# $Id: sponsorship_checklist.txt 1680 2009-07-09 07:46:18Z joostvb $ # $URL: svn+ssh://agate.conuropsis.org/home/users/joostvb/srv/svn/www.mdcc.cx/trunk/mdcc.cx/debian/sponsorship_checklist.txt $ Some things to do when QA checking Debian packages ================================================== These are commands and tools to run when inspecting a Debian package to check its quality. Useful for Debian Developers being offered a package for a sponsored upload. This document is inspired by/based upon Matthew Palmer's Checklist for sponsored packages (http://people.debian.org/~mpalmer/sponsorship_checklist.html). The list -------- Example for a package called "hello". 1) Get the .diff.gz. (If you have an appropriate deb-src entry in sources.list, you could first do something like: joostvb@nagy:~% apt-get --print-uris source hello ) If you have the url to a .dsc file, you can now run: joostvb@nagy:/usr...src/debian/hello% dget http://mentors.debian.net/debian/pool/main/h/hello/hello_1.8.8.i-1.dsc The last command doesn't need a full-blown aptable repository: if the packager just puts .orig.tar.gz, .diff.gz and .dsc in one directory on her webserver, things work. 2) Check the integrity of the .dsc file joostvb@nagy:/usr...src/debian/hello% gpg --verify hello_1.8.8.i-1.dsc gpg: Good signature from "John Doe " 3) Apply the the .diff.gz to the packager-supplied .orig.tar.gz joostvb@nagy:/usr...src/debian/hello% dpkg-source -x hello_1.8.8.i-1.dsc 4) Get the upstream tar.gz. If the packager ships a watch file, run: joostvb@nagy:/usr...n/hello-1.8.8.i% uscan --verbose --force-download --no-symlink --destdir=/usr/local/src/hello (In case a watchfile is lacking, just use e.g. wget.) 5) Check the integrity of the packager-supplied .orig.tar.gz joostvb@nagy:/usr/local/src% sha256sum hello/hello_1.8.8i.tar.gz debian/hello/hello_1.8.8.i.orig.tar.gz 2fa5384d2ba6a8e1dc7f8df2d7411f0cc259e68d89f30f77023b9f7ed60ad8b0 hello/hello_1.8.8i.tar.gz 2fa5384d2ba6a8e1dc7f8df2d7411f0cc259e68d89f30f77023b9f7ed60ad8b0 debian/hello/hello_1.8.8.i.orig.tar.gz x) Run licensecheck(1) FIXME 6) Eyeball the .diff.gz joostvb@nagy:/usr...src/debian/hello% less hello_1.8.8.i-1.diff.gz licensecheck(1) (from the devscripts Debian package) might be helpful here. 7) If you have checked a previous version of the package, eyeball the differences with the prior version joostvb@nagy:/usr...src/debian/hello% debdiff hello_1.8.8.g-2.dsc hello_1.8.8.i-1.dsc | less 8) Build the package joostvb@nagy:/usr...hello-1.8.8.i% debuild -uc -us 9) inspect lintian results debuild automagically runs lintian. 10) Eyeball the build log joostvb@nagy:/usr...hello-1.8.8.i% less ../hello_1.8.8.i-1_i386.build 11) Peek at the generated binary package joostvb@nagy:/usr...hello-1.8.8.i% debc | less 12) If you have checked a previous version of the package, inspect the differences in the binary packages joostvb@nagy:/usr...src/debian/hello% debdiff hello_1.8.8.g-2_all.deb hello_1.8.8.i-1_all.deb 13) Test the maintainer scripts root@nagy:~# dpkg -i /usr/local/src/debian/hello/hello_1.8.8.i-1_all.deb and --remove, --purge , upgrade 14) Test any programs and scripts installed by the package. View manpages too. 14) Build the package again, and sign it joostvb@nagy:/usr...hello-1.8.8.i% debuild -k0xDEADBEEF 15) If all went well: upload it joostvb@nagy:/usr...hello-1.8.8.i% dupload --to anonymous-ftp-master ../hello_1.8.8.i-1_i386.changes 16) Check wether the upload went well joostvb@nagy:/usr...hello-1.8.8.i% cat ../hello_1.8.8.i-1_i386.upload 17) Watch your mailbox for ACK's by the Debian machines To do ----- use piuparts use pbuilder(8). (it makes sure your build environment is clean. you'll need root access. set BUILDUSERID and BUILDUSERNAME to minimize root processes. use pbuilder-uml if you want to do everything as non-root) NB: if you use po-ized debconf, do not forget to run podebconf-report-po a t about 1 week before uploading to the archive! See also -------- http://www.debian.org/doc/developers-reference/ch-new-maintainer.en.html#s-getting-started http://people.debian.org/~mpalmer/debian-mentors_FAQ.html http://people.debian.org/~mpalmer/sponsorship_checklist.html http://mentors.debian.net/ http://sponsors.debian.net/ Thanks ------ Geert Stappers for feedback. Author, copyright ----------------- Copyright (C) 2007, 2008 Joost van Baal Redistribution and use, with or without modification, are permitted provided that the above copyright notice, this condition and the following disclaimer are retained. This work is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.