=========================================================
==> gobby.debian.org / debconf16 / bof / pristine-tar <==
=========================================================

Announcement
------------

pristine-tar (1.35~0) experimental; urgency=medium

  * pristine-tar now stores a tarball hash in the delta file (Closes: #608406)
    - added a new command (`pristine-tar verify`) to verify whether existing
      tarballs match the one that was committed. this is also backwards
      compatible with previously-existing delta files; if the hash is missing,
      the existing tarball will be compared to one actually committed to
      version control by first extracting to a temporary directory.
    - `pristine-tar checkout` will now not overwrite exiting tarballs that
      match the stored hash.

 -- Antonio Terceiro <terceiro@debian.org>  Fri, 08 Jul 2016 14:06:52 +0200

# please help with testing :-)
apt install -t experimental pristine-tar
# might not be in the mirrors just yet

How pristine-tar works
----------------------

* pristine-tar commit foo-1.0_orig.tar.gz
  * delta-format.txt documents the delta format
  * xdelta
* pristine-tar checkout /path/foo-1.0_orig.tar.gz


Specific bugs you need/want fixed
---------------------------------

* #737499 pristine-tar: enable files >2GB by upgrading to xdelta3
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737499
  ACTION: tomasz to look at this
* Outstanding bugs -- Normal bugs; Patch Available (8 bugs)
  ACTION: terceiro to look at the existing patches
* any bug that says "failed to reproduce original tarball"
* tarballs from github tags seem to be an issue
  (not all of them, it seems) - need to look further
  maybe an issue with specific tarballs
  Github uses (https://wiki.debian.org/Creating%20signed%20GitHub%20releases):
  git archive --prefix="${tag}/" -o "../${tag}.tar.gz" "${tag}"
* bug triaging would be really useful

Notes
-----

  * the codebase seems to be quite ok to hack on
  * a lot of Debian pkgs rely on pristine-tar, need to keep it
    (although the tarballs are stored on snapshot anyway)
  * there is a repository of unreproducible tarballs (joeyh's repository)
  * related software:
    * origtargz

Ideas/Feature Requests/Rants
----------------------------

* if the pristine-tar branch does not exist, try using origin/pristine-tar
  * the same applies to gbp, allegedly
  * could be improved
  * ACTION: tomasz to look at this


Sign up here if you want to help maintaining pristine-tar
---------------------------------------------------------
Tomasz Buchert (no promises, though) tomasz@d.o

Any other business
------------------

* there are several variants of gzip (gnu, bsd, perl, java etc). it's useful
  to have them as test cases for a regression test suite
*