Reinhard Tartler <siret...@tauware.de> writes: >>>> I noticed this while working on cosign, I'm deep in a dependency >>>> chain >>>> involving buildkite and webpki-jsoncanonicalizer and noticed that the >>>> crc package states a requirement on webpki-jsoncanonicalizer but >>>> never >>>> seems to use it. So I'd like to do an upload to drop it as a B-D >>>> (after >>>> carefully confirming that it doesn't break reverse rebuilds). >>> perfect. this webpki-jsoncanoicalizer is a really weird package, >>> and not >>> having to worry about it surely simplifies things. >> Heh, I have a surprise coming up real soon for you :) >> Hint: https://github.com/gowebpki/jcs > > wohoo! :-)
I've made an upload now, to use the above upstream project. This cleaned up upstream is used by buildkite as a Go build dependency. I compared the source code, there are only very minor changes but it does change the namespace a bit. This is packaged like a normal NEW package 'golang-github-gowebpki-jcs-dev'. Asking upstreams consumers of the webpki.org/cyberphone namespace to move to the new namespace seems like a good idea to me. For old package golang-webpki-org-jsoncanonicalizer-dev, I've changed to use 'Architecture: all' to avoid identical files on all arch's. I retained the old vendor'ed manually curated files, but now they are shipped in debian/ and installed into a compatibility binary package with the old name. The /usr/bin test binaries have simply been dropped, they weren't used in Debian and I'm hoping nobody needs them. Thoughts? See the majority of debian/* changes below compared to the existing version. I suspect the upload will be stuck in the NEW queue for some time. /Simon
diff --git a/debian/README.source b/debian/README.source deleted file mode 100644 index 2566a42..0000000 --- a/debian/README.source +++ /dev/null @@ -1,11 +0,0 @@ -golang-webpki-org-jsoncanonicalizer for Debian ---------------------------------------------- - -The sources were created by copying sources from -https://github.com/cyberphone/json-canonicalization/tree/master/go - -The github repository contains implementation for a number of other languages -that are not necessary at this point - - -- Reinhard Tartler <siret...@tauware.de>, Sun, 12 Nov 2023 20:17:21 -0500 - diff --git a/debian/changelog b/debian/changelog index 7dc0223..5c2d494 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,24 @@ +golang-webpki-org-jsoncanonicalizer (1.0.1-1) unstable; urgency=medium + + * Use new upstream: https://github.com/gowebpki/jcs + - Change Homepage: and XS-Go-Import-Path URL. + - Drop debian/patches/*. + * Change to team maintained by Go team. + * Add golang-github-gowebpki-jcs-dev, this is the new + preferred Go development library to use. + * Drop binaries from golang-webpki-org-jsoncanonicalizer-dev. + - Change Architecture from any to all. + - Change Multi-Arch from same to foreign. + - Add Description: note saying this package is deprecated. + - Continue to ship our vendor'ed upstream sources, only + now this is explicit rather than faking *.orig.tar.gz. + * Bump Standards-Version to 4.7.0. + * Run wrap-and-sort -satbk. + * Add d/gitlab-ci.yml. + * Fix Vcs-* URLs. + + -- Simon Josefsson <si...@josefsson.org> Tue, 19 Nov 2024 21:37:54 +0100 + golang-webpki-org-jsoncanonicalizer (0.20210204-1.1) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/control b/debian/control index 1917601..06a1956 100644 --- a/debian/control +++ b/debian/control @@ -2,20 +2,64 @@ Source: golang-webpki-org-jsoncanonicalizer Section: golang Priority: optional Testsuite: autopkgtest-pkg-go -Maintainer: Reinhard Tartler <siret...@tauware.de> +Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> +Uploaders: + Reinhard Tartler <siret...@tauware.de>, + Simon Josefsson <si...@josefsson.org>, Rules-Requires-Root: no -Build-Depends: debhelper-compat (= 13), - dh-golang, - golang-any, -Standards-Version: 4.6.2 -Homepage: https://github.com/cyberphone/json-canonicalization/tree/master/go -XS-Go-Import-Path: webpki.org/jsoncanonicalizer -Vcs-Browser: https://salsa.debian.org/debian/golang-webpki-org-jsoncanonicalizer -Vcs-Git: https://salsa.debian.org/debian/golang-webpki-org-jsoncanonicalizer.git +Build-Depends: + debhelper-compat (= 13), + dh-golang, + golang-any, + golang-github-stretchr-testify-dev, +Standards-Version: 4.7.0 +Homepage: https://github.com/gowebpki/jcs +Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-webpki-org-jsoncanonicalizer +Vcs-Git: https://salsa.debian.org/go-team/packages/golang-webpki-org-jsoncanonicalizer.git +XS-Go-Import-Path: github.com/gowebpki/jcs + +Package: golang-github-gowebpki-jcs-dev +Architecture: all +Multi-Arch: foreign +Depends: + golang-github-stretchr-testify-dev, + ${misc:Depends}, +Description: JSON canonicalization scheme library based on RFC 8785 (Go library) + Cryptographic operations like hashing and signing depend on that the + target data does not change during serialization, transport, or parsing. + By applying the rules defined by JCS (JSON Canonicalization Scheme), + data provided in the JSON [RFC8259 + (https://tools.ietf.org/html/rfc8259)] format can be exchanged "as is", + while still being subject to secure cryptographic operations. JCS + achieves this by building on the serialization formats for JSON + primitives as defined by ECMAScript [ES (https://ecma- + international.org/ecma-262/)], constraining JSON data to the I-JSON + [RFC7493 (https://tools.ietf.org/html//rfc7493)] subset, and through a + platform independent property sorting scheme. + . + Public RFC: (https://tools.ietf.org/html/rfc8785) + . + The JSON Canonicalization Scheme concept in a nutshell: + . + * Serialization of primitive JSON data types using methods compatible + with ECMAScript's JSON.stringify() + * Lexicographic sorting of JSON Object properties in a *recursive* + process + * JSON Array data is also subject to canonicalization, *but element + order remains untouched* + . + Original Work + . + This code was originally created by Anders Rundgren aka cyberphone and + can be found here: (https://github.com/cyberphone/json-canonicalization). + This fork and work is done with Anders' permission and is an attempt to + clean up the Golang version. + . + This package contains the Go development library. Package: golang-webpki-org-jsoncanonicalizer-dev -Architecture: any -Multi-Arch: same +Architecture: all +Multi-Arch: foreign Depends: ${misc:Depends}, Description: Golang library for a JCS (RFC 8785) compliant JSON canonicalizer @@ -29,3 +73,9 @@ Description: Golang library for a JCS (RFC 8785) compliant JSON canonicalizer sorting scheme. . Public RFC: https://tools.ietf.org/html/rfc8785 + . + This package contains the Go development library for the old + namespaces github.com/cyberphone/json-canonicalization and + webpki.org/jsoncanonicalizer which is still used by some Debian packages + as a build dependency. Please try to use golang-github-gowebpki-jcs-dev + whenever possible instead of this package. diff --git a/debian/copyright b/debian/copyright index ac22ef8..df31127 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,25 +1,38 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: golang-webpki-org-jsoncanonicalizer -Source: https://github.com/cyberphone/json-canonicalization/tree/master/go +Source: https://github.com/gowebpki/jcs +Upstream-Name: jcs Files: * Copyright: 2006-2019, WebPKI.org (http://webpki.org). + 2021 Bret Jordan & Benedikt Thoma, All rights reserved. License: Apache-2.0 Files: debian/* Copyright: 2023, Reinhard Tartler + 2024 Simon Josefsson <si...@josefsson.org> License: Apache-2.0 Comment: Debian Packaging has the same license as upstream +Files: debian/vendor/* +Copyright: 2006-2019, WebPKI.org (http://webpki.org). +License: Apache-2.0 +Comment: + The sources were created by Reinhard Tartler <siret...@tauware.de> by + copying sources from on Sun, 12 Nov 2023 20:17:21 -0500: + https://github.com/cyberphone/json-canonicalization/tree/master/go + License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + . + https://www.apache.org/licenses/LICENSE-2.0 + . Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS"BASIS, + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - On Debian systems, the complete text of the Apache License, - Version 2.0 can be found in '/usr/share/common-licenses/Apache-2.0'. +Comment: + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..cf320fa --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch = debian/latest +dist = DEP14 diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml new file mode 100644 index 0000000..594e14e --- /dev/null +++ b/debian/gitlab-ci.yml @@ -0,0 +1,6 @@ +# auto-generated, DO NOT MODIFY. +# The authoritative copy of this file lives at: +# https://salsa.debian.org/go-team/infra/pkg-go-tools/blob/master/config/gitlabciyml.go +--- +include: + - https://salsa.debian.org/go-team/infra/pkg-go-tools/-/raw/master/pipeline/test-archive.yml diff --git a/debian/golang-github-gowebpki-jcs-dev.install b/debian/golang-github-gowebpki-jcs-dev.install new file mode 100644 index 0000000..dd222db --- /dev/null +++ b/debian/golang-github-gowebpki-jcs-dev.install @@ -0,0 +1 @@ +usr/share diff --git a/debian/golang-webpki-org-jsoncanonicalizer-dev.install b/debian/golang-webpki-org-jsoncanonicalizer-dev.install new file mode 100644 index 0000000..591522a --- /dev/null +++ b/debian/golang-webpki-org-jsoncanonicalizer-dev.install @@ -0,0 +1,2 @@ +debian/vendor/es6numfmt.go usr/share/gocode/src/webpki.org/jsoncanonicalizer/ +debian/vendor/jsoncanonicalizer.go usr/share/gocode/src/webpki.org/jsoncanonicalizer/ diff --git a/debian/links b/debian/golang-webpki-org-jsoncanonicalizer-dev.links similarity index 100% rename from debian/links rename to debian/golang-webpki-org-jsoncanonicalizer-dev.links diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..e772481 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1 @@ +usr/bin diff --git a/debian/patches/move-test-files-around.patch b/debian/patches/move-test-files-around.patch deleted file mode 100644 index 963c284..0000000 --- a/debian/patches/move-test-files-around.patch +++ /dev/null @@ -1,16 +0,0 @@ -From: Reinhard Tartler <siret...@tauware.de> -Date: Sun, 12 Nov 2023 20:44:37 -0500 -X-Dgit-Generated: 0.20210204-1 387a0274353a30695190b0adc40a81203d54d0f2 -Subject: move test files around - - ---- - -diff --git a/test/verify-canonicalization.go b/test/canonicalization/verify.go -similarity index 100% -rename from test/verify-canonicalization.go -rename to test/canonicalization/verify.go -diff --git a/test/verify-numbers.go b/test/numbers/verify.go -similarity index 100% -rename from test/verify-numbers.go -rename to test/numbers/verify.go diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 393515a..0000000 --- a/debian/patches/series +++ /dev/null @@ -1,2 +0,0 @@ -wip.patch -move-test-files-around.patch diff --git a/debian/patches/wip.patch b/debian/patches/wip.patch deleted file mode 100644 index 7551c83..0000000 --- a/debian/patches/wip.patch +++ /dev/null @@ -1,16 +0,0 @@ -From: Reinhard Tartler <siret...@tauware.de> -Date: Sun, 12 Nov 2023 20:31:01 -0500 -X-Dgit-Generated: 0.20210204-1 1334e5df341e9e2c64851210185a3ddc4624e1d5 -Subject: wip - - ---- - -diff --git a/webpki.org/jsoncanonicalizer/es6numfmt.go b/es6numfmt.go -similarity index 100% -rename from webpki.org/jsoncanonicalizer/es6numfmt.go -rename to es6numfmt.go -diff --git a/webpki.org/jsoncanonicalizer/jsoncanonicalizer.go b/jsoncanonicalizer.go -similarity index 100% -rename from webpki.org/jsoncanonicalizer/jsoncanonicalizer.go -rename to jsoncanonicalizer.go diff --git a/debian/rules b/debian/rules index 70ae59b..44584c3 100755 --- a/debian/rules +++ b/debian/rules @@ -2,4 +2,3 @@ %: dh $@ --builddirectory=_build --buildsystem=golang --with=golang - diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..430bc9e --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,10 @@ +include: +- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +- https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml +- https://jas.pages.debian.net/reverse-dependency-ci/golang-webpki-org-jsoncanonicalizer.yml + +variables: + SALSA_CI_DISABLE_APTLY: 0 + SALSA_CI_ENABLE_WRAP_AND_SORT: 'true' + SALSA_CI_WRAP_AND_SORT_ARGS: '-satbk' + SALSA_CI_ENABLE_REVERSE_DEPENDENCY_BUILD: 1 diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..e6ce301 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,5 @@ +--- +Bug-Database: https://github.com/gowebpki/jcs/issues +Bug-Submit: https://github.com/gowebpki/jcs/issues/new +Repository: https://github.com/gowebpki/jcs.git +Repository-Browse: https://github.com/gowebpki/jcs diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..4987685 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 +opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz%,\ + uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/$1~$2$3/" \ + https://github.com/gowebpki/jcs/tags .*/v?(\d\S*)\.tar\.gz debian
signature.asc
Description: PGP signature
