rms/httrack
1
0
Fork 0
mirror of https://github.com/xroche/httrack.git synced 2026-06-20 17:18:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rms:3.49.8-2
Branches Tags
rms:master rms:fix/mkdeb-orig-artifact-rev2 rms:debian/libhttrack3-rename rms:feature/mkdeb-sbuild rms:release/3.49.8 rms:chore/clang-format-separate-defs rms:chore/lint-all-shell-scripts rms:fix/relative-path-dotdot-137-162 rms:fix/css-url-paren-163 rms:fix/js-string-falsepos-218 rms:fix/html-underflow-396 rms:fix/css-import-94 rms:fix/xmlns-false-links-191 rms:fix/proxy-https-connect-85 rms:fix/empty-footer-doitlog-106 rms:fix/cookie-rfc6265-151 rms:feature/api-enum-callsites-savename83 rms:fix/copy-htsopt-unsigned-enum-guards rms:fix/travel-test-all-enum rms:feature/api-enum-fields-2 rms:feature/api-bool-returns rms:feature/api-boolean-enum rms:feature/api-enum-types rms:cleanup/dead-decls rms:fix/mtime-local-precision rms:docs/api-httrack-library rms:tests/cache-format-regression rms:cleanup/cmdl-macros-dedup rms:tests/strict-mode rms:ci/git-clang-format-from-apt rms:build/drop-generated-autotools rms:cleanup/htssafe-ptr-gate rms:cleanup/lang-list-size rms:cleanup/htsserver-bounds rms:ci/cache-git-clang-format rms:cleanup/htsparse-bounds rms:cleanup/htsalias-bounds rms:cleanup/htscoremain-bounds rms:cleanup/htstools-bounds rms:cleanup/htsname-bounds rms:cleanup/htslib-mime-bounds rms:docs/agents-md rms:cleanup/htslib-bounds rms:feature/local-test-server rms:chore/bump-coucal-shift-ub rms:cleanup/htscore-bounds rms:fix/malloc-size-plus4 rms:ci/asan-poison-fill rms:audit/fread-nul-termination rms:ci/hardening-sanitize-nossl-distcheck rms:ci/bump-checkout-v5 rms:ci/mkdeb-single-test rms:ci/macos-i386 rms:ci/deb-faster rms:feature/appstream-metainfo rms:fix/webhttrack-browser-deps rms:ci/deb-package rms:build/regen-autotools rms:cleanup/htsback-bounds rms:cleanup/ethical-notice-wording rms:build/noexec-out-of-tree rms:cleanup/copyright-spdx rms:tests/cache-selftest rms:cleanup/cache-rstr-s1 rms:test/cache-update rms:cleanup/htscache-bounds rms:cleanup/htsbauth-bounds rms:cleanup/htswizard-bounds rms:docs/governance rms:cleanup/infostatuscode-const rms:cleanup/url_savename-htsbuff rms:cleanup/git-format-hook rms:cleanup/clang-format-setup rms:cleanup/htsbuff-builder rms:cleanup/htssafe-pointer-diagnostics rms:cli/header-ua-length-152 rms:parser/lock-background-image-237 rms:parser/srcset-candidates rms:docs/rfc2606-example-domains rms:test/filter-escape-characterize rms:fix/doc-lang-nits rms:test/expand-engine-coverage rms:fix/mutex-init-race-297 rms:fix/footer-xss-165 rms:fix/lockpath-overflow-183 rms:fix/lintian-cleanup rms:chore/changelog-news-symlink rms:docs/readme-badges rms:ci/github-actions rms:feat/license-gpl3-simplify rms:chore/debhelper-compat-13 rms:chore/standards-version-4.7.0 rms:feat/in-tree-mkdeb rms:feat/manpage-generator rms:fix/openssl4-tls-init rms:fix/multiarch-config-h-coinstall rms:staging rms:wiki rms:3.48 rms:3.47
rms:3.49.8-2 rms:3.49.8 rms:3.49.7 rms:3.49.6 rms:3.49.5 rms:3.49.4 rms:3.49.3 rms:3.48.21 rms:3.48.20 rms:3.48.19 rms:3.48.18 rms:3.48.17 rms:3.48.16 rms:3.48.13 rms:3.48.12 rms:3.48.11 rms:3.48.9 rms:3.48.10 rms:3.48.8 rms:3.48.7 rms:3.48.3 rms:3.48.6
..
compare: rms:master
Branches Tags
rms:master rms:fix/mkdeb-orig-artifact-rev2 rms:debian/libhttrack3-rename rms:feature/mkdeb-sbuild rms:release/3.49.8 rms:chore/clang-format-separate-defs rms:chore/lint-all-shell-scripts rms:fix/relative-path-dotdot-137-162 rms:fix/css-url-paren-163 rms:fix/js-string-falsepos-218 rms:fix/html-underflow-396 rms:fix/css-import-94 rms:fix/xmlns-false-links-191 rms:fix/proxy-https-connect-85 rms:fix/empty-footer-doitlog-106 rms:fix/cookie-rfc6265-151 rms:feature/api-enum-callsites-savename83 rms:fix/copy-htsopt-unsigned-enum-guards rms:fix/travel-test-all-enum rms:feature/api-enum-fields-2 rms:feature/api-bool-returns rms:feature/api-boolean-enum rms:feature/api-enum-types rms:cleanup/dead-decls rms:fix/mtime-local-precision rms:docs/api-httrack-library rms:tests/cache-format-regression rms:cleanup/cmdl-macros-dedup rms:tests/strict-mode rms:ci/git-clang-format-from-apt rms:build/drop-generated-autotools rms:cleanup/htssafe-ptr-gate rms:cleanup/lang-list-size rms:cleanup/htsserver-bounds rms:ci/cache-git-clang-format rms:cleanup/htsparse-bounds rms:cleanup/htsalias-bounds rms:cleanup/htscoremain-bounds rms:cleanup/htstools-bounds rms:cleanup/htsname-bounds rms:cleanup/htslib-mime-bounds rms:docs/agents-md rms:cleanup/htslib-bounds rms:feature/local-test-server rms:chore/bump-coucal-shift-ub rms:cleanup/htscore-bounds rms:fix/malloc-size-plus4 rms:ci/asan-poison-fill rms:audit/fread-nul-termination rms:ci/hardening-sanitize-nossl-distcheck rms:ci/bump-checkout-v5 rms:ci/mkdeb-single-test rms:ci/macos-i386 rms:ci/deb-faster rms:feature/appstream-metainfo rms:fix/webhttrack-browser-deps rms:ci/deb-package rms:build/regen-autotools rms:cleanup/htsback-bounds rms:cleanup/ethical-notice-wording rms:build/noexec-out-of-tree rms:cleanup/copyright-spdx rms:tests/cache-selftest rms:cleanup/cache-rstr-s1 rms:test/cache-update rms:cleanup/htscache-bounds rms:cleanup/htsbauth-bounds rms:cleanup/htswizard-bounds rms:docs/governance rms:cleanup/infostatuscode-const rms:cleanup/url_savename-htsbuff rms:cleanup/git-format-hook rms:cleanup/clang-format-setup rms:cleanup/htsbuff-builder rms:cleanup/htssafe-pointer-diagnostics rms:cli/header-ua-length-152 rms:parser/lock-background-image-237 rms:parser/srcset-candidates rms:docs/rfc2606-example-domains rms:test/filter-escape-characterize rms:fix/doc-lang-nits rms:test/expand-engine-coverage rms:fix/mutex-init-race-297 rms:fix/footer-xss-165 rms:fix/lockpath-overflow-183 rms:fix/lintian-cleanup rms:chore/changelog-news-symlink rms:docs/readme-badges rms:ci/github-actions rms:feat/license-gpl3-simplify rms:chore/debhelper-compat-13 rms:chore/standards-version-4.7.0 rms:feat/in-tree-mkdeb rms:feat/manpage-generator rms:fix/openssl4-tls-init rms:fix/multiarch-config-h-coinstall rms:staging rms:wiki rms:3.48 rms:3.47
rms:3.49.8-2 rms:3.49.8 rms:3.49.7 rms:3.49.6 rms:3.49.5 rms:3.49.4 rms:3.49.3 rms:3.48.21 rms:3.48.20 rms:3.48.19 rms:3.48.18 rms:3.48.17 rms:3.48.16 rms:3.48.13 rms:3.48.12 rms:3.48.11 rms:3.48.9 rms:3.48.10 rms:3.48.8 rms:3.48.7 rms:3.48.3 rms:3.48.6

3 Commits
3.49.8-2 ... master

Author SHA1 Message Date
Xavier Roche
2308e7bafd Merge pull request #407 from xroche/fix/mkdeb-orig-artifact-rev2 
mkdeb: cut a Debian revision >= 2 without bypassing the tool
 2026-06-20 15:46:57 +02:00
Xavier Roche
ef5691fc47 mkdeb: reuse a frozen orig tarball for a Debian revision >= 2 
mkdeb.sh regenerated the upstream orig from a fresh `git archive HEAD | make
dist` on every run. That is right for a -1 release, but a Debian revision >= 2
reuses the orig frozen in the archive at -1: the .dsc pins it by checksum, and
a regenerated orig (different mtimes, and content drift whenever the release
tooling shipped in EXTRA_DIST changes) gets rejected by dak. The -2 upload had
to bypass mkdeb.sh and stitch the package by hand.

Derive the upstream version and Debian revision from debian/changelog and let
the revision pick the orig: revision 1 builds a fresh tarball as before;
revision >= 2 reuses the one passed with --orig FILE, untouched. The --orig
requirement is enforced only for a signed (upload-bound) build: an unsigned
build is a throwaway (CI, local lintian) that can never reach the archive, so
it still regenerates the orig as before rather than demanding a frozen one.

Two guards close the gap the old code left implicit: the regenerate path
asserts the built tarball matches the changelog version (catching a
configure.ac/changelog skew), and the overlay step confirms the orig unpacks
to httrack-<ver>/ before dropping debian/ on top.

Validated end to end by reusing the official 3.49.8 orig to build 3.49.8-2:
the resulting .dsc pins the frozen orig's checksum byte for byte.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Xavier Roche <roche@httrack.com>
 2026-06-20 15:44:12 +02:00
Xavier Roche
0a6eb73903 mkdeb: emit the orig website artifact on a Debian revision >= 2 
The release-artifacts step signs and checksums httrack_<ver>.orig.tar.gz in
$outdir, but $outdir is populated by `dcmd cp` from the .changes, which lists
only the files in the upload. dpkg-genchanges omits the orig from a revision
>= 2 .changes (it is already in the archive), so the orig never reached
$outdir and `gpg --detach-sign` failed with "No such file or directory",
aborting a -2 (or later) release after the source package was already built.

Copy the orig from the build tree into $outdir before signing so the website
artifacts are produced regardless of the Debian revision. The upload is
unaffected: dput uploads the .changes-referenced files, not the extra orig.

CI didn't catch this because the deb job builds unsigned and the artifact
block is gated on a signing key.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Xavier Roche <roche@httrack.com>
 2026-06-20 15:12:03 +02:00
1 changed files with 70 additions and 29 deletions
Expand all files Collapse all files

99
tools/mkdeb.sh
View File

@@ -20,6 +20,9 @@
# Options:
# -k, --key KEYID GPG key for signing (default: $DEBSIGN_KEYID)
# -o, --outdir DIR output directory (default: <repo>/dist)
# --orig FILE reuse this upstream orig tarball instead of
# regenerating it (required for a Debian revision
# >= 2, whose orig is frozen in the archive)
# -s, --source-only build only the source package
# -u, --unsigned do not sign anything (implies no release sigs)
# --no-release-artifacts skip the orig tarball .asc/.md5/.sha1
@@ -34,6 +37,10 @@
# chroot for the changelog's distribution; create one once with the companion
# tools/mk-sbuild-chroot.sh (rootless unshare backend).
#
# The Debian revision in debian/changelog decides the orig: revision 1 builds a
# fresh upstream tarball; revision >= 2 must reuse the orig frozen at revision 1
# (the .dsc references it by checksum), so pass it with --orig.
#
# SOURCE_DATE_EPOCH is honored for reproducible output.
set -euo pipefail
@@ -66,6 +73,7 @@ need() {
main() {
local key=${DEBSIGN_KEYID:-}
local outdir=""
local orig_in=""
local source_only=0
local unsigned=0
local release_artifacts=1
@@ -83,6 +91,11 @@ main() {
outdir=$2
shift 2
;;
--orig)
[[ $# -ge 2 ]] || die "missing argument for $1"
orig_in=$2
shift 2
;;
-s | --source-only)
source_only=1
shift
@@ -109,8 +122,8 @@ main() {
esac
done
need git autoreconf debuild dcmd
[[ $sbuild -eq 1 ]] && need sbuild dpkg-parsechangelog
need git autoreconf debuild dcmd dpkg-parsechangelog
[[ $sbuild -eq 1 ]] && need sbuild
if [[ $unsigned -eq 0 ]]; then
need gpg
[[ -n $key ]] || die "no signing key (pass --key or set DEBSIGN_KEYID, or use --unsigned)"
@@ -122,6 +135,11 @@ main() {
mkdir -p "$outdir"
outdir=$(cd "$outdir" && pwd)
if [[ -n $orig_in ]]; then
[[ -r $orig_in ]] || die "--orig file not readable: $orig_in"
orig_in=$(cd "$(dirname "$orig_in")" && pwd)/$(basename "$orig_in")
fi
scratch=$(mktemp -d "${TMPDIR:-/tmp}/httrack-mkdeb.XXXXXX")
trap 'rm -rf -- "$scratch"' EXIT
@@ -133,39 +151,58 @@ main() {
git -C "$repo/src/coucal" archive --format=tar --prefix=src/coucal/ HEAD |
tar -x -C "$export_dir"
# Refresh build system and man page, then build the tarball. We build here
# only because regen-man needs the compiled binaries; the test suite is not
# run in this pass. debuild (below) runs the full suite once, with the online
# tests enabled, so a check here would just be a slower, offline-only repeat.
info "regenerating build system and man page"
(
cd "$export_dir"
autoreconf -fi
./configure --quiet
make -s -j"$(nproc)"
make -s -C man regen-man
# Build the tarball from a clean tree so no object files leak into it.
make -s clean
make -s dist
)
# Upstream version and Debian revision drive the orig: revision 1 builds a
# fresh tarball, revision >= 2 reuses the one frozen at -1 (the .dsc pins it
# by checksum, so a regenerated orig with new mtimes would be rejected).
local fullver ver rev
fullver=$(cd "$export_dir" && dpkg-parsechangelog -S Version)
ver=${fullver%-*}
rev=${fullver##*-}
local orig=httrack_${ver}.orig.tar.gz
info "version $ver (Debian revision $rev)"
local tarball ver
local -a tarballs
shopt -s nullglob
tarballs=("$export_dir"/httrack-*.tar.gz)
shopt -u nullglob
[[ ${#tarballs[@]} -ge 1 ]] || die "make dist produced no tarball"
tarball=${tarballs[0]##*/}
ver=${tarball#httrack-}
ver=${ver%.tar.gz}
info "version $ver"
# A signed build is upload-bound, so a revision >= 2 must reuse the frozen
# orig (--orig); an unsigned build is a throwaway (CI, local) and may
# regenerate it, since it can never reach the archive.
if [[ -z $orig_in && $rev != 1 && $unsigned -eq 0 ]]; then
die "Debian revision $rev needs --orig FILE (the orig is frozen from revision 1)"
fi
if [[ -n $orig_in ]]; then
info "reusing upstream tarball $orig_in"
cp -- "$orig_in" "$scratch/$orig"
else
# Refresh build system and man page, then build the tarball. We build
# here only because regen-man needs the compiled binaries; the test
# suite is not run in this pass. debuild (below) runs the full suite
# once, online tests enabled, so a check here would just repeat it.
info "regenerating build system and man page"
(
cd "$export_dir"
autoreconf -fi
./configure --quiet
make -s -j"$(nproc)"
make -s -C man regen-man
# Build the tarball from a clean tree so no object files leak in.
make -s clean
make -s dist
)
local -a tarballs
shopt -s nullglob
tarballs=("$export_dir"/httrack-*.tar.gz)
shopt -u nullglob
[[ ${#tarballs[@]} -ge 1 ]] || die "make dist produced no tarball"
local tarball=${tarballs[0]##*/}
[[ $tarball == "httrack-$ver.tar.gz" ]] ||
die "changelog version $ver disagrees with built tarball $tarball (configure.ac mismatch?)"
cp -- "$export_dir/$tarball" "$scratch/$orig"
fi
# 3.0 (quilt): orig tarball is upstream-only; debian/ is overlaid on top.
local orig=httrack_${ver}.orig.tar.gz
cp -- "$export_dir/$tarball" "$scratch/$orig"
(
cd "$scratch"
tar -xf "$orig"
[[ -d httrack-$ver ]] || die "orig tarball does not unpack to httrack-$ver/"
cp -a "$export_dir/debian" "httrack-$ver/debian"
)
@@ -219,8 +256,12 @@ main() {
fi
# Release artifacts for the upstream tarball (detached sig + checksums).
# A Debian revision >= 2 .changes omits the orig (it is already in the
# archive), so dcmd above won't have copied it; place it from the build tree
# so the website artifacts are produced regardless of the revision.
if [[ $release_artifacts -eq 1 && $unsigned -eq 0 ]]; then
info "signing upstream tarball"
cp -- "$scratch/$orig" "$outdir/$orig"
(
cd "$outdir"
gpg --armor --detach-sign --yes -u "$key" -- "$orig"