WIP: Debian#225 at e2bfbec

ottok · Nov 24, 2024 · ee5f331 · ee5f331
1 parent d40fef2
commit ee5f331
Show file tree

Hide file tree

Showing 5 changed files with 209 additions and 0 deletions.
diff --git a/debian/patches/0001-Use-DEP-14-branch-names-debian-latest-and-upstream-l.patch b/debian/patches/0001-Use-DEP-14-branch-names-debian-latest-and-upstream-l.patch
@@ -0,0 +1,82 @@
+From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
+Date: Tue, 19 Nov 2024 22:21:58 -0800
+Subject: Use DEP-14 branch names `debian/latest` and `upstream/latest`
+
+In DEP-14, the preferred branch name for the Debian packaging target
+branch is `debian/latest` and the preferred name for the upstream import
+target branch is `upstream/latest`.
+
+Note that the upstream development branch name can be whatever and should
+stay as it is upstream, typically `main` or `master`. The branch
+`upstream/latest` should not point to the latest upstream development
+commit, but to the latest commit that was used as the upstream release
+that the Debian revision was derived from.
+---
+ make.go     | 11 +++++++----
+ template.go |  3 ++-
+ 2 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/make.go b/make.go
+index 9f48c07..b768095 100644
+--- a/make.go
++++ b/make.go
+@@ -413,7 +413,7 @@ func runGitCommandIn(dir string, arg ...string) error {
+ }
+
+ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
+-	includeUpstreamHistory bool, allowUnknownHoster bool, debianBranch string, pristineTar bool) (string, error) {
++	includeUpstreamHistory bool, allowUnknownHoster bool, debianBranch string, dep14 bool, pristineTar bool) (string, error) {
+ 	wd, err := os.Getwd()
+ 	if err != nil {
+ 		return "", fmt.Errorf("get cwd: %w", err)
+@@ -468,7 +468,7 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
+
+ 	// Preconfigure branches
+
+-	branches := []string{debianBranch, "upstream"}
++	branches := []string{debianBranch, "upstream/latest"}
+ 	if pristineTar {
+ 		branches = append(branches, "pristine-tar")
+ 	}
+@@ -502,6 +502,9 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
+ 	// Import upstream orig tarball
+
+ 	arg := []string{"import-orig", "--no-interactive", "--debian-branch=" + debianBranch}
++	if dep14 {
++		arg = append(arg, "--upstream-branch=upstream/latest")
++	}
+ 	if pristineTar {
+ 		arg = append(arg, "--pristine-tar")
+ 	}
+@@ -892,7 +895,7 @@ func execMake(args []string, usage func()) {
+ 	// Set the debian branch.
+ 	debBranch := "master"
+ 	if dep14 {
+-		debBranch = "debian/sid"
++		debBranch = "debian/latest"
+ 	}
+
+ 	switch strings.TrimSpace(wrapAndSort) {
+@@ -983,7 +986,7 @@ func execMake(args []string, usage func()) {
+
+ 	debversion := u.version + "-1"
+
+-	dir, err := createGitRepository(debsrc, gopkg, orig, u, includeUpstreamHistory, allowUnknownHoster, debBranch, pristineTar)
++	dir, err := createGitRepository(debsrc, gopkg, orig, u, includeUpstreamHistory, allowUnknownHoster, debBranch, dep14, pristineTar)
+ 	if err != nil {
+ 		log.Fatalf("Could not create git repository: %v\n", err)
+ 	}
+diff --git a/template.go b/template.go
+index 4c87c7d..74cca68 100644
+--- a/template.go
++++ b/template.go
+@@ -337,7 +337,8 @@ func writeDebianGbpConf(dir string, dep14, pristineTar bool) error {
+
+ 	fmt.Fprintf(f, "[DEFAULT]\n")
+ 	if dep14 {
+-		fmt.Fprintf(f, "debian-branch = debian/sid\n")
++		fmt.Fprintf(f, "debian-branch = debian/latest\n")
++		fmt.Fprintf(f, "upstream-branch = upstream/latest\n")
+ 		fmt.Fprintf(f, "dist = DEP14\n")
+ 	}
+ 	if pristineTar {
diff --git a/debian/patches/0002-Always-call-upstream-git-remote-upstreamvcs.patch b/debian/patches/0002-Always-call-upstream-git-remote-upstreamvcs.patch
@@ -0,0 +1,27 @@
+From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
+Date: Thu, 21 Nov 2024 00:18:30 -0800
+Subject: Always call upstream git remote `upstreamvcs`
+
+Instead of using various different upstream remote names, use the one and
+same upstream git remote name consistently. As the name pick `upstreamvcs`
+just as git-buildpackage does, so that if anybody runs `gbp clone` they
+will automatically end up with the same git remotes and branches as anyone
+in to go-team.
+---
+ make.go | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/make.go b/make.go
+index b768095..7b6f8d2 100644
+--- a/make.go
++++ b/make.go
+@@ -482,7 +482,8 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
+ 	}
+
+ 	if includeUpstreamHistory {
+-		u.remote, err = shortHostName(gopkg, allowUnknownHoster)
++		// Always call the upstream git remote 'upstreamvcs' just like git-buildpackage does
++		u.remote = "upstreamvcs"
+ 		if err != nil {
+ 			return dir, fmt.Errorf("unable to fetch upstream history: %q", err)
+ 		}
diff --git a/debian/patches/0003-Extend-default-debian-gbp.conf-with-extra-security-c.patch b/debian/patches/0003-Extend-default-debian-gbp.conf-with-extra-security-c.patch
@@ -0,0 +1,46 @@
+From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
+Date: Thu, 21 Nov 2024 00:20:25 -0800
+Subject: Extend default debian/gbp.conf with extra security config tips
+
+When creating a new package, populate the git-buildpackage with additional
+configs and in-line comments on why and how to use them. This will make
+go packaging easier, more consistent and more secure as the best practices
+flow to all packages via good defaults.
+---
+ template.go | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/template.go b/template.go
+index 74cca68..837e3ff 100644
+--- a/template.go
++++ b/template.go
+@@ -344,6 +344,29 @@ func writeDebianGbpConf(dir string, dep14, pristineTar bool) error {
+ 	if pristineTar {
+ 		fmt.Fprintf(f, "pristine-tar = True\n")
+ 	}
++
++	// Additional text to the template which is useful for 99% of the go packages
++	fmt.Fprint(f, `
++# Lax requirement to use branch name 'debian/latest' so that git-buildpackage
++# will always build using the currently checked out branch as the Debian branch.
++# This makes it easier for contributors to work with feature and bugfix
++# branches.
++ignore-branch = True
++
++# Configure the upstream tag format below, so that 'gbp import-orig' will run
++# correctly, and link tarball import branch ('upstream/latest') with the
++# equivalent upstream release tag, showing a complete audit trail of what
++# upstream released and what was imported into Debian.
++#
++# Most go packages have tags of form 'v1.0.0'
++#upstream-vcs-tag = v%(version%~%-)s
++
++# Check that upstream signed git tags (options: auto|on|off)
++#upstream-signatures = on
++
++# Ensure the Debian maintainer signs git tags automatically
++#sign-tags = True
++`)
+ 	return nil
+ }
+
diff --git a/debian/patches/0004-Stop-modifying-upstream-.gitignore-file.patch b/debian/patches/0004-Stop-modifying-upstream-.gitignore-file.patch
@@ -0,0 +1,50 @@
+From: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <[email protected]>
+Date: Thu, 21 Nov 2024 00:23:12 -0800
+Subject: Stop modifying upstream .gitignore file
+
+The fact that Debian builds produce extra files in the build directory
+is a separate concern and should not be managed by .gitignores in upstream
+directory. Anyways, the list is not going to be complete on most packages,
+and instead of extending the list, a better practice is to have proper
+`make clean` rules in the `debian/rules`, or to simply run `git clean -fdx`
+between builds. Additionally, everyone should be using `gbp pq` to update
+patches instead of legacy Quilt, so no more `.pc` directories should be
+generated.
+---
+ make.go | 23 -----------------------
+ 1 file changed, 23 deletions(-)
+
+diff --git a/make.go b/make.go
+index 7b6f8d2..b5376ff 100644
+--- a/make.go
++++ b/make.go
+@@ -520,29 +520,6 @@ func createGitRepository(debsrc, gopkg, orig string, u *upstream,
+ 		return dir, fmt.Errorf("import-orig: %w", err)
+ 	}
+
+-	{
+-		f, err := os.OpenFile(filepath.Join(dir, ".gitignore"), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+-		if err != nil {
+-			return dir, fmt.Errorf("open .gitignore: %w", err)
+-		}
+-		// Beginning newline in case the file already exists and lacks a newline
+-		// (not all editors enforce a newline at the end of the file):
+-		if _, err := f.Write([]byte("\n/.pc/\n/_build/\n")); err != nil {
+-			return dir, fmt.Errorf("write to .gitignore: %w", err)
+-		}
+-		if err := f.Close(); err != nil {
+-			return dir, fmt.Errorf("close .gitignore: %w", err)
+-		}
+-	}
+-
+-	if err := runGitCommandIn(dir, "add", ".gitignore"); err != nil {
+-		return dir, fmt.Errorf("git add .gitignore: %w", err)
+-	}
+-
+-	if err := runGitCommandIn(dir, "commit", "-m", "Ignore _build and quilt .pc dirs via .gitignore"); err != nil {
+-		return dir, fmt.Errorf("git commit (.gitignore): %w", err)
+-	}
+-
+ 	return dir, nil
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
@@ -0,0 +1,4 @@
+0001-Use-DEP-14-branch-names-debian-latest-and-upstream-l.patch
+0002-Always-call-upstream-git-remote-upstreamvcs.patch
+0003-Extend-default-debian-gbp.conf-with-extra-security-c.patch
+0004-Stop-modifying-upstream-.gitignore-file.patch