Package: devscripts
Version: 2.25.12
Severity: normal
Dear Maintainer,
It seems that Files-Included treats any 'pattern' is treated as
'*pattern*', pre- and appending wildcards.
Longer version: I need to generate a source package by extracting a
single module 'somename' from a much larger project. To this end, I
created a d/copyright with the following filtering patterns:
Files-Excluded: *
Files-Included: somename
Now, it just happens that this project is so large that 'somename'
appears everywhere, even as part of file names.
With Files-Included, I was expecting 'somename' to (1) be anchored at
the top level of the source, and to (2) only match the file/directory
with that exact name, as the pattern does not contain wildcards. In
other words, how the MRCP 1.0 ยง 6.9 specifies for the 'Files' stanza.
But what is actually happening is that (1) any path matches, even in
subdirectories, and (2) even if 'somename' is just part of a filename.
So as as if wildcards had been used, '*somename*'.
Steps to reproduce:
Assume a package of which we only want to keep the 'src' directory in
the top level, which we achieve by excluding everything, and then
including only 'src'.
# 1. Our "original source"
$ mkdir -p fooproj/{src,stuff,third-party/src}
$ touch fooproj/src/prog.{c,h} fooproj/stuff/my-{src,bar}.py
fooproj/third-party/src/exclude-me.c
$ tar -C fooproj -czf fooproj-1.0.tar.gz src stuff third-party
$ tar -tf fooproj-1.0.tar.gz
src/
src/prog.c
src/prog.h
stuff/
stuff/my-src.py
stuff/my-bar.py
third-party/
third-party/src/
third-party/src/exclude-me.c
# 2. Repack
$ cat > copyright << EOF
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Files-Excluded: *
Files-Included: src
EOF
$ mk-origtargz --package fooproj --version=1.0 --copyright-file=copyright
fooproj-1.0.tar.gz
$ tar -tf fooproj_1.0.orig.tar.xz src/
src/prog.c
src/prog.h
stuff/
stuff/my-src.py
third-party/
third-party/src/
third-party/src/exclude-me.c
As you can see, third-party/src and stuff/my-src.py were included, with
the latter being most surprising as it matched on a partial file name.
Best,
Christian
PS: This affects uscan as well, though I assume that it just calls
mk-origtargz functionality.
