Contents

  1. pre

pre

As contributors and maintainers, it is best practice to ensure that the packages we're packaging for the first time or updating are Lintian clean to help save other contributors and maintainers from unnecessary stress and to make sure that our packages pass the necessary standardization tests for them to be merged by the reviewers or the maintaining team. This wiki is targeted at newbies who are running the lintian command for the first time and are overwhelmed by what they see on their terminal.

As an initial summary before the whole process, most of the changes you'll be making to your project to satisfy lintian would be carried out in the debian/control directory, and there are about 4 commands you'll get to be repeating throughout the whole process, and they are:

  1. debclean - read https://manpages.debian.org/stretch/devscripts/debclean.1.en.html to have a full grasp of what it does.

  2. git commit <directory that requires commiting> (commits changes made to remote, avoid using git commit . as you may end up committing dangerous files).

  3. gbp dch -a - makes a git commit and enters a changelog entry for the commit, I'd advice that this command be used only after gbp import-orig and after your last dpkg-buildpackage.

  4.  dpkg-buildpackage - builds the package, this command like all other ones must be run after any logical change to the concerning directory.

  5. lintian - should be used as often as dpkg-buildpackage, checks lintian again to know if it's clean for upstream push or not.

PS: I worked on node-vue-hot-reload-api package so the first part of this wiki will be using that package as a case study, but the lintian errors could be reproduced while packaging any node module

Below is an example of lintian log, and we'll be addressing the issues ` N: Using profile debian/main. N: Starting on group node-vue-hot-reload-api/2.3.4-1 N: Finished processing group node-vue-hot-reload-api/2.3.4-1 W: node-vue-hot-reload-api source: no-nmu-in-changelog N: W: no-nmu-in-changelog N: N: When you NMU a package, that fact should be mentioned on the first N: line in the changelog entry. Use the words "NMU" or "Non-maintainer N: upload" (case insensitive). N: N: Maybe you didn't intend this upload to be a NMU, in that case, please N: double-check that the most recent entry in the changelog is N: byte-for-byte identical to the maintainer or one of the uploaders. If N: this is a local package (not intended for Debian), you can suppress N: this warning by putting "local" in the version number or "local N: package" on the first line of the changelog entry. N: N: Refer to Debian Developer's Reference section 5.11.3 (Using the N: DELAYED/ queue) for details. N: N: Severity: warning N: N: Check: nmu N: N: Renamed from: changelog-should-mention-nmu N: W: node-vue-hot-reload-api: nodejs-module-installed-in-usr-lib usr/lib/nodejs/vue-hot-reload-api/dist/index.js N: W: nodejs-module-installed-in-usr-lib N: N: This package installs the specified file under /usr/lib/nodejs. Since N: the release of Buster, these files should be installed under N: /usr/share/nodejs (for arch independent modules) or N: /usr/lib/$DEB_HOST_MULTIARCH/nodejs (for arch dependent modules) N: instead. N: N: You can use pkg-js-tools auto installer to avoid this, see N: /usr/share/doc/pkg-js-tools/README.md.gz N: N: Severity: warning N: N: Check: languages/javascript/nodejs N: W: node-vue-hot-reload-api: nodejs-module-installed-in-usr-lib usr/lib/nodejs/vue-hot-reload-api/package.json W: node-vue-hot-reload-api source: source-nmu-has-incorrect-version-number 2.3.4-1 N: W: source-nmu-has-incorrect-version-number N: N: A source NMU should have a Debian revision of "-x.x" (or "+nmuX" for a N: native package). This is to prevent stealing version numbers from the N: maintainer. N: N: Maybe you didn't intend this upload to be a NMU, in that case, please N: double-check that the most recent entry in the changelog is N: byte-for-byte identical to the maintainer or one of the uploaders. If N: this is a local package (not intended for Debian), you can suppress N: this warning by putting "local" in the version number or "local N: package" on the first line of the changelog entry. N: N: Refer to Debian Developer's Reference section 5.11.2 (NMUs and N: debian/changelog) for details. N: N: Severity: warning N: N: Check: nmu N: I: node-vue-hot-reload-api: capitalization-error-in-description-synopsis api API N: I: capitalization-error-in-description-synopsis N: N: Lintian found a possible capitalization error in the package synopsis. N: Lintian has a list of common capitalization errors, primarily of N: upstream projects, that it looks for. It does not have a dictionary N: like a spelling checker does. N: N: Severity: info N: N: Check: fields/description N: I: node-vue-hot-reload-api source: older-debian-watch-file-standard 3 N: I: older-debian-watch-file-standard N: N: The version= line in the debian/watch file in this package declares an N: older version. Please upgrade when you have a chance. N: N: Refer to the uscan(1) manual page for details. N: N: Severity: info N: N: Check: debian/watch/standard N: I: node-vue-hot-reload-api source: out-of-date-standards-version 4.2.1 (released 2018-08-25) (current is 4.5.1) N: I: out-of-date-standards-version N: N: The source package refers to a Standards-Version older than the one N: that was current at the time the package was created (according to the N: timestamp of the latest debian/changelog entry). Please consider N: updating the package to current Policy and setting this control field N: appropriately. N: N: If the package is already compliant with the current standards, you N: don't have to re-upload the package just to adjust the N: Standards-Version control field. However, please remember to update N: this field next time you upload the package. N: N: See /usr/share/doc/debian-policy/upgrading-checklist.txt.gz in the N: debian-policy package for a summary of changes in newer versions of N: Policy. N: N: Refer to N: https://www.debian.org/doc/debian-policy/upgrading-checklist.html for N: details. N: N: Severity: info N: N: Check: fields/standards-version N: X: node-vue-hot-reload-api source: debian-watch-does-not-check-gpg-signature N: P: debian-watch-does-not-check-gpg-signature N: N: This watch file does not specify a means to verify the upstream N: tarball using a cryptographic signature. N: N: If upstream distributions provides such signatures, please use the N: pgpsigurlmangle options in this watch file's opts= to generate the URL N: of an upstream GPG signature. This signature is automatically N: downloaded and verified against a keyring stored in N: debian/upstream/signing-key.asc N: N: Of course, not all upstreams provide such signatures but you could N: request them as a way of verifying that no third party has modified N: the code after its release (projects such as phpmyadmin, unrealircd, N: and proftpd have suffered from this kind of attack). N: N: Refer to the uscan(1) manual page for details. N: N: Severity: pedantic N: N: Check: debian/watch N: N: Renamed from: debian-watch-may-check-gpg-signature N: N: This tag is experimental. N: P: node-vue-hot-reload-api source: package-uses-old-debhelper-compat-version 12 N: P: package-uses-old-debhelper-compat-version N: N: This package uses a debhelper compatibility level that is no longer N: recommended. Please consider using the recommended level. N: N: For most packages, the best way to set the compatibility level is to N: specify debhelper-compat (= X) as a Build-Depends in debian/control. N: You can also use the debian/compat file or export DH_COMPAT in N: debian/rules. N: N: If no level is selected debhelper defaults to level 1, which is N: deprecated. N: N: Refer to the debhelper(7) manual page for details. N: N: Severity: pedantic N: N: Check: debhelper N: P: node-vue-hot-reload-api source: silent-on-rules-requiring-root N: P: silent-on-rules-requiring-root N: N: The debian/control file is missing an explicit Rules-Requires-Root N: field. N: N: Traditionally, Debian packages have required root privileges for some N: debian/rules target requiring a split between build and binary N: targets. This makes the builds slower due to the increased amount of N: invocations as well as the overhead of fakeroot itself. N: N: Please specify (eg.) Rules-Requires-Root: no in the debian/control N: source stanza, but packagers should verify using diffoscope(1) that N: the binaries built with this field present are identical. N: N: Refer to /usr/share/doc/dpkg-dev/rootless-builds.txt.gz, Debian Policy N: Manual section 4.9.2 (debian/rules and Rules-Requires-Root), and N: Debian Policy Manual section 5.6.31 (Rules-Requires-Root) for details. N: N: Severity: pedantic N: N: Check: debian/control N: N: Renamed from: rules-requires-root-missing N: `