Hi Sebastian,
On 02.07.2014 21:43, Sebastian Andrzej Siewior wrote:
On 2014-07-02 21:03:36 [+0200], Andreas Cadhalpun wrote:
On 02.07.2014 20:05, Scott Kitterman wrote:
On July 2, 2014 12:41:00 PM EDT, Andreas Cadhalpun
<[email protected]> wrote:
Indeed, as the sf.net page doesn't work currently, I switched the watch
file now to github.com. The downsides are:
* larger tarball containing more win32 and contrib files
Some of the win32 files are removed by the split script so I wouldn't
bother. Not sure about the contrib stuff.
Now uscan removes both contrib and win32 directories, so that's not the
problem. It's rather that the originally downloaded tarball is now
nearly 40 MB instead of the 15 MB tarball from sourceforge.
There are also various .gitignore files, which would interfere with our
own usage of git, so I added them to Files-Excluded as well.
The contrib folder contains many things, e.g. a (probably out of date)
version of our split-tarball.sh. :)
* no automatic verification of signatures, as the github tarballs
aren't signed
okay.
When/If sf.net works again, we can switch back.
I added a Files-Excluded field to debian/copyright so that uscan
automatically removes a lot of useless files. The split-tarball.sh
script is still needed to extract libclamunrar.
Since upstream guitar is a copy of the 'real' private git repo, I wonder if we
can be sure it'll always match the tarball?
Well, currently the tarball from github.com just contains some more files
than the tarball from sourceforge.net, which doesn't do any harm.
Seriously? No wonder it takes them so long to create a new release if
they manually create the tarballs :)
The additional files/directories are:
* .gitignore files (and a .gitattributes)
* contrib directory
* additional Doxygen files
* config/test-driver
* libclamav/7z/lzma.diff (not sure what that's for)
* additional subdirectories in libclamav/c++/llvm
(but we don't care, as we remove it entirely)
* libclamav/c++/TODO.CLAMAV
* libclamav/c++/merge.sh
* libclamav/c++/strip-llvm.sh
* libclamav/tomsfastmath/mont/fp_mont_small.i
* libclamav/tomsfastmath/numtheory/fp_gcd.c
* libclamav/tomsfastmath/numtheory/fp_isprime.c
* libclamav/tomsfastmath/numtheory/fp_lcm.c
* libclamav/tomsfastmath/numtheory/fp_prime_miller_rabin.c
* libclamav/tomsfastmath/numtheory/fp_prime_random_ex.c
* libclamav/tomsfastmath/LICENSE
* llvm directory
* m4/reorganization/libs/libconfig.m4
* unit_tests/duma_tests.sh
* unit_tests/efence_tests.sh
* unit_tests/valgrind_tests.sh
* win32/clamav-for-windows (75 MB due to embedded wxWidgets)
* autojunk.sh
And it doesn't contain:
* libclamav/version.h
I don't know why they modify their release tarball in this way, but I
don't think it makes much difference for us.
I will try ping upstream later about this.
Thanks. Maybe they can sync their repo and their release tarball
contents a bit more.
Maybe they can manage to sign their tags.
That would be good, although I don't know if uscan can verify signed
tags. Or would there be detached signatures on the download page?
Then we have to worry about the extra files.
I wouldn't worry too much about them.
Unless ofcourse they host their files on
clamav.net which would solve the problem once for all :)
If they have the bandwith, this would be best.
And as long as sf.net doesn't work, I think this is better than effectively
not having a watch file.
Even if the next release makes it t HEAnet, there is no guarantee that
release after will make it.
Yes, that's true. But is has worked for a lot of releases in the past...
Best regards,
Andreas
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
