Hello all, Following some efforts by community member Matt Darfeulle to improve and automate the Shorewall release process[0], it has become evident that the way in which the Debian packaging of the various Shorewall products is managed leaves much to be desired. The purpose of this message is layout some proposed changes and give others in the community the opportunity to provide feedback.
The current packaging goes back to the early days of Shorewall 4.4, more than 10 years ago. At that time my knowledge of Git was quite limited (I was still stubbornly clinging to Subversion) and the tools/options for managing Debian packages made up of multiple source components was not what it is today. To that end I'd like to propose some changes to the Debian packaging of the various Shorewall packages. First, let me stress that these changes will not result in any changes to the user/administrator interaction with the various Shorewall products. The first change (and the change for which I have a concrete vision for how it would be accomplished) is to transition from multiple source packages to a single source package. The second change is to update the Debian packaging such that it can facilitate the generation of packages as part of a CI pipeline. As to the first change. Currently, there are 7 Shorewall-related source packages in Debian: shorewall, shorewall-core, shorewall-doc, shorewall-init, shorewall-lite, shorewall6, and shorewall6-lite. From a Debian package maintenance standpoint, this is somewhat of a pain. To deal with this I created 7 different branches in a single Git repository (actually 21 different branches, since git-buildpackage has master, upstream, and pristine-tar branches for each package; and actually the number is more than double that since I also at one time maintained branches for backports to the squeeze and wheezy versions of Debian). Regardless, it has been many years now since the Debian package format supported the construct of a single source package with multiple upstream tarballs, as detailed in this blog post[1]. To that end, I propose reworking the Debian packaging into a single shorewall source package, composed of the multiple upstream tarballs for the seven Shorewall products. In the history of Shorewall, all component tarballs have been released at the same time and with the same version number, making the idea of a single shorewall source package rather natural. The single source package would produce seven binary packages which exactly match the current seven Shorewall-related binary packages. As to the second change. Our development team would like to begin making use of some sort of CI pipeline in order to help ensure that our code changes are of high quality. One of the benefits of the above proposed change is that an automated process which generates the seven release tarballs would then be able to more easily produce a complete set of Debian packages; certainly more easily than would be possible given the current structure. We have not yet implemented any CI and do not even really have a clear vision of what a desired end state for that would be. Still, this change in Debian packaging would considerably simplify any CI implementation involving the generation of Debian packages since everything concerning the Debian package creation would use standard packaging helpers with standard commands. The current approach uses a Python script I wrote long ago, which is neither particularly robust nor especially easy to decipher. Your comments and feedback are most welcome. Regards, -Roberto [0] This is part of our effort to transition the Shorewall project to a core development team model following the effective retirement of Tom Eastep, the original author [1] https://raphaelhertzog.com/2010/09/07/how-to-use-multiple-upstream-tarballs-in-debian-source-packages/ -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
