Ubuntu

Bug #2034642
Comment #10

Comment 10 for bug 2034642

Revision history for this message

Lucas Kanashiro (lucaskanashiro) wrote on 2023-10-19:

#10

Hi,

I took a look at the current state of the package in the git repository and I have some notes to share:

- Source packag name: why did you decide to use arm-trusted-firmware-s32 when
upstream names it as arm-trusted-firmware? I was not able to find the reason
behind that decision.

- d/watch: it is not working properly. There is also a typo in the
filenamemangle option:

diff --git a/debian/watch b/debian/watch
index 73f7a4b86..8af606be8 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,6 +1,6 @@
version=4
opts="\
-filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firware-s32-$2-$1\.tar\.gz/,\
+filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/,\
uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/,\
" \
https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz

When trying to run uscan to download the version your are packaging it fails:

$ uscan --verbose --download-version 2.5-bsp37.0
uscan info: uscan (version 2.20.2ubuntu2) See uscan(1) for help
uscan info: Scan watch files in .
uscan info: Check debian/watch and debian/changelog in .
uscan info: package="arm-trusted-firmware-s32" version="2.5-bsp37.0-8" (as seen in debian/changelog)
uscan info: package="arm-trusted-firmware-s32" version="2.5-bsp37.0" (no epoch/revision)
uscan info: ./debian/changelog sets package="arm-trusted-firmware-s32" version="2.5-bsp37.0"
uscan info: Process watch file at: debian/watch
    package = arm-trusted-firmware-s32
    version = 2.5-bsp37.0
    pkg_dir = .
uscan info: opts: filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/,uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/,
uscan info: line: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz
uscan info: Parsing filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/
uscan info: Parsing uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/
uscan info: line: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz
uscan info: Last orig.tar.* tarball version (from debian/changelog): 2.5-bsp37.0
uscan info: Download the --download-version specified version: 2.5-bsp37.0
uscan info: Requesting URL:
   https://github.com/nxp-auto-linux/arm-trusted-firmware/tags
uscan info: Matching pattern:
   (?:(?:https://github.com)?\/nxp\-auto\-linux\/arm\-trusted\-firmware\/tags)?.*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz
uscan info: Found the following matching hrefs on the web page (newest first):
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp38.0-2.5.tar.gz (2.5-bsp38.0) index=2.5-bsp38.0-1
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz (2.5-bsp37.0) index=2.5-bsp37.0-1 matched with the download version
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp36.0-2.5.tar.gz (2.5-bsp36.0) index=2.5-bsp36.0-1
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp35.0-2.5.tar.gz (2.5-bsp35.0) index=2.5-bsp35.0-1
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp34.2-2.5.tar.gz (2.5-bsp34.2) index=2.5-bsp34.2-1
uscan info: Looking at $base = https://github.com/nxp-auto-linux/arm-trusted-firmware/tags with
    $filepattern = .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz found
    $newfile = /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
    $newversion = 2.5-bsp37.0
    $lastversion = 2.5-bsp37.0
uscan info: Matching target for downloadurlmangle: https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Upstream URL(+tag) to download is identified as https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Matching target for filenamemangle: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Filename (filenamemangled) for downloaded file: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan: Newest version of arm-trusted-firmware-s32 on remote site is 2.5-bsp37.0, specified download version is 2.5-bsp37.0
uscan info: Downloading upstream package: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan info: Requesting URL:
   https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Successfully downloaded package: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan info: Start checking for common possible upstream OpenPGP signature files
uscan info: End checking for common possible upstream OpenPGP signature files
uscan info: Missing OpenPGP signature.
uscan info: New orig.tar.* tarball version (oversionmangled): 2.5-bsp37.0
uscan info: Launch mk-origtargz with options:
   --package arm-trusted-firmware-s32 --version 2.5-bsp37.0 --compression default --directory .. --copyright-file debian/copyright ..//nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan error: Could not read ..//nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz: No such file or directory

  I did not spend more time investigating this, but it would be great to have
  this working as expected. This might be related to the name mismatch I
  mentioned before.

- d/changelog: this is a comment that may not result in any change but since
  this is a new package in the archive you could have just a single entry
  saying that this is the initial release. However, I do understand that you
  might want to keep the changes history from your PPA.

- d/control: you used your name and email in the Maintainer field but in Ubuntu
  we usually use Ubuntu Developers <email address hidden>. To
  do the right thing you should use update-maintainer script from
  ubuntu-dev-tools package.

- d/copyright: you should not add yourself as a copyright holder of debian/ if
you did that in your work hours. Just Canonical should be the copyright
holder.

This is what I spotted in an initial review without building the package nor running lintian against it, but I think you can get some action items from my comments already.

Hi,

I took a look at the current state of the package in the git repository and I have some notes to share:

- Source packag name: why did you decide to use arm-trusted-firmware-s32 when
  upstream names it as arm-trusted-firmware? I was not able to find the reason
  behind that decision.

- d/watch: it is not working properly. There is also a typo in the
  filenamemangle option:

diff --git a/debian/watch b/debian/watch
index 73f7a4b86..8af606be8 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,6 +1,6 @@
 version=4
 opts="\
-filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firware-s32-$2-$1\.tar\.gz/,\
+filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/,\
 uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/,\
 " \
 https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz

When trying to run uscan to download the version your are packaging it fails:

$ uscan --verbose --download-version 2.5-bsp37.0
uscan info: uscan (version 2.20.2ubuntu2) See uscan(1) for help
uscan info: Scan watch files in .
uscan info: Check debian/watch and debian/changelog in .
uscan info: package="arm-trusted-firmware-s32" version="2.5-bsp37.0-8" (as seen in debian/changelog)
uscan info: package="arm-trusted-firmware-s32" version="2.5-bsp37.0" (no epoch/revision)
uscan info: ./debian/changelog sets package="arm-trusted-firmware-s32" version="2.5-bsp37.0"
uscan info: Process watch file at: debian/watch
    package = arm-trusted-firmware-s32
    version = 2.5-bsp37.0
    pkg_dir = .
uscan info: opts: filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/,uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/,
uscan info: line: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz
uscan info: Parsing filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/
uscan info: Parsing uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/
uscan info: line: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz
uscan info: Last orig.tar.* tarball version (from debian/changelog): 2.5-bsp37.0
uscan info: Download the --download-version specified version: 2.5-bsp37.0
uscan info: Requesting URL:
   https://github.com/nxp-auto-linux/arm-trusted-firmware/tags
uscan info: Matching pattern:
   (?:(?:https://github.com)?\/nxp\-auto\-linux\/arm\-trusted\-firmware\/tags)?.*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz
uscan info: Found the following matching hrefs on the web page (newest first):
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp38.0-2.5.tar.gz (2.5-bsp38.0) index=2.5-bsp38.0-1 
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz (2.5-bsp37.0) index=2.5-bsp37.0-1 matched with the download version
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp36.0-2.5.tar.gz (2.5-bsp36.0) index=2.5-bsp36.0-1 
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp35.0-2.5.tar.gz (2.5-bsp35.0) index=2.5-bsp35.0-1 
   /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp34.2-2.5.tar.gz (2.5-bsp34.2) index=2.5-bsp34.2-1 
uscan info: Looking at $base = https://github.com/nxp-auto-linux/arm-trusted-firmware/tags with
    $filepattern = .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz found
    $newfile     = /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
    $newversion  = 2.5-bsp37.0
    $lastversion = 2.5-bsp37.0
uscan info: Matching target for downloadurlmangle: https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Upstream URL(+tag) to download is identified as    https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Matching target for filenamemangle: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Filename (filenamemangled) for downloaded file: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan: Newest version of arm-trusted-firmware-s32 on remote site is 2.5-bsp37.0, specified download version is 2.5-bsp37.0
uscan info: Downloading upstream package: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan info: Requesting URL:
   https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz
uscan info: Successfully downloaded package: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan info: Start checking for common possible upstream OpenPGP signature files
uscan info: End checking for common possible upstream OpenPGP signature files
uscan info: Missing OpenPGP signature.
uscan info: New orig.tar.* tarball version (oversionmangled): 2.5-bsp37.0
uscan info: Launch mk-origtargz with options:
   --package arm-trusted-firmware-s32 --version 2.5-bsp37.0 --compression default --directory .. --copyright-file debian/copyright ..//nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz
uscan error: Could not read ..//nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz: No such file or directory

I did not spend more time investigating this, but it would be great to have
  this working as expected. This might be related to the name mismatch I
  mentioned before.

- d/control: you used your name and email in the Maintainer field but in Ubuntu
  we usually use Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>. To
  do the right thing you should use update-maintainer script from
  ubuntu-dev-tools package.

- d/copyright: you should not add yourself as a copyright holder of debian/ if
  you did that in your work hours. Just Canonical should be the copyright
  holder.

This is what I spotted in an initial review without building the package nor running lintian against it, but I think you can get some action items from my comments already.