Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
Hi Nicholas,
> orig-tarball-missing-upstream-signature is triggered when upstream
> signs their uncompressed tarball instead of tarball.{gz,bz2,xz}.
[…]
> For the record, is it now necessary to repack the orig.tar for cases
> like these?
I'm unsure I'm afraid, but my gut reaction is tha that does not sound
like the best tradeoff here... :/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
Hi Chris!
On Sun, Aug 13, 2017 at 02:37:32PM -0400, Chris Lamb wrote:
> tags 871957 + pending
> thanks
>
> Added the "repack" bit here:
>
>
> https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=6094948b0e09b997df75dbc748cef25d4ada44c0
I was directed to this bug from #debian-mentors.
E: orig-tarball-missing-upstream-signature is triggered when upstream
signs their uncompressed tarball instead of tarball.{gz,bz2,xz}. For
such cases the watch file must be told to decompress, and
pgpsigurlmangle=s/\.tar.*$/\.tar.sign/. This used to work flawlessly.
For the record, is it now necessary to repack the orig.tar for cases
like these?
Cheers,
Nicholas
signature.asc
Description: PGP signature
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
Hi Guido, > > Lintian can detect that the tarball was repacked by looking inside > > at the first few tar members - a repacked tarball is meant to > > contain only a foo_1.2.3.orig/ directory (devref §6.7.8.2.4) […] > > Don't see a reference to filtering debian/copyright however? > > That part is in #874663. It's in uscan's manpage: > > Files-Excluded or Files-Excluded-component stanzas are set in > debian/copyright to make mk-origtargz invoked from uscan > remove files from the upstream tarball and repack it. > See "COPYRIGHT FILE EXAMPLES" and mk-origtargz(1). > > So if there's a Files-Excluded* in debian/copyright the upstream tarball > was filtered. Thanks. I've started abstracting things out here: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=13dee7b911b66e1f48d61401b17227bd48680115 Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
Hi, On Sun, Sep 10, 2017 at 05:01:17PM +0100, Chris Lamb wrote: > Hi Guido, > > > control: reopen -1 > > It's not closed yet - still pending release! ;) > > > See #874663. Looking at filter in debian/copyright and at the dir name > > of the tarball¹ (as Simon suggested) > > This bit... > > Lintian can detect that the tarball was repacked by looking inside > at the first few tar members - a repacked tarball is meant to > contain only a foo_1.2.3.orig/ directory (devref §6.7.8.2.4) > > Don't see a reference to filtering debian/copyright however? That part is in #874663. It's in uscan's manpage: Files-Excluded or Files-Excluded-component stanzas are set in debian/copyright to make mk-origtargz invoked from uscan remove files from the upstream tarball and repack it. See "COPYRIGHT FILE EXAMPLES" and mk-origtargz(1). So if there's a Files-Excluded* in debian/copyright the upstream tarball was filtered. Cheers, -- Guido
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
Hi Guido, > control: reopen -1 It's not closed yet - still pending release! ;) > See #874663. Looking at filter in debian/copyright and at the dir name > of the tarball¹ (as Simon suggested) This bit... Lintian can detect that the tarball was repacked by looking inside at the first few tar members - a repacked tarball is meant to contain only a foo_1.2.3.orig/ directory (devref §6.7.8.2.4) Don't see a reference to filtering debian/copyright however? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
control: reopen -1 Hi Chris, On Sun, Sep 10, 2017 at 01:26:35PM +0100, Chris Lamb wrote: > forcemerge 871957 874659 > thanks > > Hi Guido, > > > orig-tarball-missing-upstream-signature should exclude repacks > > This was fixed in #874659. :) I think this is (unfortunately) not enough to detect a repacked tarball - although it will already detect lots of repacked tarballs, so thankgs for that. See #874663. Looking at filter in debian/copyright and at the dir name of the tarball¹ (as Simon suggested) are other indicators. Cheers, -- Guido ¹ https://www.debian.org/doc/manuals/developers-reference/ch06.en.html#repackagedorigtargz
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
forcemerge 871957 874659 thanks Hi Guido, > orig-tarball-missing-upstream-signature should exclude repacks This was fixed in #874659. :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
tags 871957 + pending thanks Fixed in Git: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=8914bb025f975e4a5584a3a0203cf808f3d0a430 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
tags 871957 + pending thanks Added the "repack" bit here: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=6094948b0e09b997df75dbc748cef25d4ada44c0 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#871957: [lintian] orig-tarball-missing-upstream-signature should exclude repacks
tags 871957 + pending thanks Thanks for the report. This was fixed a little while ago in Git: https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=8914bb025f975e4a5584a3a0203cf808f3d0a430 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
