Navigation
A Debian source package consists of three files :
package_version.orig.tar.gz contains the pristine upstream sources. The top-level directory in this archive is always package-version.orig (note : hyphen, not underscore as in the file name).
package_version-revision.diff.gz is a compressed patch containing the packaging scripts and other Debian-specific files, as well as any changes to the upstream sources that the Debian maintainer deemed necessary. In particular, the executable file debian/rules builds the package ; it is usually a Makefile.
package_version-revision.dsc is a short text file containing the MD5 sums of the above files and is digitally signed by the package maintainer.
In order to build a Debian package :
All these steps, and others, are automated by apt-get :
With the above commands, you can download and rebuild any Debian package from your current distribution (stable, testing, unstable or experimental) ; you can also change the packaging scripts and patch the upstream sources to your heart’s content. But you cannot :
use older versions of the packaging scripts ;
use scripts not yet published on the Debian mirrors, perhaps because they are still under development ;
submit enhancements in a simple and safe way to the Debian maintainer ; the official way is by means of a bug report, and that is inefficient and error-prone.
Many Debian packages are maintained by teams rather than individuals. All the above problems become show-stoppers in that situation.
A version control system makes the packaging scripts maintenance public. It is a necessary condition for team maintenance. For the Ada packages in Debian, I would like to instigate such teamwork by making all my packaging scripts public.
Many Debian package maintenance teams use Alioth together with Subversion, GNU Arch, Bazaar-NG or GIT.
I usually work on the train with no network access, and so an absolute requirement for me is a distributed version control system. After evaluating several candidates, I settled on Monotone.
In my humble opinion, Monotone is the Ada of version control systems ; it only appropriate that Ada-France use it. Monotone is safe, correct and powerful by design. It uses cryptographic keys to authenticate all changes, and cryptographic hashes (SHA-1) to identify everything. It is written by elite programmers who, despite using C++, have the “Ada attitude” : no pointers, one assertion every 9 lines of code, heavy use of templates (a.k.a generics), and not a single critical bug in three years. This presentation, as well as my own trials, convinced me to use Monotone every day for all my Debian packages, and I have been doing so since July 2006.
A Monotone database is just a single file ; this is very convenient for system administration.
The Ada-France database is a replica of the one I work on (on my laptop) every day. It contains one or more branches for each package. Every version ever published also has a tag. By browsing this database, you can see all changes, with comments, since I began maintaining the packages in 2003. The size of this database is approximately 6.5 Mb (it was 1.7 Mb when I first published this article in French.) Today (2007-02-07), mtn list branches gives :
The list of tags (mtn list tags) would be too long for this article.
Each branch contains a complete tree of files and directories with a debian directory and, usually, a patches directory. I use Quilt to maintain the patches.
Therefore, if you create a working copy (checkout) inside a directory that already contains the pristine upstream sources, you are ready to build the package.
The database does not contain the .orig.tar.gz files ; these files are available either from the Debian mirrors or, if not yet published officially, from Ada-France : http://www.ada-france.org/debian/pool.
Install Monotone, version 0.26 or later (the server currently runs 0.31) (was 0.28 initially).
create a database :
(Personally, I like placing my databases under /var/lib/monotone, but you may place it anywhere ; remember that it is just a single file).
Pull the branches you are interested in from the Ada-France database :
Create a working copy :
Now, you can build the package, see the log (mtn log), etc. but you cannot write to your own database yet. For this, you need to create a public-private key pair :
Now you can do mtn commit to record your changes in your own database. You can create additional branches, even branches not related to the Debian packages in any way.
(Note : all the above commands can be abbreviated : -d instead of —db=, -b instead of —branch=, etc. Also, —db= and —branch= become unnecessary as soon as you are in a working copy, because the working copy remembers the database and branch.)
As explained above, you already have write access to your own database, but what if you wish to submit your changes to other people ? You will want to push them to the Ada-France database.
I will allow write access to anyone who requests it on condition that they are a member of the Debian web of trust. This in turn requires a GPG key pair which is signed by someone in the Web of Trust. You do not have to be a Debian Developer, but I want to know who you are. (These requirements are less stringent than the ones for becoming a Debian Developer. Here you need one signature from anyone in the Web of Trust ; Debian, in contrast, requires two signatures from Debian Developers.)
The procedure is as follows :
extract your public Monotone key from your Monotone database :
The file my_public_key is a short text file.
send me your key in an email signed by your GPG key.
wait until I tell you that you now have write permission.
Push your changes to the Ada-France database :
(Your database remembers where you pulled it from, and will push there by default ; you can change that if necessary.)