Shorewall devel - Oct 2007 - Maintenance of Debian Shorewall packages

(Please keep the list in the CC)

Lorenzo,

We (on the Shorewall development list) have been discussing the best way
to help the situation with the Debian packages of Shorewall. In
particular, the 3.4 packages have fallen somewhat behind and there is so
far no news of 4.0 packages.  Many Debian users are put out by this.

We have developed three possible options to remedy the situation (these
are in preference order):

  1. You can allow me to take over the official Shorewall packages (I
  have recently become the upstream maintainer for the 3.4 branch of
  Shorewall and will definitely be getting more involved in 4.0 if I am
  to package it).  This would allow me to bring the 3.4 packages up to
  date and also to start creating some 4.0 packages (which I am
  currently reluctant to do, since I see that as something at which you
  should have the first opportunity as the maintainer of the current
  packages).

  2. You can "join" the upstream team and become more involved in
  upstream maintenance, and as a consequence maintenance of the Debian
  packages.  I am not if this could work, since you appear to be quite
  busy and not answering many mails.

  3. We (the upstream developers) can create our own Debian packages and
  distribute them independently of Debian.  This is my least favorite
  option since I think that the presence of official and unofficial
  packages for the same software only serves to confuse the users.


Please let us know what you think.  We would really like to provide the
users of Shorewall with the best possible experience.  Given Tom''s very
quick release cycle, we think that this means that the Debian package
maintainer (whoever that happens to be or ends up being) needs to be
much more closely involved in the upstream development in order to more
quickly release packages.

Kind regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Lorenzo Martignoni wrote:
> ...
> I''m awfully sorry for not keeping the Debian package up-to-date
and in
> a good shape but I''m really really busy with my work.
> 
> I don''t like the third solution and I think at the moment I
don''t have
> the time, and especially the energy, to join the upstream team.
> Roberto, I believe you are the best person to take over the package
> and I would be very glad if you became the new maintainer. As you are
> also part of the upstream team, you could probably transform the
> package into a native Debian package (no .diff would be needed
> anymore). If you don''t have the permissions to upload the package,
> just let me know. I would be happy to do that.
Lorenzo,

Thanks for your help over the years.  Your efforts are much appreciated.

Roberto,

Can i make a request that you store as much of the debian packaging
information and scripts as possible in the Shorewall svn (tools/build
would be a good place for it)?  I''d really like to be able to build
proper packages from the development svn tree.  :-)

Regards,
Paul
<http://paul.gear.dyndns.org>
--
Did you know?  If you receive a virus warning from a friend and not
through a virus software vendor, it''s likely to be a hoax.  See
<http://paul.gear.dyndns.org/features/virus_hoaxes> for more info.



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Did I miss a mail somewhere? I saw nothing from Lorenzo.
> > and I would be very glad if you became the new maintainer. As you are
> > also part of the upstream team, you could probably transform the
> > package into a native Debian package (no .diff would be needed
> > anymore).
Don''t do that. Native packages are for things which don''t have
upstream releases. Debian diffs are a good thing.

On Fri, Oct 12, 2007 at 02:55:35PM +1000, Paul Gear
wrote:
> Can i make a request that you store as much of the debian packaging
> information and scripts as possible in the Shorewall svn ?  I''d
really like to be able to build
> proper packages from the development svn tree.  :-)
This is always a bit tricky, because Debian releases and upstream
releases are inevitably out of sync - the branching patterns and
release dates just never line up. Trying to maintain a Debian package
in upstream revision control always leads to insanity and pain. It
seems tempting for somebody who works on both Debian and upstream to
only deal with one pile of source, but it *really* isn''t easier. (I
have probably tried just about every possible combination over the
years, including the one where you invent new revision control systems
to try to make it work. It''s much harder than it looks.)

The best approach is usually to maintain the Debian package
independently, and then regularly copy the debian/ directory back into
the upstream tree - so that part of the tree is actually downstream
from the Debian package itself. It sounds a little weird, but it''s
invariably simpler than any of the other ways, and gets the job done.

It''s also best if those files are not included in the upstream release
tarballs, as that tends to cause user confusion and really doesn''t
help anybody (all those who can use it, can get it more directly from
a Debian mirror).
> (tools/build
> would be a good place for it)
Debian packaging has to be placed in the root of the source
tree. Getting anything else to work right requires deep understanding
of the very gnarly internals of the package build process, and the
three or four layers of abstraction it''s usually buried under.
There''s
probably about a dozen people who could pull it off, and none of them
would want to.

Given the current arrangement of the tree, this means there have to be
three batches of it.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Andrew Suffield wrote:
> Did I miss a mail somewhere?
Yes.  :-)
> ...
> On Fri, Oct 12, 2007 at 02:55:35PM +1000, Paul Gear wrote:
>> Can i make a request that you store as much of the debian packaging
>> information and scripts as possible in the Shorewall svn ? 
I''d
>> really like to be able to build proper packages from the
>> development svn tree.  :-)
> ...
> (I have probably tried just about every possible combination over the
> years, including the one where you invent new revision control
> systems to try to make it work. It''s much harder than it looks.)
You are one serious masochist.  :-)
> ...
> The best approach is usually to maintain the Debian package 
> independently, and then regularly copy the debian/ directory back
> into the upstream tree - so that part of the tree is actually
> downstream from the Debian package itself. It sounds a little weird,
> but it''s invariably simpler than any of the other ways, and gets
the
> job done.
That sounds fine to me.  Like i said, my motivation here is to make it
easier to build Debian packages from svn.
> It''s also best if those files are not included in the upstream
> release tarballs, as that tends to cause user confusion and really
> doesn''t help anybody (all those who can use it, can get it more
> directly from a Debian mirror).
Agreed.
>> (tools/build would be a good place for it)
> 
> Debian packaging has to be placed in the root of the source tree.
> Getting anything else to work right requires deep understanding of
> the very gnarly internals of the package build process, and the three
> or four layers of abstraction it''s usually buried under.
There''s
> probably about a dozen people who could pull it off, and none of them
>  would want to.
I''ll bow to your experience here - i''ve only developed a few
private
packages.  However, i don''t think it''s unreasonable to want to
build
packages from the Shorewall svn tree, and however much of that that
Roberto can facilitate without undue effort would be appreciated.

-- 
Paul
<http://paul.gear.dyndns.org>
--
Did you know?  Viewing your email in HTML mode makes you more vulnerable
to ''phishing'' (fraudulent email) and ''spam''
(junk email).  Find out more
about protecting yourself at
<http://www.spamhelp.co.uk/2004/05/dont-use-webmail-view-html-spam-emails.html>.



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 04:43:19PM +1000, Paul Gear
wrote:
> However, i don''t think it''s unreasonable to want to build
> packages from the Shorewall svn tree, and however much of that that
> Roberto can facilitate without undue effort would be appreciated.
It''s a fairly common desire - the important part is not to let it get
out of hand. You can manage "good enough" with a minimum of
effort. When you try to find an ideal solution (specifically, one
where everything is always up to date and no data is duplicated), it
becomes horribly complex - I''m actually more or less convinced that
the problem is intractable, or at least requires radical new
developments in our understanding of software.

Hence - keep it *simple*, even if it''s less than perfect. Solve the
one problem of building packages from the svn tree, and stop there.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 02:55:35PM +1000, Paul Gear
wrote:
> Lorenzo Martignoni wrote:
> > ...
> > I''m awfully sorry for not keeping the Debian package
up-to-date and in
> > a good shape but I''m really really busy with my work.
> > 
> > I don''t like the third solution and I think at the moment I
don''t have
> > the time, and especially the energy, to join the upstream team.
> > Roberto, I believe you are the best person to take over the package
> > and I would be very glad if you became the new maintainer. As you are
> > also part of the upstream team, you could probably transform the
> > package into a native Debian package (no .diff would be needed
> > anymore). If you don''t have the permissions to upload the
package,
> > just let me know. I would be happy to do that.
> 
Lorenzo,

Thank you for agreeing.  I will prepare a new upload and adopt the
package in the next week or so.  I don''t think that a formal RFA/ITA is
necessary since I will be doing this with your blessing.
> Lorenzo,
> 
> Thanks for your help over the years.  Your efforts are much appreciated.
> 
Agreed.  I know that the fact that Shorewall has been packaged into
Debian made it accessible to me in the first place.
> Roberto,
> 
> Can i make a request that you store as much of the debian packaging
> information and scripts as possible in the Shorewall svn (tools/build
> would be a good place for it)?  I''d really like to be able to
build
> proper packages from the development svn tree.  :-)
> 
I would like to be able to build from Shorewall svn as well.  However, I
agree with Andrew''s comment in this thread that storing the debian/
directory directly in svn is probably a bad idea.  Let me first work on
an updated package so that we can get 3.4.7 into Debian and then I will
work on a solution for being able to build directly from svn.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Paul Gear wrote:
> Lorenzo,
> 
> Thanks for your help over the years.  Your efforts are much appreciated.
Like Andrew, I seem to be missing Lorenzo''s original post. So
I''ll add my
public thanks to Lorenzo on top of Paul''s.

I very much appreciate Lorenzo''s contribution over the years. A lot
more
users have had access to Shorewall as a result of Lorenzo''s efforts.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Roberto C. Sánchez wrote:
> 
> I would like to be able to build from Shorewall svn as well.  However, I
> agree with Andrew''s comment in this thread that storing the
debian/
> directory directly in svn is probably a bad idea.  Let me first work on
> an updated package so that we can get 3.4.7 into Debian and then I will
> work on a solution for being able to build directly from svn.
> 
Roberto,

I''m unfamiliar with the current Debian release schedule but
I''d like to
encourage you to do everything you can to ensure that there is a Shorewall 4
package available in the next major Debian release. Otherwise, we''ll to
be
in the same old boat where when the new Debian stable release comes out, it
is already a major Shorewall release behind the upstream.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 09:16:47AM -0700, Tom Eastep
wrote:
> 
> Roberto,
> 
> I''m unfamiliar with the current Debian release schedule but
I''d like to
> encourage you to do everything you can to ensure that there is a Shorewall
4
> package available in the next major Debian release. Otherwise,
we''ll to be
> in the same old boat where when the new Debian stable release comes out, it
> is already a major Shorewall release behind the upstream.
> 
Tom,

We have had a stable release this year (on 8 April).  So, it will be at
least 6 more months, likely 12, before the next.  This gives us some
breathing room.  Since the 3.4 branch is still supported, I intend to
create some shorewall4-* packages and just have them conflict with the
existing shorewall-* packages.  This will ensure that users who prefer
to use the legacy 3.x branch can continue do so.  The only thing that
would cause me to rethink this is if you announce an intent to
completely discontinue support for the 3.4 branch within the next 6 to
12 months.

Regards,

-Roberto


-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 09:16:47AM -0700, Tom Eastep
wrote:
> I''m unfamiliar with the current Debian release schedule but
I''d like to
> encourage you to do everything you can to ensure that there is a Shorewall
4
> package available in the next major Debian release.
The last one was in April, and they''re usually 18-24 months apart (the
current rough goal is October 2008, but these rough goals are
routinely missed by months). Not an issue.
> Otherwise, we''ll to be
> in the same old boat where when the new Debian stable release comes out, it
> is already a major Shorewall release behind the upstream.
I think shorewall would be a suitable candidate for uploading into
volatile-sloppy, which lets users install individual updated packages
on stable systems. That should eliminate this issue, for both the
current release and future ones. (Other well-known packages which are
handled by the volatile system include spamassassin and clamav;
shorewall would get filed under ''sloppy'' because upgrades
across
releases require administrative attention to changes in the config
files, so should not be performed automatically)

Basically, a user would run a pure Debian-stable system on their
firewall, with the single exception of the shorewall package.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Roberto C. Sánchez wrote:
> The only thing that
> would cause me to rethink this is if you announce an intent to
> completely discontinue support for the 3.4 branch within the next 6 to
> 12 months.
I might drop support for 3.2 in that timeframe but not 3.4.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 10:38:44AM -0700, Tom Eastep
wrote:
> Roberto C. Sánchez wrote:
> 
> > The only thing that
> > would cause me to rethink this is if you announce an intent to
> > completely discontinue support for the 3.4 branch within the next 6 to
> > 12 months.
> 
> I might drop support for 3.2 in that timeframe but not 3.4.
> 
Not a problem.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 06:17:43PM +0100, Andrew Suffield
wrote:
> 
> I think shorewall would be a suitable candidate for uploading into
> volatile-sloppy, which lets users install individual updated packages
> on stable systems. That should eliminate this issue, for both the
> current release and future ones. (Other well-known packages which are
> handled by the volatile system include spamassassin and clamav;
> shorewall would get filed under ''sloppy'' because upgrades
across
> releases require administrative attention to changes in the config
> files, so should not be performed automatically)
> 
> Basically, a user would run a pure Debian-stable system on their
> firewall, with the single exception of the shorewall package.
> 
Personally, I would prefer to go the backports.org route.  What would be
the advantages of the volatile route?

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 04:41:25PM -0400, Roberto C. S?nchez
wrote:
> On Fri, Oct 12, 2007 at 06:17:43PM +0100, Andrew Suffield wrote:
> > 
> > I think shorewall would be a suitable candidate for uploading into
> > volatile-sloppy, which lets users install individual updated packages
> > on stable systems. That should eliminate this issue, for both the
> > current release and future ones. (Other well-known packages which are
> > handled by the volatile system include spamassassin and clamav;
> > shorewall would get filed under ''sloppy'' because
upgrades across
> > releases require administrative attention to changes in the config
> > files, so should not be performed automatically)
> > 
> > Basically, a user would run a pure Debian-stable system on their
> > firewall, with the single exception of the shorewall package.
> > 
> Personally, I would prefer to go the backports.org route.  What would be
> the advantages of the volatile route?
Integration and mirroring, but backports.org would also suffice to
solve the problem.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Fri, Oct 12, 2007 at 07:18:13AM +0100, Andrew Suffield
wrote:
> 
> The best approach is usually to maintain the Debian package
> independently, and then regularly copy the debian/ directory back into
> the upstream tree - so that part of the tree is actually downstream
> from the Debian package itself. It sounds a little weird, but it''s
> invariably simpler than any of the other ways, and gets the job done.
> 
OK.  I will be doing this starting now.  That is, I will remove the
debian/ dierctory from the 3.4 branch (as that branch will see no
further releases packaged for Debian) and then start copying the
debian/directory into 4.0 and trunk.

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Mon, Oct 22, 2007 at 09:24:16AM -0400, Roberto C. S?nchez
wrote:
> On Fri, Oct 12, 2007 at 07:18:13AM +0100, Andrew Suffield wrote:
> > 
> > The best approach is usually to maintain the Debian package
> > independently, and then regularly copy the debian/ directory back into
> > the upstream tree - so that part of the tree is actually downstream
> > from the Debian package itself. It sounds a little weird, but
it''s
> > invariably simpler than any of the other ways, and gets the job done.
> > 
> 
> OK.  I will be doing this starting now.  That is, I will remove the
> debian/ dierctory from the 3.4 branch (as that branch will see no
> further releases packaged for Debian) and then start copying the
> debian/directory into 4.0 and trunk.
For some reason, the debian/ directory is missing from
shorewall-common in the 4.0.6-RC1 tarball - it''s present in the other
components. Bug in the release building script?

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 05:21:08PM +0000, Andrew Suffield
wrote:
> On Mon, Oct 22, 2007 at 09:24:16AM -0400, Roberto C. S?nchez wrote:
> > On Fri, Oct 12, 2007 at 07:18:13AM +0100, Andrew Suffield wrote:
> > > 
> > > The best approach is usually to maintain the Debian package
> > > independently, and then regularly copy the debian/ directory back
into
> > > the upstream tree - so that part of the tree is actually
downstream
> > > from the Debian package itself. It sounds a little weird, but
it''s
> > > invariably simpler than any of the other ways, and gets the job
done.
> > > 
> > 
> > OK.  I will be doing this starting now.  That is, I will remove the
> > debian/ dierctory from the 3.4 branch (as that branch will see no
> > further releases packaged for Debian) and then start copying the
> > debian/directory into 4.0 and trunk.
> 
> For some reason, the debian/ directory is missing from
> shorewall-common in the 4.0.6-RC1 tarball - it''s present in the
other
> components. Bug in the release building script?
Also, this bit in debian/rules:

export V=`cat install.sh | grep "^VERSION=" | head -n 1 | cut -f 2 -d
"="`
VMAJOR:=$(shell echo $(V) |cut -f 1 -d .)
VMINOR:=$(shell echo $(V) |cut -f 2 -d .)
VPATCH:=$(shell echo $(V) |cut -f 3 -d .)
NEXTPATCH:=$(shell expr $(VPATCH) + 1)

breaks when the version number ends in -RC1. And you win the "useless
use of cat" award.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Andrew Suffield wrote:
> 
> For some reason, the debian/ directory is missing from
> shorewall-common in the 4.0.6-RC1 tarball - it''s present in the
other
> components. Bug in the release building script?
I''m guessing that the build script wasn''t updated when a
''debian''
directory was added to the other components. The debian directory has
traditionally not been released.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 05:21:08PM +0000, Andrew Suffield
wrote:
> 
> For some reason, the debian/ directory is missing from
> shorewall-common in the 4.0.6-RC1 tarball - it''s present in the
other
> components. Bug in the release building script?
> 
Hmm.  When I created the 4.0.5 Debian packages, I removed the debian/
directories that were in svn and then copied over the new ones.  They
are there in the repository.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Roberto C. Sánchez wrote:
> On Sun, Oct 28, 2007 at 05:21:08PM +0000, Andrew Suffield wrote:
>> For some reason, the debian/ directory is missing from
>> shorewall-common in the 4.0.6-RC1 tarball - it''s present in
the other
>> components. Bug in the release building script?
>>
> Hmm.  When I created the 4.0.5 Debian packages, I removed the debian/
> directories that were in svn and then copied over the new ones.  They
> are there in the repository.
What Andrew is reporting is that the tarball for shorewall-common
doesn''t contain the debian/ directory while the tarballs for the other
three components do contain that directory.

The buildShorewall script explicitly removes the debian/ directory
before creating the shorewall-common tarball since we have not been
releasing that directory. So if you want debian/ included in all
tarballs, then you need to modify the buildShorewall file; similarly if
you want it to be excluded from all tarballs. You might (or might not)
want to add debian to the exclude.txt file; that file determines which
files/directories don''t contribute to the patch-vv.vv.vv file.

I''m neutral about whether it gets released or not -- if the directory
is
useful to Debian users then by all means go ahead and include it.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 03:35:24PM -0700, Tom Eastep
wrote:
> I''m neutral about whether it gets released or not -- if the
directory is
> useful to Debian users then by all means go ahead and include it.
It''s handy for testing, if you know what you''re doing. Maybe
not so
useful to generic users who don''t understand how Debian packages work.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 05:29:30PM +0000, Andrew Suffield
wrote:
> 
> Also, this bit in debian/rules:
> 
> export V=`cat install.sh | grep "^VERSION=" | head -n 1 | cut -f
2 -d "="`
> VMAJOR:=$(shell echo $(V) |cut -f 1 -d .)
> VMINOR:=$(shell echo $(V) |cut -f 2 -d .)
> VPATCH:=$(shell echo $(V) |cut -f 3 -d .)
> NEXTPATCH:=$(shell expr $(VPATCH) + 1)
> 
> breaks when the version number ends in -RC1. And you win the "useless
> use of cat" award.
> 
OK.  Now fixed in svn.  I also removed the cat command.  It was a
leftover from Lorenzo and my goal when packaging 4.0.5 was to make the
smallest possible number of changes.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 03:35:24PM -0700, Tom Eastep
wrote:
> 
> What Andrew is reporting is that the tarball for shorewall-common
> doesn''t contain the debian/ directory while the tarballs for the
other
> three components do contain that directory.
> 
> The buildShorewall script explicitly removes the debian/ directory
> before creating the shorewall-common tarball since we have not been
> releasing that directory. So if you want debian/ included in all
> tarballs, then you need to modify the buildShorewall file; similarly if
> you want it to be excluded from all tarballs. You might (or might not)
> want to add debian to the exclude.txt file; that file determines which
> files/directories don''t contribute to the patch-vv.vv.vv file.
> 
> I''m neutral about whether it gets released or not -- if the
directory is
> useful to Debian users then by all means go ahead and include it.
> 
I''m OK with releasing it.  It can be helpful to advanced users and
should not bother users who don''t know what to do with it.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Roberto C. Sánchez wrote:
> I''m OK with releasing it.  It can be helpful to advanced users and
> should not bother users who don''t know what to do with it.
Are you changing the build script or am I?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 11:27:19PM +0000, Andrew Suffield
wrote:
> On Sun, Oct 28, 2007 at 03:35:24PM -0700, Tom Eastep wrote:
> > I''m neutral about whether it gets released or not -- if the
directory is
> > useful to Debian users then by all means go ahead and include it.
> 
> It''s handy for testing, if you know what you''re doing.
Maybe not so
> useful to generic users who don''t understand how Debian packages
work.
> 
OK.  For the time being (until the build script gets fixed) you can get
the debian/ directories.  The are located in two places (and are
identical): /trunk/Shorewall-{common,perl,shell,lite} or
/debian/shorewall-{common,perl,shell,lite}/trunk

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 04:33:57PM -0700, Tom Eastep
wrote:
> Roberto C. Sánchez wrote:
> 
> > I''m OK with releasing it.  It can be helpful to advanced
users and
> > should not bother users who don''t know what to do with it.
> 
> Are you changing the build script or am I?
> 
Actually, on second thought, I''d rather not ship the debian/ directory.
The reason is that if it is shipped I must repack the release tarball to
not contain it.  This means that the .orig.tar.gz that gets uploaded to
Debian will have a different md5sum from the release tarball.

I''d rather work on automating the creation of debian packages for users
who wish to grab the latest release candidate or directly from
subversion.  For normal releases, the delay should be no more than 1 or
2 days from the time of release until the packages are uploaded.  Also,
if you like, I can start uploading release candidates to experimental.
It would not be hard at all.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Roberto C. Sánchez wrote:
> On Sun, Oct 28, 2007 at 04:33:57PM -0700, Tom Eastep wrote:
>> Are you changing the build script or am I?
>>
> Actually, on second thought, I''d rather not ship the debian/
directory.
> The reason is that if it is shipped I must repack the release tarball to
> not contain it.  This means that the .orig.tar.gz that gets uploaded to
> Debian will have a different md5sum from the release tarball.
> 
> I''d rather work on automating the creation of debian packages for
users
> who wish to grab the latest release candidate or directly from
> subversion.  For normal releases, the delay should be no more than 1 or
> 2 days from the time of release until the packages are uploaded.  Also,
> if you like, I can start uploading release candidates to experimental.
> It would not be hard at all.
> 
I think that for major releases, it would be good to upload the release
candidates. I think it''s a waste of time for dot releases.

So again -- who is modifying the build script? Right now, it is
including debian/ in three tarballs and dropping it from the fourth.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Tom Eastep wrote:
>
> 
> So again -- who is modifying the build script? Right now, it is
> including debian/ in three tarballs and dropping it from the fourth.
> 
I did it.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

On Sun, Oct 28, 2007 at 04:43:32PM -0700, Tom Eastep
wrote:
> Roberto C. Sánchez wrote:
> > On Sun, Oct 28, 2007 at 04:33:57PM -0700, Tom Eastep wrote:
> 
> >> Are you changing the build script or am I?
> >>
> > Actually, on second thought, I''d rather not ship the debian/
directory.
> > The reason is that if it is shipped I must repack the release tarball
to
> > not contain it.  This means that the .orig.tar.gz that gets uploaded
to
> > Debian will have a different md5sum from the release tarball.
> > 
> > I''d rather work on automating the creation of debian packages
for users
> > who wish to grab the latest release candidate or directly from
> > subversion.  For normal releases, the delay should be no more than 1
or
> > 2 days from the time of release until the packages are uploaded. 
Also,
> > if you like, I can start uploading release candidates to experimental.
> > It would not be hard at all.
> > 
> 
> I think that for major releases, it would be good to upload the release
> candidates. I think it''s a waste of time for dot releases.
> 
> So again -- who is modifying the build script? Right now, it is
> including debian/ in three tarballs and dropping it from the fourth.
> 
Could you modify it?  When I looked in the build script, I only found
one instance of ''rm -rf $FOODIR/debian''.  So, I would have to
comb
through it to find where to insert the other calls.  It is not something
I am inclined to do at the moment.

That said, do we want (or need) the debian/ directories in
Shorewall-{common,lite,shell,perl} or do we want to keep them seperate?
If the latter, then we can modify the build script to not do anything
related to the debian/ directories and then I don''t have to worry about
keeping them in sync.  If we will be uploading most things anyway, then
there is little sense in having me keep the debian directories in sync.
Especially if they will not be released.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Andrew Suffield wrote:
> ...
> export V=`cat install.sh | grep "^VERSION=" | head -n 1 | cut -f
2 -d "="`
> ...
> And you win the "useless use of cat" award.
Don''t you hate it when that happens!  :-)  I also like the
"useless use
of grep before awk" award.

-- 
Paul
<http://paul.gear.dyndns.org/>
--
Are you tired of the major political parties?  Do you want to make a
difference with your vote?  Please support the Family First Party in
your local electorate, and Jeff Buchanan and the Queensland Senate team.
See <http://www.familyfirstqld.org.au/> for more details, or ask me
about how you can help in the electorate of Bowman.



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/