Bug#761105: debsources: on the fly package diff / debdiff
* Stefano Zacchiroli , 2014-09-11, 11:13: Debsources currently have unpacked packages on the filesystem, organized in per-version directories. So Debsources can simply recursively diff the two directories, It's probably worth noting here that diff(1) follows symlinks, including symlinks that would point outside the source package. That might not be desirable from the security perspective. (Of course debdiff(1) has the very same problem.) look into whether debdiff uses specific diff options that we want to use as well, just to ensure that the output format is more or less the same. One notable thing that debdiff does is unpacking source packages with --skip-patches. The options for diff(1) are standard: -Nru -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#761105: debsources: on the fly package diff / debdiff
On Thu, 2014-09-11 at 11:13 +0200, Stefano Zacchiroli wrote: > We'll just need to look into whether debdiff uses specific diff > options that we want to use as well, just to ensure that the output > format is more or less the same. One thing debdiff helps with is not having quilt cruft in the diff. > Most of the legitimate problems you've mentioned seems to be related to > source package format and, arguably, we won't have those problems with > Debsources, or at least not in the diffing part. (We will have them at > source package unpack time, of course.) Right. > However, it is important to observe that sources.d.n still aims at being > source-package-only, whereas 1) debdiff is capable of diffing .deb and > 2) .debs are indeed available on snapshot.d.o. So if you are interested > in diffing .debs, as of now the only place where to implement that > specific feature is snapshot.d.o. The debdiff idea was only for sources and mainly in conjunction with derivs census patch stuff. On the binaries stuff, various folks have been asking about a binaries.d.o, similar to sources.d.n but for binaries. The debdiff output for binaries is useful for some use-cases but we might also want more comprehensive diffs for binaries, diffp from the reproducible builds stuff comes to mind as a potential script to add. https://wiki.debian.org/ReproducibleBuilds#bash_script_to_compare_two_package_builds -- bye, pabs http://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#761105: debsources: on the fly package diff / debdiff
On Thu, Sep 11, 2014 at 03:48:38PM +0800, Paul Wise wrote: > On Thu, Sep 11, 2014 at 2:58 PM, Stefano Zacchiroli wrote: > > > We're gonna need it on debsources anyhow, in particular to implement the > > "edit" feature suggested by Raphael Geissert. What we could do is to > > factorize as much as possible the common parts in a common place, e.g., > > python-debian. But I'm not sure there is actually that *much* code to > > write, considering that 1) we will probably invoke the real debdiff as > > an external program anyhow and 2) I plan to delegate diff highlighting > > to the javascript toolkit we already use. > > I see, some factors I can think of: So, from your examples I've realized that I've mentioned debdiff, but I actually don't need it. Debsources currently have unpacked packages on the filesystem, organized in per-version directories. So Debsources can simply recursively diff the two directories, instead of using debdiff (which AFAICT, doesn't even work on directories). We'll just need to look into whether debdiff uses specific diff options that we want to use as well, just to ensure that the output format is more or less the same. (FWIW, this seems to be yet another good argument against some hash-based file-layout, that we have been discussing in #761117.) Most of the legitimate problems you've mentioned seems to be related to source package format and, arguably, we won't have those problems with Debsources, or at least not in the diffing part. (We will have them at source package unpack time, of course.) > > What else is there to be done? > > Mainly having a full set of packages to debdiff between, from our > discussions at DebConf14 it seems like you plan to get a copy of the > snapshot archive anyway so maybe sources.d.n is indeed the right place > to do this? That's the plan yes, even though importing snapshot.d.o is a very different feature/goal. However, it is important to observe that sources.d.n still aims at being source-package-only, whereas 1) debdiff is capable of diffing .deb and 2) .debs are indeed available on snapshot.d.o. So if you are interested in diffing .debs, as of now the only place where to implement that specific feature is snapshot.d.o. Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
Bug#761105: debsources: on the fly package diff / debdiff
On Thu, Sep 11, 2014 at 2:58 PM, Stefano Zacchiroli wrote: > We're gonna need it on debsources anyhow, in particular to implement the > "edit" feature suggested by Raphael Geissert. What we could do is to > factorize as much as possible the common parts in a common place, e.g., > python-debian. But I'm not sure there is actually that *much* code to > write, considering that 1) we will probably invoke the real debdiff as > an external program anyhow and 2) I plan to delegate diff highlighting > to the javascript toolkit we already use. I see, some factors I can think of: Some derivatives support tarball compression schemes that Debian does not (rejected by the dpkg maintainer). The derivatives census converts to gzip with low compression and does debdiff on the result. Ancient Debian source packages had no dsc files, debdiffing would require constructing fake ones I guess. debdiff of libreoffice versions needs adequate space in $TMP which usually isn't available when /tmp is a tmpfs. Would be great to move that into python-debian. > What else is there to be done? Mainly having a full set of packages to debdiff between, from our discussions at DebConf14 it seems like you plan to get a copy of the snapshot archive anyway so maybe sources.d.n is indeed the right place to do this? -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#761105: debsources: on the fly package diff / debdiff
On Thu, Sep 11, 2014 at 01:47:33PM +0800, Paul Wise wrote: > On Thu, Sep 11, 2014 at 3:01 AM, Stefano Zacchiroli wrote: > > > Add the ability to diff arbitrary version of packages available in > > Debsources, producing a debdiff as a result. > > FYI, we were thinking about adding debdiff capabilities to > snapshot.debian.org, that might make more sense since it has more > package versions? We're gonna need it on debsources anyhow, in particular to implement the "edit" feature suggested by Raphael Geissert. What we could do is to factorize as much as possible the common parts in a common place, e.g., python-debian. But I'm not sure there is actually that *much* code to write, considering that 1) we will probably invoke the real debdiff as an external program anyhow and 2) I plan to delegate diff highlighting to the javascript toolkit we already use. What else is there to be done? -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
Bug#761105: debsources: on the fly package diff / debdiff
On Thu, Sep 11, 2014 at 3:01 AM, Stefano Zacchiroli wrote: > Add the ability to diff arbitrary version of packages available in > Debsources, producing a debdiff as a result. FYI, we were thinking about adding debdiff capabilities to snapshot.debian.org, that might make more sense since it has more package versions? -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#761105: debsources: on the fly package diff / debdiff
Package: qa.debian.org Severity: wishlist Add the ability to diff arbitrary version of packages available in Debsources, producing a debdiff as a result. This should probably come as a new "/diff" URL, taking package names/versions as parameters and returning the debdiff. Bonus point: offer the ability to alternatively download or typeset the debdiff in the browser (with diff-like syntax highlight). Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
