A test that could be used is
>> "uscan --download-current-version". Both will error as ".tar" is not
>> supported.
>> 
>> You could do an RFS with link to a packages git only. This would indicate to
>> me we are using original generation from the git repository and not download
>> from watch, so I can generally ignore the watch file for fetching the
>> original archive.
>> 
>> In the case of the above paragraph, if a developer could add the below
>> comment or similar to the Debian watch file.
>> 
>> # Used to watch for upstream releases only. To test use "uscan --dehs".
>> 
>> Seem sensible?

Definitely!  I have pushed the change to the team repo[1] and rebuilt
and re-uploaded the package to mentors.  PTAL.

>> 
>> Regards
>> 
>> Phil
>> 
>
> Hi,
>
> Side note... Using git only has advantages.
>
> * Many DDs prefer or will only work from git (Salsa).
> * We know the git (Salsa) is up to date when sponsored.
>

This sounds interesting.  How do I make the RFS git-only?

> Regards
>
> Phil
>
> -- 
>
> "I play the game for the game’s own sake"
>
> Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans
>
> --
>
> Buy Me A Coffee: https://buymeacoffee.com/kathenasorg
>
> Internet Relay Chat (IRC): kathenas
>
> Matrix: #kathenas:matrix.org
>
> Website: https://kathenas.org
>
> Instagram: https://instagram.com/kathenasorg/
>
> Threads: https://www.threads.net/@kathenasorg

[1] https://salsa.debian.org/emacsen-team/emacs-oauth2/-/commit/5be0b3a239a044fa07f712479067b80ef0192f41

-- 
Xiyue Deng
Reply to: