Size: 1516
Comment: Initial page
|
Size: 2971
Comment: Note exceptions on autoconf files
|
Deletions are marked like this. | Additions are marked like this. |
Line 9: | Line 9: |
* Above command should download and then extract the source tarball, but if you don't have the key signing the package within your keyring, you have to extract it by yourself: {{{ dpkg-source -x yyy_zzz-1.dsc }}} |
* Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the `-x` with `-ux` or dpkg-source will refuse to extract the source package. * Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review. |
Line 16: | Line 14: |
* There're a few automatic tools. Just apt install to get them. * debmake. It compares source tree and debian/copyright, then give you a report. |
There are a [[CopyrightReviewTools|few automatic tools]]. * debmake. It compares source tree and debian/copyright, then give you a report. |
Line 21: | Line 19: |
* decopy. It generate a copyright file for reference. | * decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable [[https://packages.debian.org/sid/decopy]]) |
Line 24: | Line 22: |
diff -u debian/copyright debian/copyright.tmp | |
Line 25: | Line 24: |
* cme. It generate/overwrite debian/copyright. | * cme. It generate/overwrite debian/copyright. |
Line 29: | Line 28: |
diff -u debian/copyright.orig debian/copyright | |
Line 30: | Line 30: |
Please be also noted that as an unwritten exception to the rule, Debian packages where the copyright of the autoconf files is not documented in the Debian copyright file are routinely accepted by our archive administrators. [0][1] * [0] https://lists.debian.org/debian-mentors/2009/09/msg00264.html * [1] https://lists.debian.org/debian-devel/2015/11/msg00260.html |
|
Line 35: | Line 40: |
mk-build-deps sudo dpkg -i <yyy_build-deps_zzz-1.deb> sudo apt install -f |
mk-build-deps --root-cmd sudo --install |
Line 42: | Line 45: |
- or - | |
Line 49: | Line 53: |
lintian -I --pedemic | lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto |
Line 51: | Line 55: |
* [[https://tracker.debian.org/pkg/check-all-the-things|check-all-the-things]] | |
Line 57: | Line 62: |
* [[CopyrightReview]] [[CopyrightReviewTools]] * [[https://ftp-master.debian.org/REJECT-FAQ.html|REJECT FAQ]] * [[HowToPackageForDebian#Check_points_for_any_package|Check points for any package]] == Alternative workflows == * [[https://manpages.debian.org/unstable/dgit/dgit-sponsorship.7.en.html|dgit-sponsorship(7)]] == Ideas to be added to this page == * add sbuild/pbuilder usage * "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring) * debdiff between versions (in case of update) {{{ filterdiff debdiff -i "*debian*" > debdiff.filtered }}} * apt build-dep (dsc-file) to build-dependencies |
Procedure to review packaging for mentors
Get the package
- Usually sponsorship-requests (RFS) email tells how to get the package:
dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.
- Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Check the license
There are a few automatic tools.
- debmake. It compares source tree and debian/copyright, then give you a report.
debmake -kk
decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable https://packages.debian.org/sid/decopy)
decopy -o debian/copyright.tmp diff -u debian/copyright debian/copyright.tmp
- cme. It generate/overwrite debian/copyright.
cp debian/copyright debian/copyright.orig cme update dpkg-copyright -trace diff -u debian/copyright.orig debian/copyright
Please be also noted that as an unwritten exception to the rule, Debian packages where the copyright of the autoconf files is not documented in the Debian copyright file are routinely accepted by our archive administrators. [0][1]
[0] https://lists.debian.org/debian-mentors/2009/09/msg00264.html
[1] https://lists.debian.org/debian-devel/2015/11/msg00260.html
Build the package
- You need to install build-dependencies first. Here's a way to remove easily afterwards.
mk-build-deps --root-cmd sudo --install
- debuild or dpkg-buildpackage
debuild -us -uc - or - dpkg-buildpackage -us -uc
Auto Check Tools
- lintian (Note: Just verbose the output, but not all of them is must-fix)
lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto
Other things to check
- There're many other things to check. Here're the incomplete list:
Alternative workflows
Ideas to be added to this page
- add sbuild/pbuilder usage
- "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
- debdiff between versions (in case of update)
filterdiff debdiff -i "*debian*" > debdiff.filtered
- apt build-dep (dsc-file) to build-dependencies