Can't build Debian source package - dpkg-source: error: can't build with source format '3.0 (quilt)' about tarsnap HOT 5 CLOSED

Hi, thanks for the report.

Could you please elaborate on where you found the dpkg-buildpackage -rfakeroot -d -us -uc -sa -i -S command? Our instructions https://github.com/Tarsnap/tarsnap/blob/master/pkg/README.md say to use dpkg-buildpackage -b and that seems to work.

I believe that we are following the recommendation to provide 3.0 (quilt) packages. If you follow the instructions in
https://github.com/Tarsnap/tarsnap/blob/master/pkg/DEBIAN.md and add deb-src http://pkg.tarsnap.com/deb-src/ ./ to your /etc/apt/sources.list, then you can run apt-get source tarsnap to get the original tarball, .debian.tar.gz, and .dsc.

from tarsnap.

Also note that if you want to re-create that .debian.tar.gz from the original tarball, the https://github.com/Tarsnap/tarsnap/blob/master/pkg/DEBIAN.md instructions show how.

from tarsnap.

I am actually building a source package with debuild -S which then gets uploaded to our build server, gets built with pbuilder, and loaded into reprepro managed private debian repo. dpkg-buildpackage gets invoked by debuild -S You are not seeing this problem because of dpkg-buildpackage -b flag.

I'll look into Debian source repo you are now providing, thanks. This was news to me.`

The source packages in your deb-src repo are presumably quilt (separate diff and orig distributions). That being said, I think the the tar.gz you are distributing should specify 'native' format, because it combines the Debian and app source code together. I am not a Debian standard lawyer, but If you google for this error this is a problem seen in other software, e.g. https://code.google.com/archive/p/pymds/issues/1

from tarsnap.

My reading of the Debian policy is that we should not be providing "native" packages:

1. When to use a native vs a non-native package
   Default to making packages non-native. You should only use a native Debian package when it is clear that the package would not be useful outside the context of a Debian system, and would never be distributed except packaged for Debian or its derivatives.
   https://wiki.debian.org/DebianMentorsFaq#What_is_the_difference_between_a_native_Debian_package_and_a_non-native_package.3F

In our case, there is another an important reason: reproducibility. By keeping the original tarball the same (other than the unavoidable changing of its filename), users can verify it with checksums (such as sha256sum). That only leaves the much-smaller .debian.tar.gz file to verify manually. And even in that case, the changelog and copyright can be ignored, leaving only 30 lines of files that need to checked.

This focus on reproducibility might seem overly paranoid, but Tarsnap is online backups for the truly paranoid, after all. :)

from tarsnap.

OK, fair enough.

Now that I know you have an apt repo, looking forward to seeing official pre-built binaries there some day.

from tarsnap.