1516
Comment: Initial page
|
2626
shorter mk-build-deps
|
Deletions are marked like this. | Additions are marked like this. |
Line 9: | Line 9: |
* Above command should download and then extract the source tarball, but if you don't have the key signing the package within your keyring, you have to extract it by yourself: {{{ dpkg-source -x yyy_zzz-1.dsc }}} |
* Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the `-x` with `-ux` or dpkg-source will refuse to extract the source package. * Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review. |
Line 16: | Line 14: |
* There're a few automatic tools. Just apt install to get them. * debmake. It compares source tree and debian/copyright, then give you a report. |
There're a [[CopyrightReviewTools|few automatic tools]]. Just apt install to get them. * debmake. It compares source tree and debian/copyright, then give you a report. |
Line 21: | Line 19: |
* decopy. It generate a copyright file for reference. | * decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable [[https://packages.debian.org/sid/decopy]]) |
Line 24: | Line 22: |
diff -u debian/copyright debian/copyright.tmp | |
Line 25: | Line 24: |
* cme. It generate/overwrite debian/copyright. | * cme. It generate/overwrite debian/copyright. |
Line 29: | Line 28: |
diff -u debian/copyright.orig debian/copyright | |
Line 35: | Line 35: |
mk-build-deps sudo dpkg -i <yyy_build-deps_zzz-1.deb> sudo apt install -f |
mk-build-deps --root-cmd sudo --install |
Line 42: | Line 40: |
- or - | |
Line 49: | Line 48: |
lintian -I --pedemic | lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto |
Line 51: | Line 50: |
* [[https://tracker.debian.org/pkg/check-all-the-things|check-all-the-things]] | |
Line 57: | Line 57: |
* [[CopyrightReview]] [[CopyrightReviewTools]] * [[https://ftp-master.debian.org/REJECT-FAQ.html|REJECT FAQ]] * [[HowToPackageForDebian#Check_points_for_any_package|Check points for any package]] == Alternative workflows == * [[https://manpages.debian.org/unstable/dgit/dgit-sponsorship.7.en.html|dgit-sponsorship(7)]] == Ideas to be added to this page == * add sbuild/pbuilder usage * "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring) * debdiff between versions (in case of update) {{{ filterdiff debdiff -i "*debian*" > debdiff.filtered }}} * apt build-dep (dsc-file) to build-dependencies |
Procedure to review packaging for mentors
Get the package
- Usually sponsorship-requests (RFS) email tells how to get the package:
dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.
- Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Check the license
There're a few automatic tools. Just apt install to get them.
- debmake. It compares source tree and debian/copyright, then give you a report.
debmake -kk
decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable https://packages.debian.org/sid/decopy)
decopy -o debian/copyright.tmp diff -u debian/copyright debian/copyright.tmp
- cme. It generate/overwrite debian/copyright.
cp debian/copyright debian/copyright.orig cme update dpkg-copyright -trace diff -u debian/copyright.orig debian/copyright
Build the package
- You need to install build-dependencies first. Here's a way to remove easily afterwards.
mk-build-deps --root-cmd sudo --install
- debuild or dpkg-buildpackage
debuild -us -uc - or - dpkg-buildpackage -us -uc
Auto Check Tools
- lintian (Note: Just verbose the output, but not all of them is must-fix)
lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto
Other things to check
- There're many other things to check. Here're the incomplete list:
Alternative workflows
Ideas to be added to this page
- add sbuild/pbuilder usage
- "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
- debdiff between versions (in case of update)
filterdiff debdiff -i "*debian*" > debdiff.filtered
- apt build-dep (dsc-file) to build-dependencies