diff -Nru s390-tools-2.29.0/debian/changelog s390-tools-2.29.0/debian/changelog --- s390-tools-2.29.0/debian/changelog 2023-08-06 14:48:33.000000000 +0200 +++ s390-tools-2.29.0/debian/changelog 2023-09-20 11:21:48.000000000 +0200 @@ -1,3 +1,15 @@ +s390-tools (2.29.0-0ubuntu2) mantic; urgency=medium + + * d/rules: Split the vendoring process into several discrete targets to be + able to update the vendored code without having to update the tarball. + This can be useful for security updates. + * d/rules: don't overwrite the vendor tarball if it already exists. This + should prevent some borked uploads. + * d/README.source: Document the procedures for single-crate update as well + as wholesale refresh of the vendor tarball. + + -- Simon Chopin Wed, 20 Sep 2023 11:21:48 +0200 + s390-tools (2.29.0-0ubuntu1) mantic; urgency=medium [ Frank Heimes ] diff -Nru s390-tools-2.29.0/debian/README.source s390-tools-2.29.0/debian/README.source --- s390-tools-2.29.0/debian/README.source 1970-01-01 01:00:00.000000000 +0100 +++ s390-tools-2.29.0/debian/README.source 2023-09-20 11:21:48.000000000 +0200 @@ -0,0 +1,26 @@ +# Security update: update a single crate + +This approach is suitable for security updates as it doesn't require a change +to the upstream version number. However, it'll make for a very ugly patch, and +might not work if one of the crate has some changes that the quilt patch format +cannot represent. + +```sh +# Update the dependency in the lockfile +cargo update -p $newpackage --precise $newversion --manifest-path rust/pvsecret/Cargo.toml + +# Regenerate the vendored sources without regenerating the tarball +debian/rules vendor-deps + +# Record the changes to the lockfile and the deps in a patch +dpkg-source --commit +``` + +# Normal upstream update: refresh the vendor tarball + +First, update the package as usual, including the new d/changelog entry. +Then, it's only a matter of using the following command: + +```sh +debian/rules vendor-tarball +``` diff -Nru s390-tools-2.29.0/debian/rules s390-tools-2.29.0/debian/rules --- s390-tools-2.29.0/debian/rules 2023-08-06 14:48:33.000000000 +0200 +++ s390-tools-2.29.0/debian/rules 2023-09-20 11:21:48.000000000 +0200 @@ -24,17 +24,31 @@ endif endif -vendor-tarball: +VENDOR_TARBALL = s390-tools_$(DEB_VERSION_UPSTREAM).orig-$(CARGO_VENDOR_DIR).tar.xz + +vendor-tarball-sanity-check: + if [ -e ../$(VENDOR_TARBALL) ]; then echo "../$(VENDOR_TARBALL) already exists, bailing!"; exit 1; fi + +vendor-deps: + if QUILT_PATCHES=debian/patches quilt applied | grep vendor-remove-unused-deps ; then \ + echo "Detecting patch on vendor dir applied, aborting."; \ + exit 1; \ + fi rm -rf $(CARGO_VENDOR_DIR) # Deliberately don't use the wrapper, as it expects the configure step # to have occurred already. + # If you have to modify the path here, don't forget to change the README.source doc + # as well. cargo vendor --manifest-path rust/pvsecret/Cargo.toml $(CARGO_VENDOR_DIR) + # Remove some crates that aren't useful for us and take up a lot of space rm -r \ $(CARGO_VENDOR_DIR)/winapi \ $(CARGO_VENDOR_DIR)/winapi-* \ $(CARGO_VENDOR_DIR)/windows-* \ $(CARGO_VENDOR_DIR)/windows_* \ - $(CARGO_VENDOR_DIR)/vcpkg \ + $(CARGO_VENDOR_DIR)/vcpkg + # Remove the C sources from the binding crates, we're using the system libs + rm -r \ $(CARGO_VENDOR_DIR)/libz-sys/src/zlib \ $(CARGO_VENDOR_DIR)/libz-sys/src/zlib-ng \ $(CARGO_VENDOR_DIR)/curl-sys/curl @@ -42,7 +56,11 @@ for crate in $(CARGO_VENDOR_DIR)/*; do \ sed -i 's/^{"files":.*"package":"\([a-z0-9]\+\)"}$$/{"files":{},"package":"\1"}/' $$crate/.cargo-checksum.json; \ done - tar -caf ../s390-tools_$(DEB_VERSION_UPSTREAM).orig-$(CARGO_VENDOR_DIR).tar.xz $(CARGO_VENDOR_DIR) + # Cleanup temp files + rm -rf $(CARGO_HOME) + +vendor-tarball: vendor-tarball-sanity-check vendor-deps + tar -caf ../$(VENDOR_TARBALL) $(CARGO_VENDOR_DIR) %: dh $@