Control: tags -1 moreinfo Hi Joachim,
review based on the dsc containing: Checksums-Sha256: 75aa7ed495b21d360340c84a4def6e16e25ecc36dab91e2481631993b2624bde 5128639 vzlogger_0.8.3.orig.tar.gz c6737877696173e8daa4c9e4d4a1b6663ae5256f669c87554360e665f154e292 6252 vzlogger_0.8.3-1.debian.tar.xz It is only a partial review, especially I did not do a d/copyright review yet. Please check my remarks and remove the moreinfo tag when ready. On Tue, Feb 20, 2024 at 12:34:04PM +0100, Joachim Zobel wrote: > Package: sponsorship-requests > Severity: wishlist > > Dear mentors, > > I am looking for a sponsor for my package "vzlogger": > > * Package name : vzlogger > Version : 3.1-4 > Upstream contact : Joachim Zobel <jz-2...@heute-morgen.de> > * URL : http://wiki.volkszaehler.org/software/controller/vzlogger > * License : GPL-3 > * Vcs : https://github.com/volkszaehler/vzlogger > Section : net > > The source builds the following binary packages: > > vzlogger - program to read measurements from smart meters and log them > to Influxdb or forward them via MQTT. > > vzlogger is a tool to read and log measurements of a wide variety of > smart meters and sensors. It supports various commonly used protocols > such as s0, d0, sml, oms and others. It can write these data to an > Influxdb, forward them via MQTT, make them available via HTTP or eport > them to a volkszaehler.org middleware. > > The package is maintained in the upstream repository. Upstream (which I > am part of) currently builds native packages. These are patched (a > switch from native to quilt, a different changelog and a version >= 3.0 > for the dependency on openssl) to make them more suitable for debian. > The package is therefore availabe in the upstream repo Yeah, format 3.0 quilt is the way, it is not a native package. > https://github.com/volkszaehler/vzlogger.git > > on branch debian-0.8.3-1. (There is no such branch on that repo, but a "debian" one.) Please see dep14 (https://dep-team.pages.debian.net/deps/dep14/) for recommendation how to layout the repository used for packaging, I'd even recommend to use an extra repository for the packaging. > Alternatively, you can download thepackage with 'dget' using this > command: > > dget -x > http://www.heute-morgen.de/debian/repo/unstable/main/source/net/vzlogger_0.8.3-1.dsc > > Regards, > -- > Joachim Zobel As you are upstream: https://wiki.debian.org/UpstreamGuide d/source/lintian-overrides - delete the overrides, seems to be some remnant of earlier packaging. d/DEBIAN_RELEASE.txt - delete this file; the information contained in this files would not be a process how to create a package for Debian. (and if you need a file describing certain unusal aspects of the Debian packaging, it would be README.source (see Debian Policy §4.14) I recommend checking out git-buildpackage: https://honk.sigxcpu.org/piki/projects/git-buildpackage/ https://honk.sigxcpu.org/projects/git-buildpackage/manual-html/ - remove Debian_release.patch -- this is not needed, you work with your debian/ directory and evolve it, you do not patch it when you create a new version. d/control - specify Rules-Require-Root - you manually depend on libsml1. Can you expand why this is needed? - Build-Depend: s/pkg-config/pkgconf - remove versions from the versioned build dependencies, if the debpendency is already fulfilled in oldstable: - libjson-c-dev, libcurl4-openssl-dev, d/postinst / postrm - When you create a user, it should start with "_" - see policy 9.2.1 - Another option might be using systemd's DynamicUser feature to create the user at runtime. (bonus: some hardening for free.) - there's systemd-sysuser (works also without systemd as init system) to use sysusers.d - do not delete users/groups on package removal. As you are involved with upstream: The manpage, initfile, systemd service file should probably be included in the upstream part, it is not only useful for Debian alone. Linitian emits: W: vzlogger source: build-depends-on-obsolete-package Build-Depends: pkg-config (>= 0.25) => pkgconf W: vzlogger: groff-message troff:<standard input>:5: warning: cannot select font 'CB' [usr/share/man/man8/vzlogger.8.gz:1] I: vzlogger source: debian-rules-parses-dpkg-parsechangelog [debian/rules:12] I: vzlogger: file-references-package-build-path [usr/bin/vzlogger] I: vzlogger: file-references-package-build-path [usr/lib/static/libvz.a] I: vzlogger: hardening-no-bindnow [usr/bin/vzlogger] I: vzlogger: hardening-no-fortify-functions [usr/bin/vzlogger] I: vzlogger: systemd-service-file-missing-documentation-key [usr/lib/systemd/system/vzlogger.service] I: vzlogger source: unused-override odd-historical-debian-changelog-version *0.3.4-rc1* [debian/source/lintian-overrides:2] P: vzlogger source: capitalization-in-override-comment odd-historical-debian-changelog-version debian Debian [debian/source/lintian-overrides:1] P: vzlogger source: silent-on-rules-requiring-root [debian/control] P: vzlogger source: trailing-whitespace [debian/changelog:3] P: vzlogger source: trailing-whitespace [debian/control:27] P: vzlogger source: trailing-whitespace [debian/control:5] P: vzlogger source: trailing-whitespace [debian/rules:38] X: vzlogger source: debian-watch-does-not-check-openpgp-signature [debian/watch] X: vzlogger: systemd-service-file-missing-hardening-features [usr/lib/systemd/system/vzlogger.service] X: vzlogger source: update-debian-copyright 2023 vs 2024 [debian/copyright:15] X: vzlogger source: upstream-metadata-file-is-missing -- tobi >
signature.asc
Description: PGP signature
