Package: devscripts
Version: 2.15.10
Severity: normal
the github example in uscan(1) appears to be rejected by uscan as
having a "potentially unsafe or malformed filenamemangle pattern".
It's not clear to me what the problem is or how i should resolve it.
either the documentation or the definition of safe_replace() in
scripts/uscan.pl should be updated so that they're aligned.
Here is an example:
0 dkg@alice:~/src/win-iconv/win-iconv$ man uscan | grep -A10 'For GitHub based'
For GitHub based projects, you can use the tags or releases page. The
archive URL uses only the version as the filename. You can rename the
downloaded upstream tarball from into the standard
<project>-<version>.tar.gz using filenamemangle:
version=4
opts="filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
https://github.com/<user>/<project>/tags \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
PyPI
0 dkg@alice:~/src/win-iconv/win-iconv$ cat debian/watch
version=4
opts="filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%" \
https://github.com/win-iconv/win-iconv/tags \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
0 dkg@alice:~/src/win-iconv/win-iconv$ uscan --verbose
uscan: uscan (version 2.15.10) See uscan(1) for help
uscan: Scan watch files in .
uscan info: Check debian/watch and debian/changelog in .
uscan info: package="win-iconv" version="0.0.6-1" (as seen in debian/changelog)
uscan info: package="win-iconv" version="0.0.6" (no epoch/revision)
uscan: ./debian/changelog sets package="win-iconv" version="0.0.6"
uscan info: Process ./debian/watch (package=win-iconv version=0.0.6)
uscan info: opts:
filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%
uscan info: line: https://github.com/win-iconv/win-iconv/tags
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
uscan info: Parsing
filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%
uscan info: line: https://github.com/win-iconv/win-iconv/tags
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
uscan info: Last orig.tar.* tarball version (from debian/changelog): 0.0.6
uscan info: Last orig.tar.* tarball version (dversionmangled): 0.0.6
uscan info: Requesting URL:
https://github.com/win-iconv/win-iconv/tags
uscan info: Matching pattern:
(?:(?:https://github.com)?\/win\-iconv\/win\-iconv\/tags)?(?:.*?/)?v?(\d[\d.]*)\.tar\.gz
uscan info: Found the following matching hrefs on the web page (newest first):
/win-iconv/win-iconv/archive/v0.0.8.tar.gz (0.0.8) index=0.0.8.1
/win-iconv/win-iconv/archive/v0.0.7.tar.gz (0.0.7) index=0.0.7.1
/win-iconv/win-iconv/archive/0.0.6.tar.gz (0.0.6) index=0.0.6.1
/win-iconv/win-iconv/archive/0.0.5.tar.gz (0.0.5) index=0.0.5.1
/win-iconv/win-iconv/archive/0.0.4.tar.gz (0.0.4) index=0.0.4.1
/win-iconv/win-iconv/archive/0.0.3.tar.gz (0.0.3) index=0.0.3.1
/win-iconv/win-iconv/archive/0.0.2.tar.gz (0.0.2) index=0.0.2.1
/win-iconv/win-iconv/archive/0.0.1.tar.gz (0.0.1) index=0.0.1.1
uscan info: Matching target for downloadurlmangle:
https://github.com/win-iconv/win-iconv/archive/v0.0.8.tar.gz
uscan info: Upstream URL (downloadurlmangled):
https://github.com/win-iconv/win-iconv/archive/v0.0.8.tar.gz
uscan info: Newest upstream tarball version selected for download
(uversionmangled): 0.0.8
uscan info: Matching target for filenamemangle:
/win-iconv/win-iconv/archive/v0.0.8.tar.gz
uscan warn: In debian/watch, potentially unsafe or malformed filenamemangle
pattern:
'"s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%win-iconv-$1.tar.gz%' found. Skipping
watchline
https://github.com/win-iconv/win-iconv/tags (?:.*?/)?v?(\d[\d.]*)\.tar\.gz
debian uupdate
uscan info: Scan finished
1 dkg@alice:~/src/win-iconv/win-iconv$
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
Not present
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.4
ii libc6 2.21-7
ii perl 5.22.1-5
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.2.2
ii at 3.1.18-2
ii curl 7.47.0-1
ii dctrl-tools 2.24-2
ii debian-keyring 2016.01.20
ii dput-ng [dput] 1.10
ii dupload 2.7.0
pn equivs <none>
ii fakeroot 1.20.2-1
ii file 1:5.25-2
ii gnupg 1.4.20-1
ii gnupg2 2.1.11-5
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.05-1
ii libjson-perl 2.90-1
ii liblwp-protocol-https-perl 6.06-2
pn libsoap-lite-perl <none>
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
ii lintian 2.5.40.2
ii man-db 2.7.5-1
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii python3-debian 0.1.27
ii python3-magic 1:5.25-2
ii sensible-utils 0.0.9
ii strace 4.10-3
ii unzip 6.0-20
ii wdiff 1.2.2-1+b1
ii wget 1.17.1-1+b1
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages devscripts suggests:
ii build-essential 11.7
pn cvs-buildpackage <none>
ii debbindiff 48
ii devscripts-el 35.12
pn gnuplot <none>
ii gpgv 1.4.20-1
ii gpgv2 2.1.11-5
pn libauthen-sasl-perl <none>
pn libfile-desktopentry-perl <none>
ii libnet-smtp-ssl-perl 1.03-1
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mailutils [mailx] 1:2.99.99-1
ii mozilla-devscripts 0.44
pn mutt <none>
ii openssh-client [ssh-client] 1:7.1p2-2
ii s-nail [mailx] 14.8.6-1
ii svn-buildpackage 0.8.5+nmu1
ii w3m 0.5.3-26
-- debconf-show failed
_______________________________________________
devscripts-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
