The Debian Live team produces the tools used by the Debian CD team to produce the Official Debian Live images (from stretch onwards) and also maintains other packages that are used to build live images.
Around the time of a release, the Debian Live team liaises with the Debian CD team in order to make sure that releases happen smoothly and with as few issues as possible.
Development Homepage: https://www.debian.org/devel/debian-live/
Development Documentation: https://live-team.pages.debian.net/live-manual/
IRC: #debian-live on OFTC
Salsa Group: https://salsa.debian.org/live-team/
VCS Browser: https://salsa.debian.org/live-team/
Contributing to Debian Live
Contributions to the project, such as translations and patches, are welcomed and greatly appreciated.
It is important when submitting a contribution, whether it be for software, documentation or a translation, to clearly identify its copyright holder and include any applicable licensing statement.
To be accepted, the contribution must be licensed under the same license as the rest of the package. This is GPL version 3 or later for most packages, but BSD 2-clause for live-wrapper.
While in the past the Debian Live team has tended to not use Debian resources for development, we now make use of the Debian BTS and Debian hosted version-control systems for all Debian Live development work.
If you'd like to dive straight into development, check out the Debian Live Dashboard and see what there is that needs fixing. If you spot a bug you think you can fix, send an email to the mailing list or chat to us in IRC. If no one else is working on the issue, assign yourself as the owner of the bug and submit a patch.
Please try to always make sensible and appropriate use of the available systems for discussion, bug reporting and patch submission, as discussed below.
If you discover a bug, then we would appreciate you reporting it to us. You are very welcome to create a bug report in the Debian Bug Tracking System (BTS) for it, though please first check that one does not already exist for the same issue. You can find documentation on how to submit bugs to the BTS here.
However, if you wish to create a patch for the issue yourself, then unless you wish to discuss the problem first, it is typically preferred that you skip creating a bug report and just submit a patch as a merge request (MR) in the web based VCS, though submissions of patches as attachments to bug reports are also acceptable.
Note that the BTS is an email based submission system, while the web based VCS platform is gitlab based (Debian hosted).
If you are submitting a patch for a bug that has an associated bug report, then please ensure that the commit log of the patch ends with a line of the form "Closes: #XXXXXX" to help our development tools automate certain aspects of bug report management.
Please also include "Gbp-Dch: ACTION" hints as appropriate (see the "gbp-dch" man page), though do not use "Ignore" for commits that also have a close hint, otherwise the close hint will not work.
Please avoid placing bug numbers in commit and MR titles.
If you wish to submit a patch for something that is not a bug, please avoid creating a bug report in the BTS, which is intended exclusively for reporting bugs, obviously. You can submit such a patch either as an MR in the web VCS, or as a patch sent to the public mailing list. If you wish to discuss the change before submission then please send an email to the mailing list.
Please try to test patches before submission.
If submitting an MR, please be sure to tick the "Allow commits from members who can merge to the target branch" option (under "contribution") to help make work finalising any preparations (such as rebasing) before merging easier.
Large Code Contributions
If wishing to undertake larger development works, please discuss this on the mailing list in advance.
If you have a large contribution to make which has not already had such discussion take place for any reason, please consider discussing with team members before creating bulk reports/MRs as it may prove helpful to both parties in terms of helping co-ordinate how best to work together to accomplish submitting, reviewing and merging it.
If you are a DD/DM and would like to be more involved in the development of Debian Live packages, please join the Salsa group. All members of the Salsa group have commit access to our git repositories, but please do not push changes without first clearing it with one of the named uploaders on the package of the repository you are pushing to.
The Debian Live packages are native packages. This means that there is no upstream or pristine-tar branches and we do not use quilt patches, unlike most other teams in Debian where they are packaging upstream sources.
The master branch contains current development work. Tags in the form of "debian/<release>" will mark the commit of each release that has been uploaded to unstable.
For managing backports and stable updates, branches may be created within the repositories with the name of "<codename>-pu" for proposed-updates or "<codename>-bpo" for backports.
Documentation exists both within individual projects (for instance the live-build man page components of the live-build repo) and in the dedicated live-manual documentation crate. Contributions to this documentation can be made just the same as any other code contribution.
TODO: Need information on how to contribute to translations.
Using GPG to Verify the Authenticity of Live CD Images
After downloading the Debian Live CD ISO, the "*SUMS" and "*SUMS.sign" files can help verify that the ISO image you downloaded was created by Debian.
At a command line, in the directory into which the Debian Live ISO was downloaded, and using "SHA512SUMS" as an example, validate "SHA512SUMS" with "gpg":
gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
As per "https://www.debian.org/CD/verify", the output from the above gpg command should contain:
gpg: Signature made Wed 21 Jun 2017 03:45:45 AM CDT gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
If the output from the gpg command contains the above "Signature made" and "RSA key" lines, the ISO file itself can now be validated. So, continuing with the "SHA512SUMS" example:
sha512sum --ignore-missing -c SHA512SUMS
The output from the above "sha512sum" command should be only this:
If the output from the above command contained "OK", there can be a good level of confidence that your downloaded Debian Live CD ISO image was sourced by Debian.
A TODO list is maintained at /TODO in order to highlight any tasks that require immediate attention before the BTS can be triaged. Later, task management will be performed using the BTS.