Skip to content
Snippets Groups Projects
Commit 4c92cf8d authored by Walter Lozano's avatar Walter Lozano
Browse files

Release debhelper version 13.24.1+apertis2 


Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
parent 28d61f89
No related branches found
No related tags found
1 merge request!41dh_setup_copyright: Rework to improve metadata
Pipeline #851277 passed
Stage: build-env
Stage: license scan
Stage: build
Stage: upload
Stage: OBS
Stage: obs-capture
Pipeline: debhelper

#851418

    Hide whitespace changes
    Inline Side-by-side
    Showing
    with 40 additions and 0 deletions
    debian/changelog
    + 40
    0
    View file @ 4c92cf8d
    debhelper (13.24.1+apertis2) apertis; urgency=medium
    * dh_setup_copyright: Rework to improve metadata.
    The inclusion of the package metadata provides useful information, however,
    its format and data does not cover all the needs.
    First, we need a reliable way of mapping compilation units to source files,
    since the each package does its own tweaks to build binaries causing debug
    information to report not very useful paths.
    Second, having a map from external sources to packages is useful, but we need
    to identify the file in the source tree to as well to be able to extract
    license and copyright information.
    And last but not least, the format of the metadata does not align with the
    SBOM reports we generate, as for each use case new metadata was added,
    without trying to provide more value.
    For these reasons, rework the code to provide a new metadata format which
    aligns with the SBOM generated at image build time, listing each artifact
    and the sources used to build them.
    * dh_setup_copyright: Add copyright information.
    The computation of the license and copyright information is done at
    image build time, which seemed good enough in early times, and gave
    us the flexibility to improve the logic in the image pipeline which
    runs on daily basis instead of at package build time. Unfortunately,
    through time, we understood that this approach had its limitations.
    First, compilation units provide information which we needed to map
    to files in the source tree. To overcome this difficulty, some
    workarounds were placed but those were not perfect.
    Second, when Rust and Go packages were supported it was clear that
    we needed to propagate lots of information to the image pipeline,
    such as copyright reports of the build dependencies and mappings
    between files and packages.
    Now, that additional support was added to allow improving the
    metadata, with information about non binary artifacts and shared
    libraries there is no point in propagating all the data to the image
    pipeline. Under these circumstances it is better to also compute
    the license and copyright information at build time. This also aligns
    well with the idea of having a SBOM at package level, which can
    be useful.
    -- Walter Lozano <walter.lozano@collabora.com> Mon, 24 Feb 2025 11:24:09 +0100
    debhelper (13.24.1+apertis1) apertis; urgency=medium
    * Rebase on top of debian/trixie
    ......
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment
    Apertis Website Terms of Use Privacy Policy