package: lintian
severity: wishlist
It would be nice if lintian could warn against repackaged .orig.tar.gz,
and sources repackaged in non-recommended ways.
Attached is some patch that at least seems to be able to detect dh_make's
--creatorig usage properly. As both my English language skills and my perl
skills could be better, I'm not setting the patch tag.
Hochachtungsvoll,
Bernhard R. Link
Index: checks/upstreamtar.desc
===
--- checks/upstreamtar.desc (Revision 0)
+++ checks/upstreamtar.desc (Revision 0)
@@ -0,0 +1,52 @@
+Check-Script: upstreamtar
+Author: Bernhard R. Link [EMAIL PROTECTED]
+Type: source
+Unpack-Level: 2
+Info: This checks for a unadvertised upstream tar.
+Needs-Info: tarfilelist, debfiles, copyright-file
+Abbrev: tar
+
+Tag: repackaged-source-not-advertised
+Type: warning
+Info: The .orig.tar.gz file looks repackaged, but there was found not hint
+ about this in debian/copyright.
+ .
+ Repackaged upstream sources are sometimes created on accident when using
+ an old version of dh_make or using dh_make's --createorig without need.
+ .
+ If you repackaged the upstream source on purpose, please inform the
+ users in debian/copyright how and why. (This test looks for the phrase
+ repackaged there).
+ .
+ Legitimate reasons for repackaging are: Upstream not releasing a .tar
+ file; upstream's tarball contains non-DFSG-free material or upstream's
+ tarball is huge compared to the used parts.
+ .
+ You do not need to repackage only because upstream's tarball has the
+ no top-level directory (dpkg-source can handle that) or only bacause
+ upstream's tarball uses a different compression algorithm (you can
+ just uncompress and gzip without touching the tarball).
+ .
+ For futher reference see Best practices for orig.tar.gz files in the
+ developers' reference.
+ .
+ Note that an .orig.tar.gz already in the archive cannot be changed,
+ so the best way to deal with this when this is not the first upload
+ of this upstream version is to note in debian/copyright that it
+ was repackaged by mistake and that the contents are the same (or how
+ they differ).
+
+Tag: repackaged-source-without-get-orig-source
+Type: info
+Info: The .orig.tar.gz file looks repackaged, but there is no
+ get-orig-source target in debian/rules.
+ .
+ Repackaged upstream sources are sometimes created on accident when using
+ an old version of dh_make or using dh_make's --createorig without need.
+ .
+ For futher reference see Best practices for orig.tar.gz files in the
+ developers' reference.
+
+Tag: empty-upstream-source
+Type: error
+Info: The .orig.tar.gz file is empty.
Index: checks/upstreamtar
===
--- checks/upstreamtar (Revision 0)
+++ checks/upstreamtar (Revision 0)
@@ -0,0 +1,141 @@
+# upstreamtar -- lintian check script -*- perl -*-
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, you can find it on the World Wide
+# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package Lintian::upstreamtar;
+use strict;
+
+use Dep;
+use Tags;
+use Util;
+
+use Cwd;
+use File::Find;
+use File::Basename;
+
+my $pkg;
+
+sub run {
+
+ $pkg = shift;
+ my $type = shift;
+
+ open (VERSION, '', fields/version)
+ or fail(cannot open fields/version: $!);
+ chomp(my $version = VERSION);
+ close VERSION;
+
+ (@_ = _valid_version($version)) or exit 0;
+ my ($epoch, $upstream, $debian) = @_;
+
+ unless (defined $debian) {return 1};
+
+# TODO: try to extract guess upstream version to see if anything
+# like ds dfsg was added and warn if .orig.tar does not contain a
+# package.orig directory then later.
+
+ my $repackaged = check_repackaged($pkg, $upstream);
+
+ unless( defined($repackaged) ) {
+ return 1;
+ }
+
+# check contents of copyright file
+
+ if ($repackaged read_copyright_file() !~ m,repackaged,) {
+ tag repackaged-source-not-advertised;
+ }
+
+ if (-l debfiles/rules) {
+ return 1 unless -f debfiles/rules;
+ }
+
+ my $has_get_orig_source = check_get_orig_source();
+
+ if ($repackaged !$has_get_orig_source ) {
+ tag repackaged-source-without-get-orig-source;
+ }
+
+ return 1;
+} # /run
+
+# ---
+
+sub read_copyright_file {
+ open(IN, '', debfiles/copyright) or fail(cannot open copyright file