Next: , Previous: Adding New Signatures, Up: Top

6 Guidelines for GNU Source Packages

Here are itemized guidelines for GNU packages:

Here is an example PSF.

     #  -- Example 'swign' Input file for GNU packages.
     # Occurrences of %__tag and %__revision will be replaced
     # by values determined from the name of the current directory
     # that has the form:  tag-revision
       # dfiles dfiles            # dfiles is the default
       AUTHORS <./AUTHORS         # optional
       COPYING <./COPYING         # optional
       checkdigest <./var/  # or wherever it is on your system
       tag %__tag-%__revision   # Optional, this will set '--dir' option of
                                  # of swpackage.
        the_term_vendor_is_misleading True
        tag GNU
        title GNU's Not Unix
     description "The GNU Project was launched in 1984 to develop a complete UNIX-like
     operating system which is free software: free as in freedom, not price.
       title GNU %__tag
       vendor_tag GNU
       description Source package for %__tag  # More can be added
       tag %__tag                 # This is the package name
       revision %__revision       # This is the package version
       control_directory ""
          tag source
          control_directory ""
          file_permissions -o 0  -g 0
          directory .
          file *
          # exclude RCS   # Not supported yet by swign
          # exclude CVS   # Not supported yet by swign
          exclude catalog  # required

Here is how to use the PSF to create a package with an embedded GPG signature.

     cd somepackage-1.0
     swign -s  -u "Your GPG name" @- | gzip -9 >../somepackage-1.0.tar.gz
     # Then do a couple quick tests
     swverify -d @- <../somepackage-1.0.tar.gz
     # If a checkdigest script was included and the file system is Ext2
     # compatible then the following should work, try it
     swverify -d @.
     # For some newer file system you must use the --order-catalog option
     swverify --order-catalog -d @.

To make a nearly identical package using swpackage

     # First, the replacement macros must be processed by swign
     swign -s --show-psf |
     swpackage -s - --gpg-name="Your GPG name" \
     --dir-owner=0 --dir-group=0 --files --sign @- |
     gzip -9 >../somepackage-1.0.tar.gz

There are differences between swign and swpackage. swign uses swpackage but uses tar to write the final archive hence it is more fail safe against bugs. swign modifies the ./catalog/ making . immediately verifiable with swverify and is simpler to use.

That's it. You now have a tar archive with one or more embedded signatures, that is created using tar, is verifiable with existing tools, compatible with current practice, and conforms to the POSIX packaging standard.