Differences between revisions 1 and 19 (spanning 18 versions)
Revision 1 as of 2017-02-08 13:34:42
Size: 1516
Editor: RogerShimizu
Comment: Initial page
Revision 19 as of 2017-02-09 00:15:31
Size: 2597
Editor: PaulWise
Comment: typo, remove obvious sentence
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
 * Above command should download and then extract the source tarball, but if you don't have the key signing the package within your keyring, you have to extract it by yourself:
{{{
dpkg-source -x yyy_zzz-1.dsc
}}}
 * Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the `-x` with `-ux` or dpkg-source will refuse to extract the source package.
 * Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Line 16: Line 14:
 * There're a few automatic tools. Just apt install to get them.
   * debmake. It compares source tree and debian/copyright, then give you a report.
 There are a [[CopyrightReviewTools|few automatic tools]].
 * debmake. It compares source tree and debian/copyright, then give you a report.
Line 21: Line 19:
   * decopy. It generate a copyright file for reference.  * decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable [[https://packages.debian.org/sid/decopy]])
Line 24: Line 22:
diff -u debian/copyright debian/copyright.tmp
Line 25: Line 24:
   * cme. It generate/overwrite debian/copyright.  * cme. It generate/overwrite debian/copyright.
Line 29: Line 28:
diff -u debian/copyright.orig debian/copyright
Line 35: Line 35:
mk-build-deps
sudo dpkg -i <yyy_build-deps_zzz-1.deb>
sudo apt install -f
mk-build-deps --root-cmd sudo --install
Line 42: Line 40:
- or -
Line 49: Line 48:
lintian -I --pedemic lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto
Line 51: Line 50:
 * [[https://tracker.debian.org/pkg/check-all-the-things|check-all-the-things]]
Line 57: Line 57:
 * [[CopyrightReview]] [[CopyrightReviewTools]]
 * [[https://ftp-master.debian.org/REJECT-FAQ.html|REJECT FAQ]]
 * [[HowToPackageForDebian#Check_points_for_any_package|Check points for any package]]

== Alternative workflows ==

 * [[https://manpages.debian.org/unstable/dgit/dgit-sponsorship.7.en.html|dgit-sponsorship(7)]]

== Ideas to be added to this page ==

 * add sbuild/pbuilder usage
 * "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
 * debdiff between versions (in case of update)
{{{
filterdiff debdiff -i "*debian*" > debdiff.filtered
}}}
 * apt build-dep (dsc-file) to build-dependencies

Procedure to review packaging for mentors

Get the package

  • Usually sponsorship-requests (RFS) email tells how to get the package:

dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
  • Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.

  • Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.

Check the license

  • There are a few automatic tools.

  • debmake. It compares source tree and debian/copyright, then give you a report.

debmake -kk

decopy -o debian/copyright.tmp
diff -u debian/copyright debian/copyright.tmp
  • cme. It generate/overwrite debian/copyright.

cp debian/copyright debian/copyright.orig
cme update dpkg-copyright -trace
diff -u debian/copyright.orig debian/copyright

Build the package

  • You need to install build-dependencies first. Here's a way to remove easily afterwards.

mk-build-deps --root-cmd sudo --install
  • debuild or dpkg-buildpackage

debuild -us -uc
- or -
dpkg-buildpackage -us -uc

Auto Check Tools

  • lintian (Note: Just verbose the output, but not all of them is must-fix)

lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto

Other things to check

Alternative workflows

Ideas to be added to this page

  • add sbuild/pbuilder usage
  • "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
  • debdiff between versions (in case of update)

filterdiff debdiff -i "*debian*" > debdiff.filtered
  • apt build-dep (dsc-file) to build-dependencies