Skip to content
Snippets Groups Projects
Commit 4c92cf8d authored by Walter Lozano's avatar Walter Lozano
Browse files

Release debhelper version 13.24.1+apertis2 


Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
parent 28d61f89
1 merge request!41dh_setup_copyright: Rework to improve metadata
Pipeline #851277 passed
Stage: build-env
    Stage: license scan
      Stage: build
        Stage: upload
          Stage: OBS
            Stage: obs-capture
              Hide whitespace changes
              Inline Side-by-side
              Showing
              with 40 additions and 0 deletions
              debian/changelog
              + 40
              0
              View file @ 4c92cf8d
              debhelper (13.24.1+apertis2) apertis; urgency=medium
              * dh_setup_copyright: Rework to improve metadata.
              The inclusion of the package metadata provides useful information, however,
              its format and data does not cover all the needs.
              First, we need a reliable way of mapping compilation units to source files,
              since the each package does its own tweaks to build binaries causing debug
              information to report not very useful paths.
              Second, having a map from external sources to packages is useful, but we need
              to identify the file in the source tree to as well to be able to extract
              license and copyright information.
              And last but not least, the format of the metadata does not align with the
              SBOM reports we generate, as for each use case new metadata was added,
              without trying to provide more value.
              For these reasons, rework the code to provide a new metadata format which
              aligns with the SBOM generated at image build time, listing each artifact
              and the sources used to build them.
              * dh_setup_copyright: Add copyright information.
              The computation of the license and copyright information is done at
              image build time, which seemed good enough in early times, and gave
              us the flexibility to improve the logic in the image pipeline which
              runs on daily basis instead of at package build time. Unfortunately,
              through time, we understood that this approach had its limitations.
              First, compilation units provide information which we needed to map
              to files in the source tree. To overcome this difficulty, some
              workarounds were placed but those were not perfect.
              Second, when Rust and Go packages were supported it was clear that
              we needed to propagate lots of information to the image pipeline,
              such as copyright reports of the build dependencies and mappings
              between files and packages.
              Now, that additional support was added to allow improving the
              metadata, with information about non binary artifacts and shared
              libraries there is no point in propagating all the data to the image
              pipeline. Under these circumstances it is better to also compute
              the license and copyright information at build time. This also aligns
              well with the idea of having a SBOM at package level, which can
              be useful.
              -- Walter Lozano <walter.lozano@collabora.com> Mon, 24 Feb 2025 11:24:09 +0100
              debhelper (13.24.1+apertis1) apertis; urgency=medium
              * Rebase on top of debian/trixie
              ......
              0% or .
              You are about to add 0 people to the discussion. Proceed with caution.
              Finish editing this message first!
              Please register or to comment
              Apertis Website Terms of Use Privacy Policy