From 2fe5868931634968c6387e626baeb27075ecfc77 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 6 Nov 2015 11:04:49 -0200 Subject: Fix file extensions --- TODO.md | 50 ---------------- basics.md | 72 ---------------------- basics.mdwn | 72 ++++++++++++++++++++++ bin/debian-build | 8 +++ bin/debian-dev-setup | 10 ++++ bin/debian-keyring-setup | 25 ++++++++ checking.md | 127 --------------------------------------- checking.mdwn | 127 +++++++++++++++++++++++++++++++++++++++ debian-build | 8 --- debian-dev-setup | 10 ---- debian-keyring-setup | 25 -------- leap.md | 153 ----------------------------------------------- leap.mdwn | 153 +++++++++++++++++++++++++++++++++++++++++++++++ python.md | 31 ---------- python.mdwn | 31 ++++++++++ references.md | 30 ---------- references.mdwn | 30 ++++++++++ ruby.md | 5 -- ruby.mdwn | 5 ++ todo.mdwn | 50 ++++++++++++++++ 20 files changed, 511 insertions(+), 511 deletions(-) delete mode 100644 TODO.md delete mode 100644 basics.md create mode 100644 basics.mdwn create mode 100755 bin/debian-build create mode 100755 bin/debian-dev-setup create mode 100755 bin/debian-keyring-setup delete mode 100644 checking.md create mode 100644 checking.mdwn delete mode 100755 debian-build delete mode 100755 debian-dev-setup delete mode 100755 debian-keyring-setup delete mode 100644 leap.md create mode 100644 leap.mdwn delete mode 100644 python.md create mode 100644 python.mdwn delete mode 100644 references.md create mode 100644 references.mdwn delete mode 100644 ruby.md create mode 100644 ruby.mdwn create mode 100644 todo.mdwn diff --git a/TODO.md b/TODO.md deleted file mode 100644 index dae1f7b..0000000 --- a/TODO.md +++ /dev/null @@ -1,50 +0,0 @@ -TODO -==== - -Organization ------------- - -* Scripts: - * `debian-keyring-setup`. - * `debian-dev-setup`. - * `debian-build`. -* Merge all `build-area` folders. -* Deploy as a ikiwiki + git-annex instance, replacing reprepro. -* Try an [AutomateBackports](https://wiki.debian.org/AutomateBackports) setup. -* Vagrant: run `debian-dev-setup` as an additional shell provisioner. -* Security: https://wiki.debian.org/SecurePbuilder - -Upstream --------- - -* Fill a Debian bug report: `dpkg-source` doesn't honour `GNUPGHOME`. - -Backport --------- - -* compton -* mutt with opportunistic encryption: - * http://dev.mutt.org/hg/mutt/rev/b38c4838976f and other patches - * https://www.8t8.us/mutt/patches/ - * [#757117 - mutt-patched: Please add patch to encrypt postponed messages - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757117). -* [firejail](https://l3net.wordpress.com/projects/firejail/) [from sid](https://packages.debian.org/sid/firejail). - -Port ----- - -* [acpi-call](http://hybrid-graphics-linux.tuxfamily.org/index.php?title=Acpi_call). -* [Pond](https://pond.imperialviolet.org/). -* [leap-cli](https://leap.se) (check http://deb.leap.se and `ruby.md`). -* [Blingbling](http://awesome.naquadah.org/wiki/Blingbling). -* [x2go-server](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465821). -* [Terminology](https://www.enlightenment.org/p.php?p=about/terminology). -* [playpen](https://github.com/thestinger/playpen). -* [minijail](https://github.com/omegaup/minijail). - -WNPP ----- - -Before packaging anything, have a look at: - -* [WNPP](http://wnpp.debian.net). -* [Debian Git](http://anonscm.debian.org/gitweb/). diff --git a/basics.md b/basics.md deleted file mode 100644 index 53b19c7..0000000 --- a/basics.md +++ /dev/null @@ -1,72 +0,0 @@ -Basic packaging -=============== - -Getting the debianized source ------------------------------ - -Using `dget`: - - dget $remote_dsc - cd $package* - -Using `apt-get`: - - apt-get source package - -Checking the source -------------------- - -See `checking.md`. - -Extracting the source ---------------------- - -If needed, do this after your successfully verified the sources: - - dpkg-source -x *.dsc - -Getting dependencies --------------------- - -To get: - - apt-get build-dep package - -To remove: - - hydractl remove-dep package - -Creating the `debian/` structure --------------------------------- - -If the package wasn't debianized, proceed with - - if [ ! -d "debian" ]; then - dh_make -p ${package}_${version} --createorig - fi - -Simple build ------------- - - dch -i - dpkg-buildpackage -rfakeroot -sa -k$KEY_ID - -Creating a new debian source ----------------------------- - - cd .. - dpkg-source -b $package* - debsign $package*.dsc - -Building and signing --------------------- - -To generate signatures, remove `-uc` and `-us` from `dpkg-buildpackage` (see -[Complete build](http://www.debian.org/doc/maint-guide/ch-build.pt-br.html#s-completebuild)): - - dpkg-buildpackage -rfakeroot - -To sign using an specific key: - - dpkg-buildpackage -rfakeroot -kKEY_ID - diff --git a/basics.mdwn b/basics.mdwn new file mode 100644 index 0000000..53b19c7 --- /dev/null +++ b/basics.mdwn @@ -0,0 +1,72 @@ +Basic packaging +=============== + +Getting the debianized source +----------------------------- + +Using `dget`: + + dget $remote_dsc + cd $package* + +Using `apt-get`: + + apt-get source package + +Checking the source +------------------- + +See `checking.md`. + +Extracting the source +--------------------- + +If needed, do this after your successfully verified the sources: + + dpkg-source -x *.dsc + +Getting dependencies +-------------------- + +To get: + + apt-get build-dep package + +To remove: + + hydractl remove-dep package + +Creating the `debian/` structure +-------------------------------- + +If the package wasn't debianized, proceed with + + if [ ! -d "debian" ]; then + dh_make -p ${package}_${version} --createorig + fi + +Simple build +------------ + + dch -i + dpkg-buildpackage -rfakeroot -sa -k$KEY_ID + +Creating a new debian source +---------------------------- + + cd .. + dpkg-source -b $package* + debsign $package*.dsc + +Building and signing +-------------------- + +To generate signatures, remove `-uc` and `-us` from `dpkg-buildpackage` (see +[Complete build](http://www.debian.org/doc/maint-guide/ch-build.pt-br.html#s-completebuild)): + + dpkg-buildpackage -rfakeroot + +To sign using an specific key: + + dpkg-buildpackage -rfakeroot -kKEY_ID + diff --git a/bin/debian-build b/bin/debian-build new file mode 100755 index 0000000..529d81a --- /dev/null +++ b/bin/debian-build @@ -0,0 +1,8 @@ +#!/bin/bash +# +# Simpler debian builder. +# + +# Placeholder +echo "TODO" +exit 1 diff --git a/bin/debian-dev-setup b/bin/debian-dev-setup new file mode 100755 index 0000000..41f02a1 --- /dev/null +++ b/bin/debian-dev-setup @@ -0,0 +1,10 @@ +#!/bin/bash +# +# Setup development environment. +# + +# Parameter +PACKAGES="/var/data/apps/distros/debian/packages" + +# Required folders +mkdir -p $PACKAGES diff --git a/bin/debian-keyring-setup b/bin/debian-keyring-setup new file mode 100755 index 0000000..7e00e89 --- /dev/null +++ b/bin/debian-keyring-setup @@ -0,0 +1,25 @@ +#!/bin/bash +# +# Setup a local debian-keyring repository. +# + +# Parameters +CWD="`pwd`" + +# Make sure the keyring repository is initialized +git submodule update --init || exit 1 + +# Go there +cd keyring + +# Build the keyring +make || exit 1 + +# Symlink +ln -s output/keyrings/debian-keyring.gpg output/keyrings/debian-keyring.gpg/trustedkeys.gpg || exit 1 +ln -s output/keyrings output/.gnupg || exit 1 + +# Write devscripts configuration +cat < output/.devscripts +DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg:$CWD/keyrings/debian-keyring.gpg" +EOF diff --git a/checking.md b/checking.md deleted file mode 100644 index f99fa1d..0000000 --- a/checking.md +++ /dev/null @@ -1,127 +0,0 @@ -Checking the source -=================== - -Debian Images -------------- - -See [Verifying authenticity of Debian CDs](https://www.debian.org/CD/verify). - -Source packages ---------------- - -This is the trick part. In theory, you could run just - - dscverify *.dsc - -Which would check if the signature was made for a key included in the `debian-keyring` package or if you -have a verification path with the signing key. - -In practice, it should always work for sources you download from the **same** Debian version you're running. -But sources you download from newer versions might not work, depending basically if the maintainer's key is -already on the `debian-keyring` you installed. - -### Using a newer debian-keyring package - -You might want to try a newer `debian-keyring` package (for testing or unstable), which we haven't tested -yet but can reduce a lot of complexity that follows. - -### Install manually debian-keyring somewhere - -If not, you might try to have a newer copy of the `debian-keyring` somewhere. We already provide one in the -form of git://anonscm.debian.org/keyring/keyring.git available as a git submodule in the `keyring` folder: - - gpg --no-default-keyring --keyring /path/to/debian/keyring/output/keyrings/debian-keyring.gpg --verify *.dsc - -You might also want to have the following on your `~/.devscripts` (line break just to keep formatting here): - - DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg: - /path/to/debian/keyring/output/keyrings/debian-keyring.gpg" - -Or you can use the following alias: - - alias dscverify='dscverify --keyring /path/to/debian/keyring/output/keyrings/debian-keyring.gpg' - -This assumes that you initialized the `keyring` submodule and compiled the keyrings: - - ( cd keyring && make ) - -We use `--no-default-keyring` to make sure `gpg` just looks for the key in the `debian-maintainers` keyring. - -Another option is to get the specific key: - - gpg --recv-keys 12345678 - -Either way, you have to have a criteria about how much trust you should give to the keyring or the pubkey -you just downloaded. The same goes for software you're porting to Debian and that you can't actually check -it's signature against `debian-keyring`. - -Things get even trickier when you try to use `dpkg-source`. - -Even if you symlink `keyring/output/keyrings/debian-keyring.gpg` as `keyring/output/keyrings/debian-keyring.gpg/trustedkeys.gpg` -and point `GNUPGHOME` to this folder you'll still get a weird behavior: - - 0 $ dget http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc - dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc - % Total % Received % Xferd Average Speed Time Time Time Current - Dload Upload Total Spent Left Speed - 100 1827 100 1827 0 0 2626 0 --:--:-- --:--:-- --:--:-- 4911 - dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2.orig.tar.gz - % Total % Received % Xferd Average Speed Time Time Time Current - Dload Upload Total Spent Left Speed - 100 26055 100 26055 0 0 20738 0 0:00:01 0:00:01 --:--:-- 27455 - dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.debian.tar.xz - % Total % Received % Xferd Average Speed Time Time Time Current - Dload Upload Total Spent Left Speed - 100 2892 100 2892 0 0 4183 0 --:--:-- --:--:-- --:--:-- 8078 - ruby-childprocess_0.5.2-1.dsc: - Good signature found - validating ruby-childprocess_0.5.2.orig.tar.gz - validating ruby-childprocess_0.5.2-1.debian.tar.xz - All files validated successfully. - gpgv: Signature made Seg 28 Abr 2014 18:03:27 BRT using RSA key ID 39CD217A - gpgv: Impossível verificar assinatura: chave pública não encontrada - dpkg-source: warning: failed to verify signature on ./ruby-childprocess_0.5.2-1.dsc - dpkg-source: info: extracting ruby-childprocess in ruby-childprocess-0.5.2 - dpkg-source: info: unpacking ruby-childprocess_0.5.2.orig.tar.gz - dpkg-source: info: unpacking ruby-childprocess_0.5.2-1.debian.tar.xz - 0 $ - -What happened here is that `dscverify` honoured our custom configuration above while `dpkg-source` is still relying on -the one available in the `debian-keyring` package. - -Even if you remove the `debian-keyring` package, it will still fallback to your `$HOME/.gnupg/trustedkeys.gpg` which -you don't really want to fill with keys you actually haven't stablished a proper trust relationship. - -As currently `dpkg-source` doesn't honour `GNUPGHOME` (see TODO for bugreport), all we can do currently is call `dget` -and `dpkg-source` with - - HOME=/path/to/debian/keyring/output/ dpkg-source -x $package*dsc - HOME=/path/to/debian/keyring/output/ dget - -For this trick to work, you'll need to - - ( cd /path/to/debian/keyring/output/ && ln -s keyrings .gnupg && cd .gnupg && ln -s debian-keyring.gpg trustedkeys.gpg ) - -And also set the `/path/to/debian/keyring/output/.devscripts` to the following content: - - DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg: - ~/keyrings/debian-keyring.gpg" - -Again, you might set two handy aliases: - - alias dpkg-source='HOME=/path/to/debian/keyring/output/ dpkg-source' - alias dget='HOME=/path/to/debian/keyring/output/ dget' - -As a last touch, import your own key into this keyring: - - gpg --armor --export $KEYID | \ - gpg --no-default-keyring --keyring /path/to/debian/keyring/output/.gnupg/trustedkeys.gpg --import - -Then you might be happy... for a while :P - -See also: - -* `dscverify(1)` manpage. -* [Debian Public Key Server](http://keyring.debian.org/). -* [apt get - How to get apt-get source verification working? - Super User](https://superuser.com/questions/626810/how-to-get-apt-get-source-verification-working). -* [Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY - Server Fault](http://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g/337283#337283). diff --git a/checking.mdwn b/checking.mdwn new file mode 100644 index 0000000..f99fa1d --- /dev/null +++ b/checking.mdwn @@ -0,0 +1,127 @@ +Checking the source +=================== + +Debian Images +------------- + +See [Verifying authenticity of Debian CDs](https://www.debian.org/CD/verify). + +Source packages +--------------- + +This is the trick part. In theory, you could run just + + dscverify *.dsc + +Which would check if the signature was made for a key included in the `debian-keyring` package or if you +have a verification path with the signing key. + +In practice, it should always work for sources you download from the **same** Debian version you're running. +But sources you download from newer versions might not work, depending basically if the maintainer's key is +already on the `debian-keyring` you installed. + +### Using a newer debian-keyring package + +You might want to try a newer `debian-keyring` package (for testing or unstable), which we haven't tested +yet but can reduce a lot of complexity that follows. + +### Install manually debian-keyring somewhere + +If not, you might try to have a newer copy of the `debian-keyring` somewhere. We already provide one in the +form of git://anonscm.debian.org/keyring/keyring.git available as a git submodule in the `keyring` folder: + + gpg --no-default-keyring --keyring /path/to/debian/keyring/output/keyrings/debian-keyring.gpg --verify *.dsc + +You might also want to have the following on your `~/.devscripts` (line break just to keep formatting here): + + DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg: + /path/to/debian/keyring/output/keyrings/debian-keyring.gpg" + +Or you can use the following alias: + + alias dscverify='dscverify --keyring /path/to/debian/keyring/output/keyrings/debian-keyring.gpg' + +This assumes that you initialized the `keyring` submodule and compiled the keyrings: + + ( cd keyring && make ) + +We use `--no-default-keyring` to make sure `gpg` just looks for the key in the `debian-maintainers` keyring. + +Another option is to get the specific key: + + gpg --recv-keys 12345678 + +Either way, you have to have a criteria about how much trust you should give to the keyring or the pubkey +you just downloaded. The same goes for software you're porting to Debian and that you can't actually check +it's signature against `debian-keyring`. + +Things get even trickier when you try to use `dpkg-source`. + +Even if you symlink `keyring/output/keyrings/debian-keyring.gpg` as `keyring/output/keyrings/debian-keyring.gpg/trustedkeys.gpg` +and point `GNUPGHOME` to this folder you'll still get a weird behavior: + + 0 $ dget http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc + dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 100 1827 100 1827 0 0 2626 0 --:--:-- --:--:-- --:--:-- 4911 + dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2.orig.tar.gz + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 100 26055 100 26055 0 0 20738 0 0:00:01 0:00:01 --:--:-- 27455 + dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.debian.tar.xz + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 100 2892 100 2892 0 0 4183 0 --:--:-- --:--:-- --:--:-- 8078 + ruby-childprocess_0.5.2-1.dsc: + Good signature found + validating ruby-childprocess_0.5.2.orig.tar.gz + validating ruby-childprocess_0.5.2-1.debian.tar.xz + All files validated successfully. + gpgv: Signature made Seg 28 Abr 2014 18:03:27 BRT using RSA key ID 39CD217A + gpgv: Impossível verificar assinatura: chave pública não encontrada + dpkg-source: warning: failed to verify signature on ./ruby-childprocess_0.5.2-1.dsc + dpkg-source: info: extracting ruby-childprocess in ruby-childprocess-0.5.2 + dpkg-source: info: unpacking ruby-childprocess_0.5.2.orig.tar.gz + dpkg-source: info: unpacking ruby-childprocess_0.5.2-1.debian.tar.xz + 0 $ + +What happened here is that `dscverify` honoured our custom configuration above while `dpkg-source` is still relying on +the one available in the `debian-keyring` package. + +Even if you remove the `debian-keyring` package, it will still fallback to your `$HOME/.gnupg/trustedkeys.gpg` which +you don't really want to fill with keys you actually haven't stablished a proper trust relationship. + +As currently `dpkg-source` doesn't honour `GNUPGHOME` (see TODO for bugreport), all we can do currently is call `dget` +and `dpkg-source` with + + HOME=/path/to/debian/keyring/output/ dpkg-source -x $package*dsc + HOME=/path/to/debian/keyring/output/ dget + +For this trick to work, you'll need to + + ( cd /path/to/debian/keyring/output/ && ln -s keyrings .gnupg && cd .gnupg && ln -s debian-keyring.gpg trustedkeys.gpg ) + +And also set the `/path/to/debian/keyring/output/.devscripts` to the following content: + + DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg: + ~/keyrings/debian-keyring.gpg" + +Again, you might set two handy aliases: + + alias dpkg-source='HOME=/path/to/debian/keyring/output/ dpkg-source' + alias dget='HOME=/path/to/debian/keyring/output/ dget' + +As a last touch, import your own key into this keyring: + + gpg --armor --export $KEYID | \ + gpg --no-default-keyring --keyring /path/to/debian/keyring/output/.gnupg/trustedkeys.gpg --import + +Then you might be happy... for a while :P + +See also: + +* `dscverify(1)` manpage. +* [Debian Public Key Server](http://keyring.debian.org/). +* [apt get - How to get apt-get source verification working? - Super User](https://superuser.com/questions/626810/how-to-get-apt-get-source-verification-working). +* [Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY - Server Fault](http://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g/337283#337283). diff --git a/debian-build b/debian-build deleted file mode 100755 index 529d81a..0000000 --- a/debian-build +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -# -# Simpler debian builder. -# - -# Placeholder -echo "TODO" -exit 1 diff --git a/debian-dev-setup b/debian-dev-setup deleted file mode 100755 index 41f02a1..0000000 --- a/debian-dev-setup +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# -# Setup development environment. -# - -# Parameter -PACKAGES="/var/data/apps/distros/debian/packages" - -# Required folders -mkdir -p $PACKAGES diff --git a/debian-keyring-setup b/debian-keyring-setup deleted file mode 100755 index 7e00e89..0000000 --- a/debian-keyring-setup +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# -# Setup a local debian-keyring repository. -# - -# Parameters -CWD="`pwd`" - -# Make sure the keyring repository is initialized -git submodule update --init || exit 1 - -# Go there -cd keyring - -# Build the keyring -make || exit 1 - -# Symlink -ln -s output/keyrings/debian-keyring.gpg output/keyrings/debian-keyring.gpg/trustedkeys.gpg || exit 1 -ln -s output/keyrings output/.gnupg || exit 1 - -# Write devscripts configuration -cat < output/.devscripts -DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg:$CWD/keyrings/debian-keyring.gpg" -EOF diff --git a/leap.md b/leap.md deleted file mode 100644 index e669df4..0000000 --- a/leap.md +++ /dev/null @@ -1,153 +0,0 @@ -Example: packaging leap_cli and dependencies -============================================ - -Upstream: https://leap.se/code/issues/6503 - -Determine dependencies ----------------------- - -First, in a *fresh* vagrant box with *sid* and *testing* in the `sources.list`: - - sudo apt-get install rubygems gem2deb - sudo gem install leap_cli - -Then we get the dependencies and build all packages: - - dependencies=" `gem list | cut -d '(' -f 1` " - -Which currently gives us the following result: - -* activemodel -* activesupport -* base32 -* blockenspiel -* builder -* capistrano -* colored -* command_line_reporter -* gli -* gpgme -* highline -* i18n -* json -* json_pure -* leap_cli -* mini_portile -* minitest -* net-scp -* net-sftp -* net-ssh -* net-ssh-gateway -* paint -* tee -* thread_safe -* tzinfo -* versionomy -* ya2yaml - -Gem cleanup: - - sudo gem uninstall $dependencies - -Check existing dependencies: - - for item in $dependencies; do - package=ruby-"`echo $item | sed -e 's/_/-/'`" - packages="$packages $package" - done - - apt-get install --dry-run $packages - -Then: - -* Check for non-existing packages. -* Try different package names. -* Update your list of existing `$packages`. - -In this example we have the following `$already_ported` dependencies: - -* capistrano -* ruby-activemodel -* ruby-activesupport -* ruby-blockenspiel -* ruby-builder -* ruby-colored -* ruby-gpgme -* ruby-highline -* ruby-i18n -* ruby-json -* ruby-minitest -* ruby-net-scp -* ruby-net-sftp -* ruby-net-ssh -* ruby-net-ssh-gateway -* ruby-paint -* ruby-thread-safe -* ruby-tzinfo -* ruby-versionomy - -That means the following `$gems` needs to be packaged: - -* base32 -* command_line_reporter -* gli -* json_pure (we can just use ruby-json and ignore this dependency) -* leap_cli -* mini_portile -* tee -* ya2yaml - -In summary, we need to port the following `$new_packages`: - -* ruby-base32 -* ruby-command-line-reporter -* ruby-gli -* ruby-mini-portile -* ruby-tee -* ruby-ya2yaml -* ruby-leap-cli - -Build remaining packages ------------------------- - - for gem in $gems; do - gem2deb $gem - done - -Getting the source for the existing packages --------------------------------------------- - - for package in $already_ported; do - apt-get -t jessie source --download-only $package - dpkg-source -x $package*dsc - done - -Next steps ----------- - -* Fix `debian/control` and other `FIXME` on each package. -* Put `debian/` folder in a `debian` branch on each source. -* Fix [tests](https://wiki.debian.org/Teams/Ruby/Packaging/Tests). -* [Other best practices](https://wiki.debian.org/Teams/Ruby/RubyExtras/UpstreamDevelopers). -* [Review the code](https://manual.sarava.org/specs/code/). -* Automate building with pbuilder for `sid`. -* Fix lintian warnings. -* Upstream pull requests. -* Backport everything to `wheezy`. - -Per-package tasks ------------------ - -* ruby-faker: - * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765124 - * https://github.com/rails/rails/issues/13164 -* ruby-leap-cli: - * net-ssh compatibility: - * https://github.com/net-ssh/net-ssh/issues/145 - * https://github.com/capistrano/capistrano/issues/927 - * workflow: - - git checkout develop - git archive --prefix=leap-cli-1.5.6/ --format=tar HEAD | bzip2 > ../tarballs/leap-cli-1.5.6.tar.bz2 - git checkout debian - git-buildpackage --git-ignore-branch diff --git a/leap.mdwn b/leap.mdwn new file mode 100644 index 0000000..e669df4 --- /dev/null +++ b/leap.mdwn @@ -0,0 +1,153 @@ +Example: packaging leap_cli and dependencies +============================================ + +Upstream: https://leap.se/code/issues/6503 + +Determine dependencies +---------------------- + +First, in a *fresh* vagrant box with *sid* and *testing* in the `sources.list`: + + sudo apt-get install rubygems gem2deb + sudo gem install leap_cli + +Then we get the dependencies and build all packages: + + dependencies=" `gem list | cut -d '(' -f 1` " + +Which currently gives us the following result: + +* activemodel +* activesupport +* base32 +* blockenspiel +* builder +* capistrano +* colored +* command_line_reporter +* gli +* gpgme +* highline +* i18n +* json +* json_pure +* leap_cli +* mini_portile +* minitest +* net-scp +* net-sftp +* net-ssh +* net-ssh-gateway +* paint +* tee +* thread_safe +* tzinfo +* versionomy +* ya2yaml + +Gem cleanup: + + sudo gem uninstall $dependencies + +Check existing dependencies: + + for item in $dependencies; do + package=ruby-"`echo $item | sed -e 's/_/-/'`" + packages="$packages $package" + done + + apt-get install --dry-run $packages + +Then: + +* Check for non-existing packages. +* Try different package names. +* Update your list of existing `$packages`. + +In this example we have the following `$already_ported` dependencies: + +* capistrano +* ruby-activemodel +* ruby-activesupport +* ruby-blockenspiel +* ruby-builder +* ruby-colored +* ruby-gpgme +* ruby-highline +* ruby-i18n +* ruby-json +* ruby-minitest +* ruby-net-scp +* ruby-net-sftp +* ruby-net-ssh +* ruby-net-ssh-gateway +* ruby-paint +* ruby-thread-safe +* ruby-tzinfo +* ruby-versionomy + +That means the following `$gems` needs to be packaged: + +* base32 +* command_line_reporter +* gli +* json_pure (we can just use ruby-json and ignore this dependency) +* leap_cli +* mini_portile +* tee +* ya2yaml + +In summary, we need to port the following `$new_packages`: + +* ruby-base32 +* ruby-command-line-reporter +* ruby-gli +* ruby-mini-portile +* ruby-tee +* ruby-ya2yaml +* ruby-leap-cli + +Build remaining packages +------------------------ + + for gem in $gems; do + gem2deb $gem + done + +Getting the source for the existing packages +-------------------------------------------- + + for package in $already_ported; do + apt-get -t jessie source --download-only $package + dpkg-source -x $package*dsc + done + +Next steps +---------- + +* Fix `debian/control` and other `FIXME` on each package. +* Put `debian/` folder in a `debian` branch on each source. +* Fix [tests](https://wiki.debian.org/Teams/Ruby/Packaging/Tests). +* [Other best practices](https://wiki.debian.org/Teams/Ruby/RubyExtras/UpstreamDevelopers). +* [Review the code](https://manual.sarava.org/specs/code/). +* Automate building with pbuilder for `sid`. +* Fix lintian warnings. +* Upstream pull requests. +* Backport everything to `wheezy`. + +Per-package tasks +----------------- + +* ruby-faker: + * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765124 + * https://github.com/rails/rails/issues/13164 +* ruby-leap-cli: + * net-ssh compatibility: + * https://github.com/net-ssh/net-ssh/issues/145 + * https://github.com/capistrano/capistrano/issues/927 + * workflow: + + git checkout develop + git archive --prefix=leap-cli-1.5.6/ --format=tar HEAD | bzip2 > ../tarballs/leap-cli-1.5.6.tar.bz2 + git checkout debian + git-buildpackage --git-ignore-branch diff --git a/python.md b/python.md deleted file mode 100644 index 42eabd6..0000000 --- a/python.md +++ /dev/null @@ -1,31 +0,0 @@ -Python packaging -================ - -Example: using [stdeb](http://github.com/astraw/stdeb) to build [http://kedpm.sf.net]. - - sudo apt-get install stdeb fakeroot - sudo apt-get install python-crypto libglade2-0 python-gtk2 python-glade2 - -File `~/.pydistutils.cfg`: - - [sdist_dsc] - force-buildsystem: False - -File `kedpm.cfg`: - - [DEFAULT] - Package: kedpm - Maintainer: User Name - Depends: python-crypto - -Getting the code: - - wget http://downloads.sourceforge.net/project/kedpm/kedpm/0.4.0/kedpm-0.4.0.tar.gz - -Packaging: - - py2dsc --extra-cfg-file kedpm.cfg kedpm-0.4.0.tar.gz - cd deb_dist/kedpm-0.4.0 - dpkg-buildpackage -rfakeroot -uc -us - cd .. - sudo dpkg -i kedpm_0.4.0-1_all.deb diff --git a/python.mdwn b/python.mdwn new file mode 100644 index 0000000..42eabd6 --- /dev/null +++ b/python.mdwn @@ -0,0 +1,31 @@ +Python packaging +================ + +Example: using [stdeb](http://github.com/astraw/stdeb) to build [http://kedpm.sf.net]. + + sudo apt-get install stdeb fakeroot + sudo apt-get install python-crypto libglade2-0 python-gtk2 python-glade2 + +File `~/.pydistutils.cfg`: + + [sdist_dsc] + force-buildsystem: False + +File `kedpm.cfg`: + + [DEFAULT] + Package: kedpm + Maintainer: User Name + Depends: python-crypto + +Getting the code: + + wget http://downloads.sourceforge.net/project/kedpm/kedpm/0.4.0/kedpm-0.4.0.tar.gz + +Packaging: + + py2dsc --extra-cfg-file kedpm.cfg kedpm-0.4.0.tar.gz + cd deb_dist/kedpm-0.4.0 + dpkg-buildpackage -rfakeroot -uc -us + cd .. + sudo dpkg -i kedpm_0.4.0-1_all.deb diff --git a/references.md b/references.md deleted file mode 100644 index eec77fc..0000000 --- a/references.md +++ /dev/null @@ -1,30 +0,0 @@ -References -========== - -General -------- - -* [Overview — Ubuntu Packaging Guide](http://packaging.ubuntu.com/html/). -* [Debian New Maintainers' Guide](https://www.debian.org/doc/manuals/maint-guide/). -* [Debugging Debian package installations](http://mdcc.cx/debian/debugging_debian_package_installations.html). -* [Debian Policy Manual](https://www.debian.org/doc/debian-policy/). - -Pbuilder and cowbuilder ------------------------ - -* [PbuilderTricks](https://wiki.debian.org/PbuilderTricks). -* [cowbuilder](https://wiki.debian.org/cowbuilder). - -Backporting ------------ - -* [Backporting Debian packages with pbuilder](http://www.tolaris.com/2009/03/31/backporting-debian-packages-with-pbuilder/). -* [Using pbuilder to backport Debian packages](http://edseek.com/~jasonb/articles/pbuilder_backports/). -* [BuildingFormalBackports - Debian Wiki](https://wiki.debian.org/BuildingFormalBackports#Building_multi-dependencies_packages). - -Packaging with git ------------------- - -* [Co-maintaining a Debian package with Git and git-buildpackage | workaround.org](https://workaround.org/debian-git-comaintenance). -* [PackagingWithGit - Debian Wiki](https://wiki.debian.org/PackagingWithGit). -* [Building Debian Packages with git-buildpackage](http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.html). diff --git a/references.mdwn b/references.mdwn new file mode 100644 index 0000000..eec77fc --- /dev/null +++ b/references.mdwn @@ -0,0 +1,30 @@ +References +========== + +General +------- + +* [Overview — Ubuntu Packaging Guide](http://packaging.ubuntu.com/html/). +* [Debian New Maintainers' Guide](https://www.debian.org/doc/manuals/maint-guide/). +* [Debugging Debian package installations](http://mdcc.cx/debian/debugging_debian_package_installations.html). +* [Debian Policy Manual](https://www.debian.org/doc/debian-policy/). + +Pbuilder and cowbuilder +----------------------- + +* [PbuilderTricks](https://wiki.debian.org/PbuilderTricks). +* [cowbuilder](https://wiki.debian.org/cowbuilder). + +Backporting +----------- + +* [Backporting Debian packages with pbuilder](http://www.tolaris.com/2009/03/31/backporting-debian-packages-with-pbuilder/). +* [Using pbuilder to backport Debian packages](http://edseek.com/~jasonb/articles/pbuilder_backports/). +* [BuildingFormalBackports - Debian Wiki](https://wiki.debian.org/BuildingFormalBackports#Building_multi-dependencies_packages). + +Packaging with git +------------------ + +* [Co-maintaining a Debian package with Git and git-buildpackage | workaround.org](https://workaround.org/debian-git-comaintenance). +* [PackagingWithGit - Debian Wiki](https://wiki.debian.org/PackagingWithGit). +* [Building Debian Packages with git-buildpackage](http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.html). diff --git a/ruby.md b/ruby.md deleted file mode 100644 index c11a92d..0000000 --- a/ruby.md +++ /dev/null @@ -1,5 +0,0 @@ -Ruby packaging -============== - -* See [this](https://wiki.debian.org/Teams/Ruby/Packaging). -* Example: `leap.md`. diff --git a/ruby.mdwn b/ruby.mdwn new file mode 100644 index 0000000..c11a92d --- /dev/null +++ b/ruby.mdwn @@ -0,0 +1,5 @@ +Ruby packaging +============== + +* See [this](https://wiki.debian.org/Teams/Ruby/Packaging). +* Example: `leap.md`. diff --git a/todo.mdwn b/todo.mdwn new file mode 100644 index 0000000..dae1f7b --- /dev/null +++ b/todo.mdwn @@ -0,0 +1,50 @@ +TODO +==== + +Organization +------------ + +* Scripts: + * `debian-keyring-setup`. + * `debian-dev-setup`. + * `debian-build`. +* Merge all `build-area` folders. +* Deploy as a ikiwiki + git-annex instance, replacing reprepro. +* Try an [AutomateBackports](https://wiki.debian.org/AutomateBackports) setup. +* Vagrant: run `debian-dev-setup` as an additional shell provisioner. +* Security: https://wiki.debian.org/SecurePbuilder + +Upstream +-------- + +* Fill a Debian bug report: `dpkg-source` doesn't honour `GNUPGHOME`. + +Backport +-------- + +* compton +* mutt with opportunistic encryption: + * http://dev.mutt.org/hg/mutt/rev/b38c4838976f and other patches + * https://www.8t8.us/mutt/patches/ + * [#757117 - mutt-patched: Please add patch to encrypt postponed messages - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757117). +* [firejail](https://l3net.wordpress.com/projects/firejail/) [from sid](https://packages.debian.org/sid/firejail). + +Port +---- + +* [acpi-call](http://hybrid-graphics-linux.tuxfamily.org/index.php?title=Acpi_call). +* [Pond](https://pond.imperialviolet.org/). +* [leap-cli](https://leap.se) (check http://deb.leap.se and `ruby.md`). +* [Blingbling](http://awesome.naquadah.org/wiki/Blingbling). +* [x2go-server](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465821). +* [Terminology](https://www.enlightenment.org/p.php?p=about/terminology). +* [playpen](https://github.com/thestinger/playpen). +* [minijail](https://github.com/omegaup/minijail). + +WNPP +---- + +Before packaging anything, have a look at: + +* [WNPP](http://wnpp.debian.net). +* [Debian Git](http://anonscm.debian.org/gitweb/). -- cgit v1.2.3