Bug#748474: mk-origtargz: Please allow extra actions
David Prévot
taffit at debian.org
Sat May 17 15:15:11 UTC 2014
Package: devscripts
Version: 2.14.2
Severity: wishlist
User: devscripts at packages.debian.org
Usertags: mk-origtargz
Hi,
Thanks for aiming at providing a reliable way to clean up upstream
tarballs with regard to non-DFSG compliant material.
It would be nice if one could also alter specific files within the
upstream tarball, e.g., by removing nonfree ICC profiles from images as
recently discussed on debian-devel. [0]
To do so, it would be convenient to execute arbitrary code during the
repack, e.g. via a --command switch allowing to execute things like:
exiftool -icc_profile"-<=" $listoffiles
where $listoffiles would refer to some files within the upstream
tarball.
The sound of “execute arbitrary code during the repack” makes me feel
uneasy, but I’d like to make it possible for such argument to the
--command switch to be defined into the debian/ directory (e.g., a
debian/upstream/repack.commands file), and possibly deactivate this
behavior by default if there are security concerns (one then would need
to call mk-origtargz and uscan with a --i-trust-the-debian-dir switch in
order to take this file into account).
0: https://lists.debian.org/debian-devel/2014/05/thrd2.html#00312
Regards
David
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBSIGN_KEYID=0xB82A217AFDFE09F2
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-rt-amd64 (SMP w/1 CPU core; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages devscripts depends on:
ii dpkg-dev 1.17.9
ii libc6 2.18-6
ii perl 5.18.2-4
ii python3 3.3.4-1
pn python3:any <none>
Versions of packages devscripts recommends:
ii at 3.1.14-1
ii curl 7.36.0-2
ii dctrl-tools 2.23
ii debian-keyring 2014.04.25
ii dput 0.9.6.4
ii equivs 2.0.9
ii fakeroot 1.20-3
ii file 1:5.18-1
ii gnupg 1.4.16-1.1
ii libdistro-info-perl 0.13
ii libencode-locale-perl 1.03-1
ii libjson-perl 2.61-1
ii liblwp-protocol-https-perl 6.04-3
ii libparse-debcontrol-perl 2.005-4
ii libsoap-lite-perl 1.11-1
ii liburi-perl 1.60-1
ii libwww-perl 6.06-1
ii lintian 2.5.22.1
ii man-db 2.6.7.1-1
ii patch 2.7.1-5
ii patchutils 0.3.3-1
ii python3-debian 0.1.21+nmu3
ii python3-magic 1:5.18-1
ii sensible-utils 0.0.9
ii strace 4.5.20-2.3
ii unzip 6.0-12
ii wdiff 1.2.1-3
ii wget 1.15-1
ii xz-utils 5.1.1alpha+20120614-2
Versions of packages devscripts suggests:
ii bsd-mailx [mailx] 8.1.2-0.20131005cvs-1
ii build-essential 11.6
ii cvs-buildpackage 5.23
pn devscripts-el <none>
ii gnuplot 4.6.5-1
ii gpgv 1.4.16-1.1
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.07-1
ii libnet-smtp-ssl-perl 1.01-3
ii libterm-size-perl 0.207-1+b1
ii libtimedate-perl 2.3000-2
ii libyaml-syck-perl 1.27-2+b1
ii mutt 1.5.23-1
ii openssh-client [ssh-client] 1:6.6p1-5
pn svn-buildpackage <none>
ii w3m 0.5.3-15
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20140517/1a1345c2/attachment.sig>
More information about the devscripts-devel
mailing list