Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
On Tue Aug 5, 2025 at 11:52 AM CEST, Sean Whitton wrote: I think this is everything. Maybe you could make an MR? Submitted as https://salsa.debian.org/dgit-team/dgit/-/merge_requests/264 signature.asc Description: PGP signature
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Hello, On Mon 04 Aug 2025 at 11:46pm +02, Andrea Pappacoda wrote: > On Mon Aug 4, 2025 at 11:36 PM CEST, Sean Whitton wrote: >>> Maybe something like "the .delta file must not contain changes to the >>> tarball contents, except for empty directories". >> >> Right, okay. Then I agree with Ian that what you already say is enough. > > Okay so, for v2 should I: > > 1. Change "The service will check that the generated tarball is treesame >to the tree named in the .id file" with "the resulting tarball must >be treesame to the named git tree". > 2. That, but also add ", except for empty directories", implying that >anything else isn't allowed. > 3. Something else? I think this is everything. Maybe you could make an MR? -- Sean Whitton signature.asc Description: PGP signature
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
On Mon Aug 4, 2025 at 11:36 PM CEST, Sean Whitton wrote: Maybe something like "the .delta file must not contain changes to the tarball contents, except for empty directories". Right, okay. Then I agree with Ian that what you already say is enough. Okay so, for v2 should I: 1. Change "The service will check that the generated tarball is treesame to the tree named in the .id file" with "the resulting tarball must be treesame to the named git tree". 2. That, but also add ", except for empty directories", implying that anything else isn't allowed. 3. Something else? signature.asc Description: PGP signature
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Hello,
On Mon 04 Aug 2025 at 06:31pm +01, Ian Jackson wrote:
> Ian Jackson writes ("Re: Bug#1106071: [PATCH dgit v1] tag2upload: add
> pristine-tar metadata item"):
>> It is very precise and says exactly what we mean.
>
> Just after writing this I had a thought. If there are things in the
> working tree that aren't files or directories or symlinks, what does
> git do ?
>
> For our treesame check to be meaningful, we need it to fail, I think.
>
> Since I think we don't want to permit tarballs that contain device
> files, sockets, or whatever.
We encountered a similar problem when writing mini-git-tag-fsck.
I think the right thing to do is to fail, indeed.
--
Sean Whitton
signature.asc
Description: PGP signature
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Hello, On Mon 04 Aug 2025 at 07:25pm +02, Andrea Pappacoda wrote: > Hi Sean, > > On Mon Aug 4, 2025 at 12:31 PM CEST, Sean Whitton wrote: >> Can we say that the .delta file must represent an empty change (or >> equivalent), since we're not going to support actual deltas? >> >> I think your later text implies this but it would be easier to read if >> we said something here too. > > Well, a .delta file represents a binary diff, so an empty binary diff > would result in no modifications to the tar file at all. We want to > support deltas which change things like the stored order of files in the > tarball, or empty directories. So I don't really know how to say this > other than "the resulting tarball must be treesame to the named git > tree". > > Maybe something like "the .delta file must not contain changes to the > tarball contents, except for empty directories". Right, okay. Then I agree with Ian that what you already say is enough. -- Sean Whitton signature.asc Description: PGP signature
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Andrea Pappacoda writes ("Re: Bug#1106071: [PATCH dgit v1] tag2upload: add
pristine-tar metadata item"):
> Yeah, git seems to completely ignore device files (and tar does not seem
> to support sockets?). So should we explicitly state that only empty
> directories are allowed? If so, how do we check that?
Hngh. (I bet tar does support sockets. It certainly supports fifos.)
I can't think of a better way than comparing the output of
git ls-files with the output of find \! -type d -print0.
Ian.
--
Ian JacksonThese opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
On Mon Aug 4, 2025 at 7:31 PM CEST, Ian Jackson wrote:
Ian Jackson writes ("Re: Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar
metadata item"):
It is very precise and says exactly what we mean.
Just after writing this I had a thought. If there are things in the
working tree that aren't files or directories or symlinks, what does
git do ?
For our treesame check to be meaningful, we need it to fail, I think.
Since I think we don't want to permit tarballs that contain device
files, sockets, or whatever.
Yeah, git seems to completely ignore device files (and tar does not seem
to support sockets?). So should we explicitly state that only empty
directories are allowed? If so, how do we check that?
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Ian Jackson writes ("Re: Bug#1106071: [PATCH dgit v1] tag2upload: add
pristine-tar metadata item"):
> It is very precise and says exactly what we mean.
Just after writing this I had a thought. If there are things in the
working tree that aren't files or directories or symlinks, what does
git do ?
For our treesame check to be meaningful, we need it to fail, I think.
Since I think we don't want to permit tarballs that contain device
files, sockets, or whatever.
Ian.
--
Ian JacksonThese opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Andrea Pappacoda writes ("Bug#1106071: [PATCH dgit v1] tag2upload: add
pristine-tar metadata item"):
> Well, a .delta file represents a binary diff, so an empty binary diff
> would result in no modifications to the tar file at all. We want to
> support deltas which change things like the stored order of files in the
> tarball, or empty directories. So I don't really know how to say this
> other than
I think
> "the resulting tarball must be treesame to the named git tree".
this phrase is perfect, for a spec. It is very precise and says
exactly what we mean.
It would be worse to say the same thing again in different words. In
specs that can lead to ambiguity if one of the descriptions can be
interpreted differently.
Ian.
--
Ian JacksonThese opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Hi Sean, On Mon Aug 4, 2025 at 12:31 PM CEST, Sean Whitton wrote: Can we say that the .delta file must represent an empty change (or equivalent), since we're not going to support actual deltas? I think your later text implies this but it would be easier to read if we said something here too. Well, a .delta file represents a binary diff, so an empty binary diff would result in no modifications to the tar file at all. We want to support deltas which change things like the stored order of files in the tarball, or empty directories. So I don't really know how to say this other than "the resulting tarball must be treesame to the named git tree". Maybe something like "the .delta file must not contain changes to the tarball contents, except for empty directories". +The tag must also contain an C item, and the tree named in the .id Maybe "tree object" or even "git tree object" for readability. Makes sense.
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
Hello, On Sun 03 Aug 2025 at 05:05pm +02, Andrea Pappacoda wrote: > --- > This patch adds the pristine-tar item to the tag2upload spec. It's based > on Ian's suggested text, with some clarifications. Should be almost > ready. > > tag2upload.5.pod | 26 ++ > 1 file changed, 26 insertions(+) > > diff --git a/tag2upload.5.pod b/tag2upload.5.pod > index 7206fb4e..f934d210 100644 > --- a/tag2upload.5.pod > +++ b/tag2upload.5.pod > @@ -139,6 +139,32 @@ With C quilt modes, this option is mandatory. > specifies a native source package format, > or if the targeted archive already contains a suitable orig.) > > +=item C=COMMITID > + > +Names a commit containing pristine-tar metadata. > + > +The commit must contain exactly one .id file and one .delta for the current Can we say that the .delta file must represent an empty change (or equivalent), since we're not going to support actual deltas? I think your later text implies this but it would be easier to read if we said something here too. > +upstream release, and their names must correspond to the name of the orig > +tarball, with ".id" and ".delta" appended, respectively. They must be > +regular files. > + > +The tag must also contain an C item, and the tree named in the .id Maybe "tree object" or even "git tree object" for readability. -- Sean Whitton signature.asc Description: PGP signature
Bug#1106071: [PATCH dgit v1] tag2upload: add pristine-tar metadata item
--- This patch adds the pristine-tar item to the tag2upload spec. It's based on Ian's suggested text, with some clarifications. Should be almost ready. tag2upload.5.pod | 26 ++ 1 file changed, 26 insertions(+) diff --git a/tag2upload.5.pod b/tag2upload.5.pod index 7206fb4e..f934d210 100644 --- a/tag2upload.5.pod +++ b/tag2upload.5.pod @@ -139,6 +139,32 @@ With C quilt modes, this option is mandatory. specifies a native source package format, or if the targeted archive already contains a suitable orig.) +=item C=COMMITID + +Names a commit containing pristine-tar metadata. + +The commit must contain exactly one .id file and one .delta for the current +upstream release, and their names must correspond to the name of the orig +tarball, with ".id" and ".delta" appended, respectively. They must be +regular files. + +The tag must also contain an C item, and the tree named in the .id +file must be identical to that of the C commit. + +The pristine-tar commit may contain a signature file. The signature file +name must correspond to the name of the orig tarball, with ".asc" appended. +The signature file will then be published together with the orig tarball. +The signature file is treated as pure data by the service (so will not be +verified or even format checked). + +If an orig tarball needs to be (re)generated, the service will use +pristine-tar, using precisely the metadata in the aforementioned files. The +service will check that the generated tarball is treesame to the tree named +in the .id file. + +The named prstine-tar commit must be reachable from the C +branch in the repository. + =item C<--quilt=QUILT-MODE> Specifies the git tree format in use, -- 2.47.2
