Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.devel > #114409

Re: Simpler git workflow for packaging with upstreamless repositories

From "Theodore Ts'o" <tytso@mit.edu>
Newsgroups linux.debian.devel
Subject Re: Simpler git workflow for packaging with upstreamless repositories
Date 2024-11-28 21:40 +0100
Message-ID <JNTsR-cicF-3@gated-at.bofh.it> (permalink)
References (5 earlier) <JN2ox-bKl7-3@gated-at.bofh.it> <JN2Rz-bKL0-3@gated-at.bofh.it> <JN5FM-bMw7-13@gated-at.bofh.it> <JNHL3-cb1Q-7@gated-at.bofh.it> <JNJa9-cbOY-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

On Thu, Nov 28, 2024 at 10:35:49AM +0100, Simon Josefsson wrote:
> 
> I think this is a good example of us talking past each other in this
> thread: some people question the value of pristine in the first place
> (and I've been compelled by those arguments), and some people argue that
> the cost is small and there are no bugs (or at least lack of bug
> reports).

Our current system addresses a number of requirements, and it seems to
me that a number of the alternate solutions don't necessarily meet all
of the requirements.

Some of these requirements include:

*) We want an easy way to make sure the sources used to rebuild debian
   packages aren't maliciously modified.  We do this today via PGP
   signed tarballs.

*) As much as possible, we want to be able to use the unmodified
   source files are officially released by upstream.  Which might be a
   tarball and/or a signed git tag.

*) The sources that we redistribute alongside our binary packages must
   be DFSG compliant.  In some cases this might mean repacking the
   tar file, and might interfere with using upstream's official signed git
   tag.

*) We don't want to break the interface provided by "apt-get source" and
   debian source packages more generally.

I have my own personal requirements that might not be shared by
others.  For example, I don't like having to keep source tarballs
around when I need to rebuild debian packages, and tracking them down
by hand.  I also want to keep the storage overhead as much as possible
(hence, why I like pristine-tar).  And I want it to all work
automatically using my current build tools, which today is
git-buildpackage.  And finally, I am occasionally doing work in
network constrained environments (for example, while using my laptop
in an airplane), so I prefer to avoid solutions that start with "and
then we download the tar.gz file from the network".

Perhaps we could avoid talking past we formally had a list of
requirements, and then match possible alternative approachs with how
well they meet the agreed-upon requirements, and which requirements
proponents want to dispense with because (at least for them), It's
Just Not Worth It?

> If we are worried about malicious upstreams replacing tarballs, or
> man-in-the-middle attacks, I think my debian/upstream/*SUMS approach is
> a more effective solution to that problem.

Maybe... if there were tools that made it super easy to validate the
tarball against the *SUMS files without needing to unpack the tarball
first?  Possibly with an inline GPG signature so we don't have to have
separate SHA256SUM and SHA256SUM.asc files?  For bonus points, maybe
also a tool that validates a SHA256SUM file with a git commit id,
again without needing to do a "git checkout" first?

I will note that this approach would break backwads compatibility with
existing Debian source packaging, right?  That is, you're proposing
that the debian/usptream/*SUMS file would replace the
*.orig.tar.gz.asc file?

						- Ted

Back to linux.debian.devel | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Simpler git workflow for packaging with upstreamless repositories Kari Pahula <kaol@debian.org> - 2024-11-18 16:50 +0100
  Re: Simpler git workflow for packaging with upstreamless repositories Soren Stoutner <soren@debian.org> - 2024-11-18 17:20 +0100
    Re: Simpler git workflow for packaging with upstreamless repositories Holger Levsen <holger@layer-acht.org> - 2024-11-19 16:30 +0100
      Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-21 05:20 +0100
        Re: Simpler git workflow for packaging with upstreamless repositories Holger Levsen <holger@layer-acht.org> - 2024-11-21 12:30 +0100
          Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-21 14:40 +0100
            Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-22 03:20 +0100
          Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-21 18:10 +0100
          Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-22 03:00 +0100
            Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-22 12:40 +0100
              Re: Simpler git workflow for packaging with upstreamless  repositories "Jonathan Dowland" <jmtd@debian.org> - 2024-11-26 10:00 +0100
        Re: Simpler git workflow for packaging with upstreamless repositories Soren Stoutner <soren@debian.org> - 2024-11-22 01:20 +0100
        Re: Simpler git workflow for packaging with upstreamless  repositories "Jonathan Dowland" <jmtd@debian.org> - 2024-11-26 10:00 +0100
          Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-26 12:00 +0100
            Re: Simpler git workflow for packaging with upstreamless  repositories "Jonathan Dowland" <jmtd@debian.org> - 2024-11-26 13:00 +0100
              Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-26 13:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-26 16:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-26 17:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Holger Levsen <holger@layer-acht.org> - 2024-11-26 18:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Mechtilde Stehmann <mechtilde@debian.org> - 2024-11-26 19:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-26 19:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Sean Whitton <spwhitton@spwhitton.name> - 2024-12-03 03:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-12-03 09:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-26 19:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-26 19:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-26 21:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Colin Watson <cjwatson@debian.org> - 2024-11-26 21:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-26 21:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Colin Watson <cjwatson@debian.org> - 2024-11-26 23:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-27 10:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories gregor herrmann <gregoa@debian.org> - 2024-11-27 11:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-27 11:20 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Marco d'Itri <md@Linux.IT> - 2024-11-28 09:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-28 10:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories gregor herrmann <gregoa@debian.org> - 2024-11-28 10:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-28 11:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories gregor herrmann <gregoa@debian.org> - 2024-11-28 12:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-28 13:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Marc Haber <mh+debian-devel@zugschlus.de> - 2024-11-27 13:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-27 13:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Marc Haber <mh+debian-devel@zugschlus.de> - 2024-11-27 13:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-27 13:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Marc Haber <mh+debian-devel@zugschlus.de> - 2024-11-27 14:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-27 14:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Sean Whitton <spwhitton@spwhitton.name> - 2024-12-03 03:50 +0100
                Re: Simpler git workflow for packaging with upstreamless  repositories "Andrea Pappacoda" <tachi@debian.org> - 2024-12-07 14:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-12-07 18:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Holger Levsen <holger@layer-acht.org> - 2024-12-07 19:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Sean Whitton <spwhitton@spwhitton.name> - 2024-12-10 00:10 +0100
                Re: Simpler git workflow for packaging with upstreamless  repositories "Jonathan Dowland" <jmtd@debian.org> - 2024-12-09 22:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-27 05:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Aaron Rainbolt <arraybolt3@gmail.com> - 2024-11-27 06:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-27 13:20 +0100
                Re: Simpler git workflow for packaging with upstreamless  repositories "Jonathan Dowland" <jmtd@debian.org> - 2024-12-02 13:50 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories "Theodore Ts'o" <tytso@mit.edu> - 2024-11-28 09:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-28 10:40 +0100
                Re: Simpler git workflow for packaging with upstreamless  repositories Pirate Praveen <praveen@onenetbeyond.org> - 2024-11-28 11:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Paul Gevers <elbrus@debian.org> - 2024-11-28 13:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Pirate Praveen <praveen@onenetbeyond.org> - 2024-11-28 13:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Pirate Praveen <praveen@onenetbeyond.org> - 2024-11-28 13:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-28 13:20 +0100
                Re: Simpler git workflow for packaging with upstreamless  repositories Pirate Praveen <praveen@onenetbeyond.org> - 2024-11-28 15:10 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-28 15:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-29 03:20 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Sean Whitton <spwhitton@spwhitton.name> - 2024-11-29 08:00 +0100
                Re: Simpler git workflow for packaging with upstreamless  repositories Pirate Praveen <praveen@onenetbeyond.org> - 2024-11-29 13:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories sre4ever@free.fr - 2024-11-29 13:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Jonas Smedegaard <jonas@jones.dk> - 2024-11-29 15:20 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories sre4ever@free.fr - 2024-11-29 17:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Jonas Smedegaard <jonas@jones.dk> - 2024-11-29 18:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories sre4ever@free.fr - 2024-11-29 19:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Chris Hofstaedtler <zeha@debian.org> - 2024-11-28 13:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories "Theodore Ts'o" <tytso@mit.edu> - 2024-11-28 21:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-29 11:00 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories sre4ever@free.fr - 2024-11-29 17:20 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Sean Whitton <spwhitton@spwhitton.name> - 2024-12-03 03:50 +0100
              Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-26 14:50 +0100
              Re: Simpler git workflow for packaging with upstreamless repositories Marco d'Itri <md@Linux.IT> - 2024-11-26 23:40 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Johannes Schauer Marin Rodrigues <josch@debian.org> - 2024-11-27 05:30 +0100
                Re: Simpler git workflow for packaging with upstreamless repositories Marco d'Itri <md@linux.it> - 2024-11-27 09:00 +0100
  Re: Simpler git workflow for packaging with upstreamless repositories Peter Pentchev <roam@ringlet.net> - 2024-11-18 17:30 +0100
    Re: Simpler git workflow for packaging with upstreamless repositories Kari Pahula <kaol@debian.org> - 2024-11-18 19:20 +0100
      Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-18 19:40 +0100
      Re: Simpler git workflow for packaging with upstreamless repositories Blair Noctis <ncts@debian.org> - 2024-11-22 07:50 +0100
  Re: Simpler git workflow for packaging with upstreamless repositories Andrey Rakhmatullin <wrar@debian.org> - 2024-11-18 19:20 +0100
  Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-19 07:40 +0100
    Re: Simpler git workflow for packaging with upstreamless repositories Johannes Schauer Marin Rodrigues <josch@debian.org> - 2024-11-22 00:40 +0100
      Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-22 12:30 +0100
        Re: Simpler git workflow for packaging with upstreamless repositories Johannes Schauer Marin Rodrigues <josch@debian.org> - 2024-11-22 12:50 +0100
          Re: Simpler git workflow for packaging with upstreamless repositories Simon Josefsson <simon@josefsson.org> - 2024-11-22 13:10 +0100
            Re: Simpler git workflow for packaging with upstreamless repositories Johannes Schauer Marin Rodrigues <josch@debian.org> - 2024-11-22 13:30 +0100
          Re: Simpler git workflow for packaging with upstreamless repositories sre4ever@free.fr - 2024-11-27 09:20 +0100
            Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-27 10:00 +0100
      Re: Simpler git workflow for packaging with upstreamless repositories Otto Kekäläinen <otto@debian.org> - 2024-11-23 00:20 +0100
        Re: Simpler git workflow for packaging with upstreamless repositories Johannes Schauer Marin Rodrigues <josch@debian.org> - 2024-11-23 07:40 +0100
  Re: Simpler git workflow for packaging with upstreamless repositories Sean Whitton <spwhitton@spwhitton.name> - 2024-11-21 03:30 +0100
  Re: Simpler git workflow for packaging with upstreamless repositories Stefano Rivera <stefanor@debian.org> - 2024-11-21 15:20 +0100

csiph-web