Hi, I took a look at the current state of the package in the git repository and I have some notes to share: - Source packag name: why did you decide to use arm-trusted-firmware-s32 when upstream names it as arm-trusted-firmware? I was not able to find the reason behind that decision. - d/watch: it is not working properly. There is also a typo in the filenamemangle option: diff --git a/debian/watch b/debian/watch index 73f7a4b86..8af606be8 100644 --- a/debian/watch +++ b/debian/watch @@ -1,6 +1,6 @@ version=4 opts="\ -filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firware-s32-$2-$1\.tar\.gz/,\ +filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/,\ uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/,\ " \ https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz When trying to run uscan to download the version your are packaging it fails: $ uscan --verbose --download-version 2.5-bsp37.0 uscan info: uscan (version 2.20.2ubuntu2) See uscan(1) for help uscan info: Scan watch files in . uscan info: Check debian/watch and debian/changelog in . uscan info: package="arm-trusted-firmware-s32" version="2.5-bsp37.0-8" (as seen in debian/changelog) uscan info: package="arm-trusted-firmware-s32" version="2.5-bsp37.0" (no epoch/revision) uscan info: ./debian/changelog sets package="arm-trusted-firmware-s32" version="2.5-bsp37.0" uscan info: Process watch file at: debian/watch package = arm-trusted-firmware-s32 version = 2.5-bsp37.0 pkg_dir = . uscan info: opts: filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/,uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/, uscan info: line: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz uscan info: Parsing filenamemangle=s/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz/arm-trusted-firmware-s32_$2-$1\.tar\.gz/ uscan info: Parsing uversionmangle=s/(bsp\d+\.\d+).(\d+\.\d+)/$2-$1/ uscan info: line: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz uscan info: Last orig.tar.* tarball version (from debian/changelog): 2.5-bsp37.0 uscan info: Download the --download-version specified version: 2.5-bsp37.0 uscan info: Requesting URL: https://github.com/nxp-auto-linux/arm-trusted-firmware/tags uscan info: Matching pattern: (?:(?:https://github.com)?\/nxp\-auto\-linux\/arm\-trusted\-firmware\/tags)?.*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz uscan info: Found the following matching hrefs on the web page (newest first): /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp38.0-2.5.tar.gz (2.5-bsp38.0) index=2.5-bsp38.0-1 /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz (2.5-bsp37.0) index=2.5-bsp37.0-1 matched with the download version /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp36.0-2.5.tar.gz (2.5-bsp36.0) index=2.5-bsp36.0-1 /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp35.0-2.5.tar.gz (2.5-bsp35.0) index=2.5-bsp35.0-1 /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp34.2-2.5.tar.gz (2.5-bsp34.2) index=2.5-bsp34.2-1 uscan info: Looking at $base = https://github.com/nxp-auto-linux/arm-trusted-firmware/tags with $filepattern = .*/(bsp\d+\.\d+)-(\d+\.\d+)\.tar\.gz found $newfile = /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz $newversion = 2.5-bsp37.0 $lastversion = 2.5-bsp37.0 uscan info: Matching target for downloadurlmangle: https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz uscan info: Upstream URL(+tag) to download is identified as https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz uscan info: Matching target for filenamemangle: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz uscan info: Filename (filenamemangled) for downloaded file: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz uscan: Newest version of arm-trusted-firmware-s32 on remote site is 2.5-bsp37.0, specified download version is 2.5-bsp37.0 uscan info: Downloading upstream package: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz uscan info: Requesting URL: https://github.com/nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/bsp37.0-2.5.tar.gz uscan info: Successfully downloaded package: /nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz uscan info: Start checking for common possible upstream OpenPGP signature files uscan info: End checking for common possible upstream OpenPGP signature files uscan info: Missing OpenPGP signature. uscan info: New orig.tar.* tarball version (oversionmangled): 2.5-bsp37.0 uscan info: Launch mk-origtargz with options: --package arm-trusted-firmware-s32 --version 2.5-bsp37.0 --compression default --directory .. --copyright-file debian/copyright ..//nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz uscan error: Could not read ..//nxp-auto-linux/arm-trusted-firmware/archive/refs/tags/arm-trusted-firmware-s32_2.5-bsp37.0.tar.gz: No such file or directory I did not spend more time investigating this, but it would be great to have this working as expected. This might be related to the name mismatch I mentioned before. - d/changelog: this is a comment that may not result in any change but since this is a new package in the archive you could have just a single entry saying that this is the initial release. However, I do understand that you might want to keep the changes history from your PPA. - d/control: you used your name and email in the Maintainer field but in Ubuntu we usually use Ubuntu Developers