Debian Security Tools Packaging Team (pkg-security)

Infrastructure

Interacting with the team

Usual roles

Task description

Maintain correctly all security related tools. Merge back tools packaged by security-oriented Debian derivatives.

Get involved

Packaging rules

Git packaging tool and repository layout

We use git-buildpackage with full sources stored in the repository and with pristine-tar to be able to retrieve the orig tarball out of the git repository. We strive to respect DEP-14 for he repository layout.

You can create a new git repository by logging into git.debian.org and by running /git/pkg-security/setup-repository. Here's an example to create a repository for ssldump:

$ ssh git.debian.org
foo@moszumanska:~$ cd /git/pkg-security/
foo@moszumanska:/git/pkg-security$ ./setup-repository ssldump

The repository's HEAD will point to debian/master the default packaging branch suggested by DEP-14. The git hooks will send commit emails to the package tracker and will tag any fixed bug as "pending".

For a better experience you might want to set the following options in ~/.gbp.conf:

[DEFAULT]
pristine-tar = True
cleaner = /bin/true

[buildpackage]
sign-tags = True
export-dir = ../build-area/
ignore-branch = True

[import-orig]
filter-pristine-tar = True

[pq]
patch-numbers = False

The "ignore-branch" is important so that git-buildpackage doesn't complain of the unexpected name of the packaging branch. The "export-dir" setting ensures builds are done on a separate copy of the sources, thus avoiding to pollute/break the git repository with build artifacts.

Packaging helper

We use the "dh" command provided by debhelper to ensure we have short but expressive debian/rules files.