El lunes, 11 de mayo de 2026 a las 23:12, Simon Josefsson <[email protected]> escribió:
> There is a large difference between upstream 'siso/v1.5.12' git tag and > your upstream/latest and debian/latest source content. Did you already > consider using upstream git as the source code? Auditing that diff is > boring, and I'm not sure it is useful use of our time going forward. Is > it possible to build from upstream git instead? The debian/watch, > debian/README.source and the versioning doesn't seem entirely > consistent, are you using +ds source tarballs or not? There is no > Files-Excluded in there either, and I wonder if debian/watch with > 'uscan' really do the right thing? Thanks Simon for testing it. I am addressing what you discovered. Several things that serves also for me documenting it. - Big diff between siso/v1.5.12 and upstream/latest. Let me know if this is clarifying: siso is in a subdirectory of the Chromium build. Upstream provides tarballs on each directory. e.g.: https://chromium.googlesource.com/build/+archive/refs/tags/siso/v1.5.12/siso.tar.gz The upstream tag siso/v1.5.12 points to the full build repo. The orig tarball is only the siso/ subtree. Comparing the full tag against upstream/latest will show everything outside siso/ as "missing". The comparison that I am doing: git clone https://chromium.googlesource.com/build cd build git archive siso/v1.5.12:siso/ | tar t | sort > /tmp/tag.txt # generate tar archive from the siso folder, siso/v1.5.12 tag and list file names In our package folder: cd siso uscan --download-current-version --destdir .. pristine-tar checkout /tmp/siso_1.5.12.orig.tar.gz diff ../siso_1.5.12.orig.tar.gz /tmp/siso_1.5.12.orig.tar.gz # compare and must be empty, identical tar tzf ../siso_1.5.12.orig.tar.gz | sort > /tmp/orig.txt # list the files of our tarball diff /tmp/tag.txt /tmp/orig.txt # That tarball matches the upstream git tag content # compare and must be empty, identical - README.source. I certainly had it outdated. Updated. - Repackaging. When I previously modified the watch file and removed the need to add the LICENSE file, still did a repackaging with a top level directory that now I realize it is not needed. - pristine-tar branch. I have reimported it now with: gbp import-orig --pristine-tar --no-interactive ../siso_1.5.12.orig.tar.gz - debian/watch + uscan: uscan and pristine-tar checkout now produce the exact same tarball > The minified *.js files looks problematic, but maybe that's between you > and DFSG Team. - Minified JS: Files in third_party/material_web_components/ in the upstream source. They come directly from upstream; we don't add or modify them. I've added a note in README.source. > Otherwise it looks good, and built for me. I would want to see > debian/README.source updated to reflect reality a bit more though, > before I feel confident to sponsor an upload -- I'm finding it a bit > hard to audit the trail between upstream git and your upstream source > code. > > /Simon More than reasonable. I had the old process there. Changes pushed to salsa. Please, let me know if tracing is clearer now. Best, Juan
publickey - [email protected] - 0xE697CF1F.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
