On Jun 17, 2024 8:57 PM, Russ Allbery <r...@debian.org> wrote:
> What signed artifact do I need to provide so that the FTP team will be > comfortable accepting my tag2upload-built source package? Signed .dsc and .changes files should be fine ... ;) > Note, importantly, that the source package contains things that are not in > the files present in the working tree of a local Git checkout of my source > package. Is this black magic? You wrote you have all in the git history, no? So it should be possible to write some automation then! > The > transformation that puts that data into a 3.0 (quilt) source package is > not rocket science, but it's not trivial either. Well, you decided to use this workflow and complication, so your fault ? :) > The problem comes when dak wants to verify the correspondence between that > data structure and the source package. It certainly can verify that my > Git tag is valid and it can verify that the tag specifies the correct > source package, version, and so forth. You seriously not expect Dak to build "from git". At some point some program will run and make a source package out of your git tree. Why is it a problem to run that same program on Salsa AND your laptop? > But if it wants to verify that the > construction of the debian/patches/* directory is correct, I think it > would have to perform the same transformation on my Git history that dgit > and tag2upload perform. How is this a problem? Are you doing packaging on a 8MHz computer? :) Cheers, Thomas Goirand (zigo)
