Procedure to review packaging for mentors
Get the package
- Usually sponsorship-requests (RFS) email tells how to get the package:
dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.
- Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Check the license
There're a few automatic tools. Just apt install to get them.
- debmake. It compares source tree and debian/copyright, then give you a report.
decopy. It generate a copyright file for reference. (not in stretch, can be installed from unstable https://packages.debian.org/sid/decopy)
decopy -o debian/copyright.tmp diff -u debian/copyright debian/copyright.tmp
- cme. It generate/overwrite debian/copyright.
cp debian/copyright debian/copyright.orig cme update dpkg-copyright -trace diff -u debian/copyright.orig debian/copyright
Build the package
- You need to install build-dependencies first. Here's a way to remove easily afterwards.
mk-build-deps --root-cmd sudo --install
- debuild or dpkg-buildpackage
debuild -us -uc - or - dpkg-buildpackage -us -uc
Auto Check Tools
- lintian (Note: Just verbose the output, but not all of them is must-fix)
lintian --info --display-info --display-experimental --pedantic --show-overrides --color auto
Other things to check
- There're many other things to check. Here're the incomplete list:
Ideas to be added to this page
- add sbuild/pbuilder usage
- "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
- debdiff between versions (in case of update)
filterdiff debdiff -i "*debian*" > debdiff.filtered
- apt build-dep (dsc-file) to build-dependencies