Procedure to review packaging for mentors
Get the package
- Usually sponsorship-requests (RFS) email tells how to get the package:
dget -x https://mentors.debian.net/debian/pool/main/x/yyy/yyy_zzz-1.dsc
Unless you have the sponsee's key (for example, they're in the DM keyring), you should replace the -x with -ux or dpkg-source will refuse to extract the source package.
- Consider asking the sponsee to put their package in a git repository. This makes things easier when you expect to do several rounds of review.
Check the license
- There're a few automatic tools. Just apt install to get them.
- debmake. It compares source tree and debian/copyright, then give you a report.
- decopy. It generate a copyright file for reference.
decopy -o debian/copyright.tmp
- cme. It generate/overwrite debian/copyright.
cp debian/copyright debian/copyright.orig cme update dpkg-copyright -trace
Build the package
- You need to install build-dependencies first. Here's a way to remove easily afterwards.
mk-build-deps sudo dpkg -i <yyy_build-deps_zzz-1.deb> sudo apt install -f
- debuild or dpkg-buildpackage
debuild -us -uc - or - dpkg-buildpackage -us -uc
Auto Check Tools
- lintian (Note: Just verbose the output, but not all of them is must-fix)
lintian -I --pedemic
Other things to check
- There're many other things to check. Here're the incomplete list:
Ideas to be added to this page
- add sbuild/pbuilder usage
- "dget -u" unpacks the source in case you already trust the person (but you didn't update the keyring)
- debdiff between versions (in case of update)
filterdiff debdiff -i "*debian*" > debdiff.filtered
- apt build-dep (dsc-file) to build-dependencies