Hi Lucas, This is awesome ! It was the missing part of reproducing packaging.
Checking this is quite important, as some changes can get into Debian without anyone noticing. I already used such a trick to add back a tests folder before the next upstream release. I picked some PHP packages to check some results: - https://orig-check.debian.net/result/ddd0d6864cad4326cc353efe382dd1bd3b4443c9d29540f51c2ead713920d9f6 -> The tarballs are not identical, but the contents do. Can you throw a different error ? - https://orig-check.debian.net/result/93ff5415eca576a32a7787d6edd89a00759d1c6a5839750f9715e9ee64bd3afe -> I am not too sure why dscverify fails. But the "debian uupdate" did seem to be a standard, I am removing it from my packages as I can no see a difference with an without it. How was it supposed to work ? - https://orig-check.debian.net/result/1e65c45f230c2d92166506b6e67fd60e250520cb3dac80759444dd77371bccb6 -> A nice bug to catch on dscverify "Use of uninitialized value $status in pattern match (m//) at /usr/bin/dscverify line 157." -> Should my DM key be trusted ? - https://orig-check.debian.net/result/9ddbe16a5bc7b2951cb2d1c2d1a81e8558d400b97e561aac8700de7181944664 -> This one has PEAR packaging applied, it should reproduce 100%. right ? - Same for https://orig-check.debian.net/result/80129fdbf962e615e123f2ee612858107c1ba4d9509fe67ae40a102a7e9cb508 - Same for https://orig-check.debian.net/result/87a70c491e083b365692ed799a28dcd18245ebb45474713e88590f10a9a90e6e - Same for https://orig-check.debian.net/result/512b6555d406ba4f4d1b9600b83a3efa83c25c371a509a866bdd1dd5b801e1e7 - https://orig-check.debian.net/result/a087e2e6b89cc7314b3c83d1352c2b5bfbccf3471b7a4fbb4c6ac986372a3144 -> you can see that the normalized compare shows files removed by gbp filter: https://salsa.debian.org/matomo-team/doctrine-cache/-/blob/debian/unstable/debian/gbp.conf?ref_type=heads#L5 -> I think this might require a fix in your process. Quite some of my packages have .git* files removed - I guess same on https://orig-check.debian.net/result/78e971747e32dc6e7904e79fe6bb988fa568678d0eaf613ab546903658c8ff0f not one of mine. - Same https://orig-check.debian.net/result/07c57ce108e93ec9cac8e24c744eb6ce1cc8de034ef37e619bc655d4a67b990d - https://orig-check.debian.net/result/b4c755e772ac980316df0c58022405bce70b1d06eddc3ce4ea4e0476f0144d02 -> dscverify should not fail for phpmyadmin, right ? -> I am not sure why it said "290 - uscan did not produce an orig tarball with matching name". On my workstation it repacks after removing d/copyright excluded files. There is quite a lot of "version not found" on https://orig-check.debian.net/statistics Some of them are just very old tags, that can not be found by the current uscan. Maybe it would be worth it to trick uscan by giving an direct GitHub tag url and it would find the origin tarball ? And for some of scan failed: "504 Gateway Time-out" could you detect it for github.com and re try some seconds after ? For example for shotcut. Thank you for your great work ! -- William Desportes ---- Le Mon, 15 Dec 2025 09:35:19 +0100 Lucas Nussbaum <[email protected]> a écrit ---- > Hi, > > I've been working on orig-check, a service that tries to reproduce the > generation of upstream tarballs (e.g. .orig.tar.gz) from what is > described in the debian/watch file. > > See https://orig-check.debian.net/ > > An example result (with upstream code differences!) is > https://orig-check.debian.net/result/56e0b269926a70522ccb1db6d84b82ce48d5d088dc5938773c44b2bd8bd055ba > > The results are also provided in a new column on > https://udd.debian.org/dmd/ . > There's a json export at https://orig-check.debian.net/results.json if > other services would like to integrate the results. > > At this point I consider the service to be in a reasonable state, and > I'm mainly interested in feedback, requests for improvements, etc. > > Thanks to the DebianNet team for providing hosting > (https://wiki.debian.org/Teams/DebianNet) > > Lucas > >
