Differences between revisions 1 and 20 (spanning 19 versions)
Revision 1 as of 2017-02-08 13:34:42
Size: 1516
Editor: RogerShimizu
Comment: Initial page
Revision 20 as of 2017-02-23 09:56:59
Size: 2971
Editor: RogerShimizu
Comment: Note exceptions on autoconf files
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
 * Above command should download and then extract the source tarball, but if you don't have the key signing the package within your keyring, you have to extract it by yourself:
{{{
dpkg-source -x yyy_zzz-1.dsc
}}}
 * Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the `-x` with `-ux` or dpkg-source will refuse to extract the source package.
 * Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Line 16: Line 14:
 * There're a few automatic tools. Just apt install to get them.
   * debmake. It compares source tree and debian/copyright, then give you a report.
 There are a [[CopyrightReviewTools|few automatic tools]].
 * debmake. It compares source tree and debian/copyright, then give you a report.
Line 21: Line 19:
   * decopy. It generate a copyright file for reference.  * decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable [[https://packages.debian.org/sid/decopy]])
Line 24: Line 22:
diff -u debian/copyright debian/copyright.tmp
Line 25: Line 24:
   * cme. It generate/overwrite debian/copyright.  * cme. It generate/overwrite debian/copyright.
Line 29: Line 28:
diff -u debian/copyright.orig debian/copyright
Line 30: Line 30:

Please be also noted that as an unwritten exception to the rule, Debian packages where the copyright of the autoconf files is not documented in the Debian copyright file are routinely accepted by our archive administrators. [0][1]

 * [0] https://lists.debian.org/debian-mentors/2009/09/msg00264.html
 * [1] https://lists.debian.org/debian-devel/2015/11/msg00260.html
Line 35: Line 40:
mk-build-deps
sudo dpkg -i <yyy_build-deps_zzz-1.deb>
sudo apt install -f
mk-build-deps --root-cmd sudo --install
Line 42: Line 45:
- or -
Line 49: Line 53:
lintian -I --pedemic lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto
Line 51: Line 55:
 * [[https://tracker.debian.org/pkg/check-all-the-things|check-all-the-things]]
Line 57: Line 62:
 * [[CopyrightReview]] [[CopyrightReviewTools]]
 * [[https://ftp-master.debian.org/REJECT-FAQ.html|REJECT FAQ]]
 * [[HowToPackageForDebian#Check_points_for_any_package|Check points for any package]]

== Alternative workflows ==

 * [[https://manpages.debian.org/unstable/dgit/dgit-sponsorship.7.en.html|dgit-sponsorship(7)]]

== Ideas to be added to this page ==

 * add sbuild/pbuilder usage
 * "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
 * debdiff between versions (in case of update)
{{{
filterdiff debdiff -i "*debian*" > debdiff.filtered
}}}
 * apt build-dep (dsc-file) to build-dependencies

Procedure to review packaging for mentors

Get the package

  • Usually sponsorship-requests (RFS) email tells how to get the package:

dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
  • Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.

  • Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.

Check the license

  • There are a few automatic tools.

  • debmake. It compares source tree and debian/copyright, then give you a report.

debmake -kk

decopy -o debian/copyright.tmp
diff -u debian/copyright debian/copyright.tmp
  • cme. It generate/overwrite debian/copyright.

cp debian/copyright debian/copyright.orig
cme update dpkg-copyright -trace
diff -u debian/copyright.orig debian/copyright

Please be also noted that as an unwritten exception to the rule, Debian packages where the copyright of the autoconf files is not documented in the Debian copyright file are routinely accepted by our archive administrators. [0][1]

Build the package

  • You need to install build-dependencies first. Here's a way to remove easily afterwards.

mk-build-deps --root-cmd sudo --install
  • debuild or dpkg-buildpackage

debuild -us -uc
- or -
dpkg-buildpackage -us -uc

Auto Check Tools

  • lintian (Note: Just verbose the output, but not all of them is must-fix)

lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto

Other things to check

Alternative workflows

Ideas to be added to this page

  • add sbuild/pbuilder usage
  • "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
  • debdiff between versions (in case of update)

filterdiff debdiff -i "*debian*" > debdiff.filtered
  • apt build-dep (dsc-file) to build-dependencies