Permalink
Browse files

generate-git-snapshot: always use dpkg-source to build the source pac…

…kage

git-buildpackage should provide just the according magic like
building the orig.tar.gz, but dpkg-source should do the rest™.
This avoids running the 'debian/rules clean' step which might
include execution of insecure commands.

Disclaimer: So far this works fine for all the packages I tested,
let's see how well this works in the long run...
  • Loading branch information...
1 parent 1a533ef commit 68a15b03cc4d113cb1c5a017490abd8187307f4c @mika mika committed Jan 19, 2012
Showing with 6 additions and 4 deletions.
  1. +6 −4 scripts/generate-git-snapshot
@@ -142,12 +142,14 @@ else
fi
fi
+# get rid of "UNRELEASED" distribution header
debchange --release ""
-if ! git-buildpackage -tc --git-ignore-new -S -us -uc --git-verbose ; then
- echo "git-buildpackage did not work, trying dpkg-source"
- ( cd .. ; dpkg-source -i\.git -b source )
-fi
+# prepare orig.tar.gz using pristine-tar, but without actually building the source package
+git-buildpackage -nc --git-force-create --git-ignore-new -S -us -uc --git-verbose --git-builder=/bin/true --git-cleaner=/bin/true
+
+# build source package
+( cd .. ; dpkg-source -i\.git -b source )
# revert to original debian/changelog to avoid merge conflicts
git checkout -- debian/changelog

0 comments on commit 68a15b0

Please sign in to comment.