Re: siso latest changes, was (requesting repo transfer to go-team)

Thu, 07 May 2026 07:17:34 -0700 

On 07/05/2026 15:29, Juan wrote:

El jueves, 7 de mayo de 2026 a las 14:43, Nicolas Peugnet <[email protected]> 
escribió:

So, another idea, if I understand correctly, you only want to keep the
"siso" directory and the "LICENSE" file. How about using the
Files-Excluded and Files-Included fields like so to only keep these
files [1]:

   Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
   Files-Excluded: *
   Files-Included:
    LICENSE
    siso

[1] https://manpages.debian.org/testing/devscripts/mk-origtargz.1.en.html


Thanks Nicolas!

I added debian/scripts/repack-siso.sh for the repack and documented it in 
debian/README.source.

Is that acceptable?
IMO it is better if uscan downloads the tarball itself, this makes it very easy for someone to pick up the package if it uses the expected workflow. 



The siso tar we download contains only siso, so Files-Excluded wouldn't apply
Ok, good find about the tarball that only contains the siso, directory, in this case, I would use this kind of watch file, which directly does the same thing as your script, but with standard Debian tooling (without the LICENSE file part, more on that later): 

Version: 5
Source: https://chromium.googlesource.com/build/+refs
Matching-Pattern: \+/refs/tags/siso/@ANY_VERSION@
Download-Url-Mangle: s/\+/+archive/;s/$/\/siso.tar.gz/
Filename-Mangle: s/.*?(@ANY_VERSION@)/@PACKAGE@-$1.tar.gz/
Uversion-Mangle: auto
To explain a bit what it does, the source is now an HTML page instead of the git directory, uscan is able to parse the HTML and only searches Matching-Pattern in <a href="">. As the link does not directly point to the .tar.gz, we have to mangle it using Download-Url-Mangle. Because ogf that, we have to fix the name of the downloaded file, using Filename-Mangle. The Dversion-Mangle and Repack-Suffix have been removed as we do not repack anything anymore, and Uversion-Mangle is left as auto just in case upstream makes pre-releases.
Another possibility, that is a bit simpler IMO is the one that I suggested before: 

diff --git a/debian/copyright b/debian/copyright
index 110bdf3..30cefbd 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -5,6 +5,10 @@ Source: https://chromium.googlesource.com/build/+refs/tags/siso/ 
 Comment: This package partially vendors Go dependencies in debian/vendor/
  (only modules not packaged in Debian) and includes third-party npm
  packages in third_party/ for the built-in web UI.
+Files-Excluded: *
+Files-Included:
+ LICENSE
+ siso

 Files: *
 Copyright: 2023-2026 The Chromium Authors
diff --git a/debian/watch b/debian/watch
index f4b0c07..c199976 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,8 +1,7 @@
 Version: 5
 Mode: git
 Source: https://chromium.googlesource.com/build
-Matching-Pattern: refs/tags/siso/v@ANY_VERSION@
-Dversionmangle: s/\+ds\d*$//
-Uversionmangle: s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/$1~$2$3/ 
-Pgp-Mode: none
-Git-Mode: shallow
+Matching-Pattern: refs/tags/siso/@ANY_VERSION@
+Dversion-Mangle: auto
+Uversion-Mangle: auto
+Repack-Suffix: +ds

This gives us the following tar:

$ tar --exclude="*/*/*/*" --list -f ../siso_1.5.12+ds.orig.tar.xz
siso-1.5.12/
siso-1.5.12/LICENSE
siso-1.5.12/siso/
siso-1.5.12/siso/.gitignore
siso-1.5.12/siso/README.md
siso-1.5.12/siso/auth/
siso-1.5.12/siso/build/
siso-1.5.12/siso/docs/
siso-1.5.12/siso/execute/
siso-1.5.12/siso/go.mod
siso-1.5.12/siso/go.sum
siso-1.5.12/siso/hashfs/
siso-1.5.12/siso/main.go
siso-1.5.12/siso/navbar.md
siso-1.5.12/siso/o11y/
siso-1.5.12/siso/reapi/
siso-1.5.12/siso/runtimex/
siso-1.5.12/siso/scandeps/
siso-1.5.12/siso/scripts/
siso-1.5.12/siso/signals/
siso-1.5.12/siso/subcmd/
siso-1.5.12/siso/sync/
siso-1.5.12/siso/third_party/
siso-1.5.12/siso/toolsupport/
siso-1.5.12/siso/ui/
siso-1.5.12/siso/version/
siso-1.5.12/siso/webui/
It has the disadvantage of having to repack the tarball though, which can be a pain when trying to donwload specific versions. The siso project will be in a subdirectory, compared to the root currently, but this shouldn't be an issue for dh-golang, and everything should (hopefully) work as before.
You can check everything that happens using "uscan --debug --download-current-version".
IMO, in the first case, you don't have to add the LICENSE file inside yourself, as it is the tarball provided upstream. As you did add the licensing information in debian/copyright and as that file will be installed alongside the binary, the requirement will be fulfilled. 


I also fixed the watch file format, in case you want to have a look.


Nice, I find the version 5 is a lot nicer to use :)

--
Nicolas Peugnet

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to