It ended up being an overhaul of the packaging to try to meet MIR expectations. This is my subteam's first time with a Rust app so it's understandable that we're still learning.
It now uses the same minimal upstream tarball as Debian. And then we specifically run cargo vendor ourselves in the debian/missing-sources/ directory so that we can update the vendored crates at any time.
#2 try getting rid of pre-compiled static libraries
It looks to me like the only .a files now are in the Windows crates.
There was one false positive, an empty .a file for systemdeps but I've removed that from our vendoring with a slight hack in debian/rules to restore it when needed.
#3 Improve tracking of vendored Rust dependencies (e.g. using dh_cargo),
I at least am now using XS-Vendored-Sources-Rust. This app uses meson as its build system so it's unclear to me where I could inject dh_cargo commands. I can follow up later with Foundations to see if this can be improved but I'm guessing it meets the minimum requirement here.
#5 Document how to refresh the vendored dependencies
#7 Consider implementing autopkgtests, using a simulated video device
I don't hav
#8 Give clearer guidance on where and how packaging will be hosted (e.g. using Vcs-Git control fields)
And how the Ubuntu delta will be handled going forward, see bug #2054163
The Vcs-Git fields are updated and a debian/README.source is provided to document details.
#9 consider fixing some of the more relevant lintian warnings:
No errors are emited now.
Snapshot has no relevant command line options so a manpage doesn't seem helpful.
hardening-no-fortify-functions is often a false positive. It is currently classified as "informational" which suggests that Debian isn't confident enough in this tag.
Vendoring actually increased the pedantic warnings with several instances of
maintainer-manual-page [debian/missing-sources/
package-does-not-install-examples [debian/missing-sources/
and one instance of source: unknown-field Vendored-Sources-Rust
Windows
-------
There isn't an easy way to remove the Windows crates. Possibly the crates could be patched to not require the Windows dependencies, but remember that the crates aren't part of the upstream source here so it would be patching after we run the crate vendor command, which is unusual but might be able to work. Those patches may need to be frequently rebased.
I uploaded https:/ /launchpad. net/ubuntu/ +source/ gnome-snapshot/ 46.0-1ubuntu1
It ended up being an overhaul of the packaging to try to meet MIR expectations. This is my subteam's first time with a Rust app so it's understandable that we're still learning.
It now uses the same minimal upstream tarball as Debian. And then we specifically run cargo vendor ourselves in the debian/ missing- sources/ directory so that we can update the vendored crates at any time.
#2 try getting rid of pre-compiled static libraries
It looks to me like the only .a files now are in the Windows crates.
There was one false positive, an empty .a file for systemdeps but I've removed that from our vendoring with a slight hack in debian/rules to restore it when needed.
#3 Improve tracking of vendored Rust dependencies (e.g. using dh_cargo), Sources- Rust. This app uses meson as its build system so it's unclear to me where I could inject dh_cargo commands. I can follow up later with Foundations to see if this can be improved but I'm guessing it meets the minimum requirement here.
I at least am now using XS-Vendored-
#5 Document how to refresh the vendored dependencies
https:/ /salsa. debian. org/ubuntu- dev-team/ snapshot/ -/blob/ ubuntu/ latest/ debian/ README. source
#7 Consider implementing autopkgtests, using a simulated video device
I don't hav
#8 Give clearer guidance on where and how packaging will be hosted (e.g. using Vcs-Git control fields)
And how the Ubuntu delta will be handled going forward, see bug #2054163
The Vcs-Git fields are updated and a debian/ README. source is provided to document details.
#9 consider fixing some of the more relevant lintian warnings:
No errors are emited now.
Snapshot has no relevant command line options so a manpage doesn't seem helpful.
hardening- no-fortify- functions is often a false positive. It is currently classified as "informational" which suggests that Debian isn't confident enough in this tag.
Vendoring actually increased the pedantic warnings with several instances of manual- page [debian/ missing- sources/ does-not- install- examples [debian/ missing- sources/ Sources- Rust
maintainer-
package-
and one instance of source: unknown-field Vendored-
Windows
-------
There isn't an easy way to remove the Windows crates. Possibly the crates could be patched to not require the Windows dependencies, but remember that the crates aren't part of the upstream source here so it would be patching after we run the crate vendor command, which is unusual but might be able to work. Those patches may need to be frequently rebased.