Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
We should make sure the generated tarball has its filenames sorted,
otherwise tar will use whatever order comes from the filesystem.
|
|
Add new archive-keyrings and archive-keyrings-historic for archive
related keyrings. Rename keyrings to package-keyrings for the source
package keyrings. And add a compatibility keyrings hook that aliases
to package-keyrings and emits a deprecation warning.
Prompted-by: Johannes Schauer <josch@debian.org>
|
|
Clamp the mtime of the source files when building the tarball to the
first defined value from the source_date option, SOURCE_DATE_EPOCH
environment variable or time().
This makes sure the generated source tarballs always contain the same
mtime for files or directories that have been modified during the build.
|
|
We know the current date, so let's make it easier on maintainers by
presetting the field value when generating the patch header template.
Closes: #828146
Based-on-patch-by: Daniel Shahaf <danielsh@apache.org>
|
|
The current stable dpkg series does not support extracting upstream tar
signatures. So let's disable this for now until either those are
supported in 1.17.x or 1.18.x, and we'll be able to enable them again
in 1.18.x or 1.19.x respectively.
|
|
These are strongly discouraged by the man-pages project, because they
are redundant with the copyright notices, and tend to get out-of-sync.
In addition their format is inconsitent. Just remove them in the same
way we did for man pages in the past.
|
|
Closes: #826334
|
|
Erroring out when no strong checksums are present is very harsh, as we
do not even do something similar for invalid/unknown/expired signatures
which means doing this for checksums has really no point.
Add a new command-line option to force the behavior to be strict, and
change to a warning.
Regression introduced in commit 040973c7a1e50b78ef042ef5ffbfff0440c24700.
Closes: #823428
Reported-by: Niko Tyni <ntyni@debian.org>
|
|
The -si and -sn arguments are handled in previous code branches.
|
|
If there are upstream signatures for orig.tar files, pick them up and
include them in the .dsc file.
See: #759478
|
|
Upstream orig tarballs usually come with detached signatures, which would
be useful to have in the source package, as an additional check that could
be performed to verify its integrity and provenance.
Fixes: #759478
Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
The message is confusing as it refers to the command, but we might use
gpg2, also the message talks about the command not being installed when
in this context it would be expected a package. Instead use the software
name GnuPG.
|
|
This is used by dpkg-source --extract, which can still be disabled with
--no-check.
|
|
We still accept source and binary packages with missing or empty
Architecture fields, but when building either of these, we require
the field to be present.
|
|
This will print source format specific options depending on the
--format version specified.
|
|
Reword the warning message to make it clear that the diff might be
patching the file more than once, not just twice, which might be
incorrect. And only emit a single warning.
|
|
When we check if the first quilt patch in a series can be applied, we
use «patch --dry-run» with other options, but that cannot work if the
same diff patches a file multiple times, as patch does not record the
previous state in memory.
We are alredy detecting this condition, but only emitting a warning,
instead make it possible to turn it into a fatal error.
Closes: #810720
Reported-by: Apollon Oikonomopoulos <apoikos@debian.org>
|
|
|
|
This way any transformation done for error messages gets applied
consistently to all error output.
|
|
When extracting a source package, do not warn if the pathname to remove
is an empty directory, just silently remove it, as it might be part of
a git repository, as a submodule for example.
Closes: #796671
|
|
The function options should come before any other option. And at least
the --owner and --group options might become positional in the same way
--no-recursion did with tar > 1.28, according to upstream. Suffle
options around to make sure this does not cause any problems in the
future.
|
|
This effectively reverts commit 867c88dadccff6e285c48dadccb61f9001b50d9b.
There is no point in excluding pre-existing symlinks when unpacking the
packaging tarball, as GNU tar will make sure to unlink any symlink
before extracting an object replacing it. So there should be no danger
of escaping the directory.
Closes: #790073, #791535
|
|
Explicitly import File::Spec, to avoid relying on the other imports in
the same file.
|
|
Regression introduced in commit 5e59d94a17051b1185c591a1fc3eed00e3b01070.
Closes: #789957
|
|
|
|
Warned-by: spellintian
|
|
|
|
This avoids having to use a temporary variable, and makes the code more
clear.
|
|
This has two purposes, first it will make it easier to know if the
module version needs to be bumped for the current development release,
and second it will make it easier for users to know how "old" that
module version is, and to which dpkg series and specific version it
corresponds to.
|
|
|
|
For GNU patch the default value for -g is already 0, but that option is
not available in other systems, such as FreeBSD. Let's switch to use the
environment variable PATCH_GET, so that we make sure it gets set to a
known value, and so that we can stop using the unportable option.
|
|
|
|
|
|
That is "" or '', and not the unbalanced `' pair.
|
|
|
|
|
|
|
|
Place 'use' strict and warnings first, then Exporter 'our' declarations,
then Test module imports, then system module imports, then Dpkg module
imports, then 'use' parent and overload pragmas, separated by a blank
line for each block.
Split each exported symbol declaration into its own line to ease
modifications.
|
|
|
|
|
|
|
|
We should have a recent enough Perl now.
|
|
Use make_path() instead of mkpath(), and remove_tree() instead of
rmtree().
|
|
|
|
The old function name was inconsistent with the other gettext family
of short aliases which has already caused some code typos, and functions
starting with underscore are considered by convention private in Perl.
|
|
Upstream tarballs usually come with detached signatures, which would be
useful to have in the source package, as an additional check that could
be performed to verify its integrity and provenance.
For now just allow the detached signatures to be listed in the file
fields in the source control file (.dsc).
Closes: #759478
Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
This makes it clear what is the current version of the module, and that
it is a public interface.
|
|
Fixes ControlStructures::ProhibitMutatingListFunctions.
Warned-by: perlcritic
|