Skip to content

Commit

Permalink
WIP: Patches from Debian#225
Browse files Browse the repository at this point in the history
  • Loading branch information
@ottok
ottok committed Nov 24, 2024
1 parent 9ec9e68 commit a0f8d51
Show file tree
Hide file tree
Showing 5 changed files with 143 additions and 84 deletions.
100 changes: 16 additions & 84 deletions debian/patches/0001-Use-DEP-14-branch-names-debian-latest-and-upstream-l.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,20 @@ Subject: Use DEP-14 branch names `debian/latest` and `upstream/latest`

In DEP-14, the preferred branch name for the Debian packaging target
branch is `debian/latest` and the preferred name for the upstream import
target branch is `upstream/latest`. Note that the upstream development
branch name can be whatever and should stay as it is upstream, typically
`main` or `master`. The branch `upstream/latest` should not point to
the latest upstream development commit, but to the latest commit that
was used as the upstream release that the Debian revision was derived
from.
target branch is `upstream/latest`.

Note that the upstream development branch name can be whatever and should
stay as it is upstream, typically `main` or `master`. The branch
`upstream/latest` should not point to the latest upstream development
commit, but to the latest commit that was used as the upstream release
that the Debian revision was derived from.
---
make.go | 37 +++++++++----------------------------
template.go | 27 ++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 29 deletions(-)
make.go | 11 +++++++----
template.go | 3 ++-
2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/make.go b/make.go
index 9f48c07..b5376ff 100644
index 9f48c07..b768095 100644
--- a/make.go
+++ b/make.go
@@ -413,7 +413,7 @@ func runGitCommandIn(dir string, arg ...string) error {
Expand All @@ -37,17 +38,7 @@ index 9f48c07..b5376ff 100644
if pristineTar {
branches = append(branches, "pristine-tar")
}
@@ -482,7 +482,8 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
}

if includeUpstreamHistory {
- u.remote, err = shortHostName(gopkg, allowUnknownHoster)
+ // Always call the upstream git remote 'upstreamvcs' just like git-buildpackage does
+ u.remote = "upstreamvcs"
if err != nil {
return dir, fmt.Errorf("unable to fetch upstream history: %q", err)
}
@@ -502,6 +503,9 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
@@ -502,6 +502,9 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
// Import upstream orig tarball

arg := []string{"import-orig", "--no-interactive", "--debian-branch=" + debianBranch}
Expand All @@ -57,37 +48,7 @@ index 9f48c07..b5376ff 100644
if pristineTar {
arg = append(arg, "--pristine-tar")
}
@@ -516,29 +520,6 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
return dir, fmt.Errorf("import-orig: %w", err)
}

- {
- f, err := os.OpenFile(filepath.Join(dir, ".gitignore"), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
- if err != nil {
- return dir, fmt.Errorf("open .gitignore: %w", err)
- }
- // Beginning newline in case the file already exists and lacks a newline
- // (not all editors enforce a newline at the end of the file):
- if _, err := f.Write([]byte("\n/.pc/\n/_build/\n")); err != nil {
- return dir, fmt.Errorf("write to .gitignore: %w", err)
- }
- if err := f.Close(); err != nil {
- return dir, fmt.Errorf("close .gitignore: %w", err)
- }
- }
-
- if err := runGitCommandIn(dir, "add", ".gitignore"); err != nil {
- return dir, fmt.Errorf("git add .gitignore: %w", err)
- }
-
- if err := runGitCommandIn(dir, "commit", "-m", "Ignore _build and quilt .pc dirs via .gitignore"); err != nil {
- return dir, fmt.Errorf("git commit (.gitignore): %w", err)
- }
-
return dir, nil
}

@@ -892,7 +873,7 @@ func execMake(args []string, usage func()) {
@@ -892,7 +895,7 @@ func execMake(args []string, usage func()) {
// Set the debian branch.
debBranch := "master"
if dep14 {
Expand All @@ -96,7 +57,7 @@ index 9f48c07..b5376ff 100644
}

switch strings.TrimSpace(wrapAndSort) {
@@ -983,7 +964,7 @@ func execMake(args []string, usage func()) {
@@ -983,7 +986,7 @@ func execMake(args []string, usage func()) {

debversion := u.version + "-1"

Expand All @@ -106,10 +67,10 @@ index 9f48c07..b5376ff 100644
log.Fatalf("Could not create git repository: %v\n", err)
}
diff --git a/template.go b/template.go
index 4c87c7d..f60eb13 100644
index 4c87c7d..74cca68 100644
--- a/template.go
+++ b/template.go
@@ -337,12 +337,37 @@ func writeDebianGbpConf(dir string, dep14, pristineTar bool) error {
@@ -337,7 +337,8 @@ func writeDebianGbpConf(dir string, dep14, pristineTar bool) error {

fmt.Fprintf(f, "[DEFAULT]\n")
if dep14 {
Expand All @@ -119,32 +80,3 @@ index 4c87c7d..f60eb13 100644
fmt.Fprintf(f, "dist = DEP14\n")
}
if pristineTar {
fmt.Fprintf(f, "pristine-tar = True\n")
}
+
+ // Additional text to the template which is useful for 99% of the go packages
+ // NOTE: The v%%(version%%~%%.)s will print v%(version%~%.)s
+ fmt.Fprintf(f, `
+# Lax requirement to use branch name 'debian/latest' so that git-buildpackage
+# will always build using the currently checked out branch as the Debian branch.
+# This makes it easier for contributors to work with feature and bugfix
+# branches.
+ignore-branch = True
+
+# Configure the upstream tag format below, so that 'gbp import-orig' will run
+# correctly, and link tarball import branch ('upstream/latest') with the
+# equivalent upstream release tag, showing a complete audit trail of what
+# upstream released and what was imported into Debian.
+#
+# Most go packages have tags of form 'v1.0.0'
+#upstream-vcs-tag = v%%(version%%~%%.)s
+
+# Check that upstream signed git tags (options: auto|on|off)
+#upstream-signatures = on
+
+# Ensure the Debian maintainer signs git tags automatically
+#sign-tags = True
+`)
return nil
}

27 changes: 27 additions & 0 deletions debian/patches/0002-Always-call-upstream-git-remote-upstreamvcs.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
Date: Thu, 21 Nov 2024 00:18:30 -0800
Subject: Always call upstream git remote `upstreamvcs`

Instead of using various different upstream remote names, use the one and
same upstream git remote name consistently. As the name pick `upstreamvcs`
just as git-buildpackage does, so that if anybody runs `gbp clone` they
will automatically end up with the same git remotes and branches as anyone
in to go-team.
---
make.go | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/make.go b/make.go
index b768095..7b6f8d2 100644
--- a/make.go
+++ b/make.go
@@ -482,7 +482,8 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
}

if includeUpstreamHistory {
- u.remote, err = shortHostName(gopkg, allowUnknownHoster)
+ // Always call the upstream git remote 'upstreamvcs' just like git-buildpackage does
+ u.remote = "upstreamvcs"
if err != nil {
return dir, fmt.Errorf("unable to fetch upstream history: %q", err)
}
47 changes: 47 additions & 0 deletions debian/patches/0003-Extend-default-debian-gbp.conf-with-extra-security-c.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
Date: Thu, 21 Nov 2024 00:20:25 -0800
Subject: Extend default debian/gbp.conf with extra security config tips

When creating a new package, populate the git-buildpackage with additional
configs and in-line comments on why and how to use them. This will make
go packaging easier, more consistent and more secure as the best practices
flow to all packages via good defaults.
---
template.go | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

diff --git a/template.go b/template.go
index 74cca68..f60eb13 100644
--- a/template.go
+++ b/template.go
@@ -344,6 +344,30 @@ func writeDebianGbpConf(dir string, dep14, pristineTar bool) error {
if pristineTar {
fmt.Fprintf(f, "pristine-tar = True\n")
}
+
+ // Additional text to the template which is useful for 99% of the go packages
+ // NOTE: The v%%(version%%~%%.)s will print v%(version%~%.)s
+ fmt.Fprintf(f, `
+# Lax requirement to use branch name 'debian/latest' so that git-buildpackage
+# will always build using the currently checked out branch as the Debian branch.
+# This makes it easier for contributors to work with feature and bugfix
+# branches.
+ignore-branch = True
+
+# Configure the upstream tag format below, so that 'gbp import-orig' will run
+# correctly, and link tarball import branch ('upstream/latest') with the
+# equivalent upstream release tag, showing a complete audit trail of what
+# upstream released and what was imported into Debian.
+#
+# Most go packages have tags of form 'v1.0.0'
+#upstream-vcs-tag = v%%(version%%~%%.)s
+
+# Check that upstream signed git tags (options: auto|on|off)
+#upstream-signatures = on
+
+# Ensure the Debian maintainer signs git tags automatically
+#sign-tags = True
+`)
return nil
}

50 changes: 50 additions & 0 deletions debian/patches/0004-Stop-modifying-upstream-.gitignore-file.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
Date: Thu, 21 Nov 2024 00:23:12 -0800
Subject: Stop modifying upstream .gitignore file

The fact that Debian builds produce extra files in the build directory
is a separate concern and should not be managed by .gitignores in upstream
directory. Anyways, the list is not going to be complete on most packages,
and instead of extending the list, a better practice is to have proper
`make clean` rules in the `debian/rules`, or to simply run `git clean -fdx`
between builds. Additionally, everyone should be using `gbp pq` to update
patches instead of legacy Quilt, so no more `.pc` directories should be
generated.
---
make.go | 23 -----------------------
1 file changed, 23 deletions(-)

diff --git a/make.go b/make.go
index 7b6f8d2..b5376ff 100644
--- a/make.go
+++ b/make.go
@@ -520,29 +520,6 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
return dir, fmt.Errorf("import-orig: %w", err)
}

- {
- f, err := os.OpenFile(filepath.Join(dir, ".gitignore"), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
- if err != nil {
- return dir, fmt.Errorf("open .gitignore: %w", err)
- }
- // Beginning newline in case the file already exists and lacks a newline
- // (not all editors enforce a newline at the end of the file):
- if _, err := f.Write([]byte("\n/.pc/\n/_build/\n")); err != nil {
- return dir, fmt.Errorf("write to .gitignore: %w", err)
- }
- if err := f.Close(); err != nil {
- return dir, fmt.Errorf("close .gitignore: %w", err)
- }
- }
-
- if err := runGitCommandIn(dir, "add", ".gitignore"); err != nil {
- return dir, fmt.Errorf("git add .gitignore: %w", err)
- }
-
- if err := runGitCommandIn(dir, "commit", "-m", "Ignore _build and quilt .pc dirs via .gitignore"); err != nil {
- return dir, fmt.Errorf("git commit (.gitignore): %w", err)
- }
-
return dir, nil
}

3 changes: 3 additions & 0 deletions debian/patches/series
View file
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
0001-Use-DEP-14-branch-names-debian-latest-and-upstream-l.patch
0002-Always-call-upstream-git-remote-upstreamvcs.patch
0003-Extend-default-debian-gbp.conf-with-extra-security-c.patch
0004-Stop-modifying-upstream-.gitignore-file.patch

0 comments on commit a0f8d51

Please sign in to comment.