1USCAN(1) USCAN(1)
2
6 uscan - scan/watch upstream sources for new releases of software
7
9 uscan [options] [path]
10
12 For basic usage, uscan is executed without any arguments from the root
13 of the Debianized source tree where you see the debian/ directory.
14 Then typically the following happens:
15 · uscan reads the first entry in debian/changelog to determine the
17 source package name <spkg> and the last upstream version.
18 · uscan process the watch lines debian/watch from the top to the
20 bottom in a single pass.
21 · uscan downloads a web page from the specified URL in
23 debian/watch.
24 · uscan extracts hrefs pointing to the upstream tarball(s) from
26 the web page using the specified matching-pattern in
27 debian/watch.
28 · uscan downloads the upstream tarball with the highest version
30 newer than the last upstream version.
31 · uscan saves the downloaded tarball to the parent ../ directory:
33 ../<upkg>-<uversion>.tar.gz
34 · uscan invokes mk-origtargz to create the source tarball:
36 ../<spkg>_<oversion>.orig.tar.gz
37 · For a multiple upstream tarball (MUT) package, the
39 secondary upstream tarball will instead be named
40 ../<spkg>_<oversion>.orig-<component>.tar.gz.
41 · Repeat until all lines in debian/watch are processed.
43 · uscan invokes uupdate to create the Debianized source tree:
45 ../<spkg>-<oversion>/*
46 Please note the following.
48 · For simplicity, the compression method used in examples is gzip
50 with .gz suffix. Other methods such as xz, bzip2, and lzma with
51 corresponding xz, bz2, and lzma suffixes may also be used.
52 · The new version=4 enables handling of multiple upstream tarball
54 (MUT) packages but this is a rare case for Debian packaging. For a
55 single upstream tarball package, there is only one watch line and
56 no ../<spkg>_<oversion>.orig-<component>.tar.gz .
57 · uscan with the --verbose option produces a human readable report of
59 uscan's execution.
60 · uscan with the --debug option produces a human readable report of
62 uscan's execution including internal variable states.
63 · uscan with the --dehs option produces an upstream package status
65 report in XML format for other programs such as the Debian External
66 Health System.
67 · The primary objective of uscan is to help identify if the latest
69 version upstream tarball is used or not; and to download the latest
70 upstream tarball. The ordering of versions is decided by dpkg
71 --compare-versions.
72 · uscan with the --safe option limits the functionality of uscan to
74 its primary objective. Both the repacking of downloaded files and
75 updating of the source tree are skipped to avoid running unsafe
76 scripts. This also changes the default to --no-download and
77 --skip-signature.
78
80 The current version 4 format of debian/watch can be summarized as
81 follows:
82 · Leading spaces and tabs are dropped.
84 · Empty lines are dropped.
86 · A line started by # (hash) is a comment line and dropped.
88 · A single \ (back slash) at the end of a line is dropped and the
90 next line is concatenated after removing leading spaces and tabs.
91 The concatenated line is parsed as a single line. (The existence or
92 non-existence of the space before the tailing single \ is
93 significant.)
94 · The first non-comment line is:
96 version=4
98 This is a required line and the recommended version number.
100 If you use "version=3" instead here, some features may not work as
102 documented here. See "HISTORY AND UPGRADING".
103 · The following non-comment lines (watch lines) specify the rules for
105 the selection of the candidate upstream tarball URLs and are in one
106 of the following three formats:
107 · opts=" ... " http://URL matching-pattern [version [script]]
109 · http://URL matching-pattern [version [script]]
111 · opts=" ... "
113 Here,
115 · opts=" ... " specifies the behavior of uscan. See "WATCH FILE
117 OPTIONS".
118 · http://URL specifies the web page where upstream publishes the
120 link to the latest source archive.
121 · https://URL may also be used, as may
123 · ftp://URL
125 · Some parts of URL may be in the regex match pattern
127 surrounded between ( and ) such as /foo/bar-([\.\d]+)/.
128 (If multiple directories match, the highest version is
129 picked.) Otherwise, the URL is taken as verbatim.
130 · matching-pattern specifies the full string matching pattern for
132 hrefs in the web page. See "WATCH FILE EXAMPLES".
133 · All matching parts in ( and ) are concatenated with .
135 (period) to form the upstream version.
136 · If the hrefs do not contain directories, you can combine
138 this with the previous entry. I.e., http://URL/matching-
139 pattern .
140 · version restricts the upstream tarball which may be downloaded.
142 The newest available version is chosen in each case.
143 · debian (default) requires the downloading upstream tarball
145 to be newer than the version obtained from
146 debian/changelog.
147 · version-number such as 12.5 requires the upstream tarball
149 to be newer than the version-number.
150 · same requires the downloaded version of the secondary
152 tarballs to be exactly the same as the one for the first
153 upstream tarball downloaded. (Useful only for MUT)
154 · previous restricts the version of the signature file. (Used
156 with pgpmode=previous)
157 · ignore does not restrict the version of the secondary
159 tarballs. (Maybe useful for MUT)
160 · group requires the downloading upstream tarball to be newer
162 than the version obtained from debian/changelog. Package
163 version is the concatenation of all "group" upstream
164 version.
165 · script is executed at the end of uscan execution with
167 appropriate arguments provided by uscan (default: no action).
168 · The typical Debian package is a non-native package made
170 from one upstream tarball. Only a single line of the watch
171 line in one of the first two formats is usually used with
172 its version set to debian and script set to uupdate.
173 · A native package should not specify script.
175 · A multiple upstream tarball (MUT) package should specify
177 uupdate as script in the last watch line and should skip
178 specifying script in the rest of the watch lines.
179 · The last format of the watch line is useful to set the
181 persistent parameters: user-agent, compression. If this format
182 is used, this must be followed by the URL defining watch
183 line(s).
184 · [ and ] in the above format are there to mark the optional
186 parts and should not be typed.
187 There are a few special strings which are substituted by uscan to make
189 it easy to write the watch file.
190 @PACKAGE@
192 This is substituted with the source package name found in the first
193 line of the debian/changelog file.
194 @ANY_VERSION@
196 This is substituted by the legal upstream version regex
197 (capturing).
198 [-_]?(\d[\-+\.:\~\da-zA-Z]*)
200 @ARCHIVE_EXT@
202 This is substituted by the typical archive file extension regex
203 (non-capturing).
204 (?i)\.(?:tar\.xz|tar\.bz2|tar\.gz|zip|tgz|tbz|txz)
206 @SIGNATURE_EXT@
208 This is substituted by the typical signature file extension regex
209 (non-capturing).
210 (?i)\.(?:tar\.xz|tar\.bz2|tar\.gz|zip|tgz|tbz|txz)\.(?:asc|pgp|gpg|sig|sign)
212 @DEB_EXT@
214 This is substituted by the typical Debian extension regexp
215 (capturing).
216 [\+~](debian|dfsg|ds|deb)(\.)?(\d+)?$
218 Some file extensions are not included in the above intentionally to
220 avoid false positives. You can still set such file extension patterns
221 manually.
222
224 uscan reads the watch options specified in opts=" ... " to customize
225 its behavior. Multiple options option1, option2, option3, ... can be
226 set as opts="option1, option2, option3, ... " . The double quotes
227 are necessary if options contain any spaces.
228 Unless otherwise noted as persistent, most options are valid only
230 within their containing watch line.
231 The available watch options are:
233 component=component
235 Set the name of the secondary source tarball as
236 <spkg>_<oversion>.orig-<component>.tar.gz for a MUT package.
237 compression=method
239 Set the compression method when the tarball is repacked
240 (persistent).
241 Available method values are what mk-origtargz supports, so xz, gzip
243 (alias gz), bzip2 (alias bz2), lzma, default. The default method is
244 currently xz. When uscan is launched in a debian source repository
245 which format is "1.0" or undefined, the method switches to gzip.
246 Please note the repacking of the upstream tarballs by mk-origtargz
248 happens only if one of the following conditions is satisfied:
249 · USCAN_REPACK is set in the devscript configuration. See
251 "DEVSCRIPT CONFIGURATION VARIABLES".
252 · --repack is set on the commandline. See <COMMANDLINE OPTIONS>.
254 · repack is set in the watch line as opts="repack,...".
256 · The upstream archive is of zip type including jar, xpi, ...
258 · Files-Excluded or Files-Excluded-component stanzas are set in
260 debian/copyright to make mk-origtargz invoked from uscan remove
261 files from the upstream tarball and repack it. See "COPYRIGHT
262 FILE EXAMPLES" and mk-origtargz(1).
263 repack
265 Force repacking of the upstream tarball using the compression
266 method.
267 repacksuffix=suffix
269 Add suffix to the Debian package upstream version only when the
270 source tarball is repackaged. This rule should be used only for a
271 single upstream tarball package.
272 mode=mode
274 Set the archive download mode.
275 LWP This mode is the default one which downloads the specified
277 tarball from the archive URL on the web. Automatically
278 internal mode value is updated to either http or ftp by URL.
279 git This mode accesses the upstream git archive directly with the
281 git command and packs the source tree with the specified tag
282 via matching-pattern into spkg-version.tar.xz.
283 If the upstream publishes the released tarball via its web
285 interface, please use it instead of using this mode. This mode
286 is the last resort method.
287 For git mode, matching-pattern specifies the full string
289 matching pattern for tags instead of hrefs. If matching-pattern
290 is set to refs/tags/tag-matching-pattern, uscan downloads
291 source from the refs/tags/matched-tag of the git repository.
292 The upstream version is extracted from concatenating the
293 matched parts in ( ... ) with . . See "WATCH FILE EXAMPLES".
294 If matching-pattern is set to HEAD, uscan downloads source from
296 the HEAD of the git repository and the pertinent version is
297 automatically generated with the date and hash of the HEAD of
298 the git repository.
299 If matching-pattern is set to heads/branch, uscan downloads
301 source from the named branch of the git repository.
302 The local repository is temporarily created as a bare git
304 repository directory under the destination directory where the
305 downloaded archive is generated. This is normally erased after
306 the uscan execution. This local repository is kept if --debug
307 option is used.
308 If the current directory is a git repository and the searched
310 repository is listed among the registered "remotes", then uscan
311 will use it instead of cloning separately. The only local
312 change is that uscan will run a "fetch" command to refresh the
313 repository.
314 svn This mode accesses the upstream Subversion archive directly
316 with the svn command and packs the source tree.
317 For svn mode, matching-pattern specifies the full string
319 matching pattern for directories under Subversion repository
320 directory, specified via URL. The upstream version is
321 extracted from concatenating the matched parts in ( ... ) with
322 . .
323 If matching-pattern is set to HEAD, uscan downloads the latest
325 source tree of the URL. The upstream version is then
326 constructed by appending the last revision of the URL to
327 0.0~svn.
328 As commit signing is not possible with Subversion, the default
330 pgpmode is set to none when mode=svn. Settings of pgpmode other
331 than default and none are reported as errors.
332 pretty=rule
334 Set the upstream version string to an arbitrary format as an
335 optional opts argument when the matching-pattern is HEAD or
336 heads/branch for git mode. For the exact syntax, see the git-log
337 manpage under tformat. The default is pretty=0.0~git%cd.%h. No
338 uversionmangle rules is applicable for this case.
339 When pretty=describe is used, the upstream version string is the
341 output of the "git describe --tags | sed s/-/./g" command instead.
342 For example, if the commit is the 5-th after the last tag v2.17.12
343 and its short hash is ged992511, then the string is
344 v2.17.12.5.ged992511 . For this case, it is good idea to add
345 uversionmangle=s/^/0.0~/ or uversionmangle=s/^v// to make the
346 upstream version string compatible with Debian.
347 uversionmangle=s/^v// may work as well. Please note that in order
348 for pretty=describe to function well, upstream need to avoid
349 tagging with random alphabetic tags.
350 The pretty=describe forces to set gitmode=full to make a full local
352 clone of the repository automatically.
353 date=rule
355 Set the date string used by the pretty option to an arbitrary
356 format as an optional opts argument when the matching-pattern is
357 HEAD or heads/branch for git mode. For the exact syntax, see the
358 strftime manpage. The default is date=%Y%m%d.
359 gitmode=mode
361 Set the git clone operation mode. The default is gitmode=shallow.
362 For some dumb git server, you may need to manually set gitmode=full
363 to force full clone operation.
364 If the current directory is a git repository and the searched
366 repository is listed among the registered "remotes", then uscan
367 will use it instead of cloning separately.
368 pgpmode=mode
370 Set the PGP/GPG signature verification mode.
371 auto
373 uscan checks possible URLs for the signature file and
374 autogenerates a pgpsigurlmangle rule to use it.
375 default
377 Use pgpsigurlmangle=rules to generate the candidate upstream
378 signature file URL string from the upstream tarball URL.
379 (default)
380 If the specified pgpsigurlmangle is missing, uscan checks
382 possible URLs for the signature file and suggests adding a
383 pgpsigurlmangle rule.
384 mangle
386 Use pgpsigurlmangle=rules to generate the candidate upstream
387 signature file URL string from the upstream tarball URL.
388 next
390 Verify this downloaded tarball file with the signature file
391 specified in the next watch line. The next watch line must be
392 pgpmode=previous. Otherwise, no verification occurs.
393 previous
395 Verify the downloaded tarball file specified in the previous
396 watch line with this signature file. The previous watch line
397 must be pgpmode=next.
398 self
400 Verify the downloaded file foo.ext with its self signature and
401 extract its content tarball file as foo.
402 gittag
404 Verify tag signature if mode=git.
405 none
407 No signature available. (No warning.)
408 searchmode=mode
410 Set the parsing search mode.
411 html (default): search pattern in "href" parameter of <a> HTML tags
413 plain: search pattern in the full page
414 This is useful is page content is not HTML but in JSON. Example
415 with npmjs.com:
416 version=4
418 opts="searchmode=plain" \
419 https://registry.npmjs.org/aes-js \
420 https://registry.npmjs.org/aes-js/-/aes-js-(\d[\d\.]*)@ARCHIVE_EXT@
421 decompress
423 Decompress compressed archive before the pgp/gpg signature
424 verification.
425 bare
427 Disable all site specific special case code such as URL redirector
428 uses and page content alterations. (persistent)
429 user-agent=user-agent-string
431 Set the user-agent string used to contact the HTTP(S) server as
432 user-agent-string. (persistent)
433 user-agent option should be specified by itself in the watch line
435 without URL, to allow using semicolons and commas in it.
436 pasv, passive
438 Use PASV mode for the FTP connection.
439 If PASV mode is required due to the client side network
441 environment, set uscan to use PASV mode via "COMMANDLINE OPTIONS"
442 or "DEVSCRIPT CONFIGURATION VARIABLES" instead.
443 active, nopasv
445 Don't use PASV mode for the FTP connection.
446 unzipopt=options
448 Add the extra options to use with the unzip command, such as -a,
449 -aa, and -b, when executed by mk-origtargz.
450 dversionmangle=rules
452 Normalize the last upstream version string found in
453 debian/changelog to compare it to the available upstream tarball
454 version. Removal of the Debian specific suffix such as
455 s/@DEB_EXT@// is usually done here.
456 You can also use dversionmangle=auto, this is exactly the same than
458 dversionmangle=s/@DEB_EXT@//
459 dirversionmangle=rules
461 Normalize the directory path string matching the regex in a set of
462 parentheses of http://URL as the sortable version index string.
463 This is used as the directory path sorting index only.
464 Substitution such as s/PRE/~pre/; s/RC/~rc/ may help.
466 pagemangle=rules
468 Normalize the downloaded web page string. (Don't use this unless
469 this is absolutely needed. Generally, g flag is required for these
470 rules.)
471 This is handy if you wish to access Amazon AWS or Subversion
473 repositories in which <a href="..."> is not used.
474 uversionmangle=rules
476 Normalize the candidate upstream version strings extracted from
477 hrefs in the source of the web page. This is used as the version
478 sorting index when selecting the latest upstream version.
479 Substitution such as s/PRE/~pre/; s/RC/~rc/ may help.
481 versionmangle=rules
483 Syntactic shorthand for uversionmangle=rules, dversionmangle=rules
484 hrefdecode=percent-encoding
486 Convert the selected upstream tarball href string from the percent-
487 encoded hexadecimal string to the decoded normal URL string for
488 obfuscated web sites. Only percent-encoding is available and it is
489 decoded with s/%([A-Fa-f\d]{2})/chr hex $1/eg.
490 downloadurlmangle=rules
492 Convert the selected upstream tarball href string into the
493 accessible URL for obfuscated web sites. This is run after
494 hrefdecode.
495 filenamemangle=rules
497 Generate the upstream tarball filename from the selected href
498 string if matching-pattern can extract the latest upstream version
499 <uversion> from the selected href string. Otherwise, generate the
500 upstream tarball filename from its full URL string and set the
501 missing <uversion> from the generated upstream tarball filename.
502 Without this option, the default upstream tarball filename is
504 generated by taking the last component of the URL and removing
505 everything after any '?' or '#'.
506 pgpsigurlmangle=rules
508 Generate the candidate upstream signature file URL string from the
509 upstream tarball URL.
510 oversionmangle=rules
512 Generate the version string <oversion> of the source tarball
513 <spkg>_<oversion>.orig.tar.gz from <uversion>. This should be used
514 to add a suffix such as +dfsg1 to a MUT package.
515 Here, the mangling rules apply the rules to the pertinent string.
517 Multiple rules can be specified in a mangling rule string by making a
518 concatenated string of each mangling rule separated by ; (semicolon).
519 Each mangling rule cannot contain ; (semicolon), , (comma), or "
521 (double quote).
522 Each mangling rule behaves as if a Perl command "$string =~ rule" is
524 executed. There are some notable details.
525 · rule may only use the s, tr, and y operations.
527 s/regex/replacement/options
529 Regex pattern match and replace the target string. Only the g,
530 i and x flags are available. Use the $1 syntax for back
531 references (No \1 syntax). Code execution is not allowed (i.e.
532 no (?{}) or (??{}) constructs).
533 y/source/dest/ or tr/source/dest/
535 Transliterate the characters in the target string.
536
538 uscan reads the first entry in debian/changelog to determine the source
539 package name and the last upstream version.
540 For example, if the first entry of debian/changelog is:
542 · bar (3:2.03+dfsg1-4) unstable; urgency=low
544 then, the source package name is bar and the last Debian package
546 version is 3:2.03+dfsg1-4.
547 The last upstream version is normalized to 2.03+dfsg1 by removing the
549 epoch and the Debian revision.
550 If the dversionmangle rule exists, the last upstream version is further
552 normalized by applying this rule to it. For example, if the last
553 upstream version is 2.03+dfsg1 indicating the source tarball is
554 repackaged, the suffix +dfsg1 is removed by the string substitution
555 s/\+dfsg\d*$// to make the (dversionmangled) last upstream version 2.03
556 and it is compared to the candidate upstream tarball versions such as
557 2.03, 2.04, ... found in the remote site. Thus, set this rule as:
558 · opts="dversionmangle=s/\+dfsg\d*$//"
560 uscan downloads a web page from http://URL specified in debian/watch.
562 · If the directory name part of URL has no parentheses, ( and ), it
564 is taken as verbatim.
565 · If the directory name part of URL has parentheses, ( and ), then
567 uscan recursively searches all possible directories to find a page
568 for the newest version. If the dirversionmangle rule exists, the
569 generated sorting index is used to find the newest version. If a
570 specific version is specified for the download, the matching
571 version string has priority over the newest version.
572 For example, this http://URL may be specified as:
574 · http://www.example.org/([\d\.]+)/
576 Please note the trailing / in the above to make ([\d\.]+) as the
578 directory.
579 If the pagemangle rule exists, the whole downloaded web page as a
581 string is normalized by applying this rule to it. This is very
582 powerful tool and needs to be used with caution. If other mangling
583 rules can be used to address your objective, do not use this rule.
584 The downloaded web page is scanned for hrefs defined in the <a href="
586 ... "> tag to locate the candidate upstream tarball hrefs. These
587 candidate upstream tarball hrefs are matched by the Perl regex pattern
588 matching-pattern such as DL-(?:[\d\.]+?)/foo-(.+)\.tar\.gz to narrow
589 down the candidates. This pattern match needs to be anchored at the
590 beginning and the end. For example, candidate hrefs may be:
591 · DL-2.02/foo-2.02.tar.gz
593 · DL-2.03/foo-2.03.tar.gz
595 · DL-2.04/foo-2.04.tar.gz
597 Here the matching string of (.+) in matching-pattern is considered as
599 the candidate upstream version. If there are multiple matching strings
600 of capturing patterns in matching-pattern, they are all concatenated
601 with . (period) to form the candidate upstream version. Make sure to
602 use the non-capturing regex such as (?:[\d\.]+?) instead for the
603 variable text matching part unrelated to the version.
604 Then, the candidate upstream versions are:
606 · 2.02
608 · 2.03
610 · 2.04
612 The downloaded tarball filename is basically set to the same as the
614 filename in the remote URL of the selected href.
615 If the uversionmangle rule exists, the candidate upstream versions are
617 normalized by applying this rule to them. (This rule may be useful if
618 the upstream version scheme doesn't sort correctly to identify the
619 newest version.)
620 The upstream tarball href corresponding to the newest (uversionmangled)
622 candidate upstream version newer than the (dversionmangled) last
623 upstream version is selected.
624 If multiple upstream tarball hrefs corresponding to a single version
626 with different extensions exist, the highest compression one is chosen.
627 (Priority: tar.xz > tar.lzma > tar.bz2 > tar.gz.)
628 If the selected upstream tarball href is the relative URL, it is
630 converted to the absolute URL using the base URL of the web page. If
631 the <base href=" ... "> tag exists in the web page, the selected
632 upstream tarball href is converted to the absolute URL using the
633 specified base URL in the base tag, instead.
634 If the downloadurlmangle rule exists, the selected upstream tarball
636 href is normalized by applying this rule to it. (This is useful for
637 some sites with the obfuscated download URL.)
638 If the filenamemangle rule exists, the downloaded tarball filename is
640 generated by applying this rule to the selected href if matching-
641 pattern can extract the latest upstream version <uversion> from the
642 selected href string. Otherwise, generate the upstream tarball filename
643 from its full URL string and set the missing <uversion> from the
644 generated upstream tarball filename.
645 Without the filenamemangle rule, the default upstream tarball filename
647 is generated by taking the last component of the URL and removing
648 everything after any '?' or '#'.
649 uscan downloads the selected upstream tarball to the parent ../
651 directory. For example, the downloaded file may be:
652 · ../foo-2.04.tar.gz
654 Let's call this downloaded version 2.04 in the above example
656 generically as <uversion> in the following.
657 If the pgpsigurlmangle rule exists, the upstream signature file URL is
659 generated by applying this rule to the (downloadurlmangled) selected
660 upstream tarball href and the signature file is tried to be downloaded
661 from it.
662 If the pgpsigurlmangle rule doesn't exist, uscan warns user if the
664 matching upstream signature file is available from the same URL with
665 their filename being suffixed by the 5 common suffix asc, gpg, pgp, sig
666 and sign. (You can avoid this warning by setting pgpmode=none.)
667 If the signature file is downloaded, the downloaded upstream tarball is
669 checked for its authenticity against the downloaded signature file
670 using the armored keyring debian/upstream/signing-key.asc (see
671 "KEYRING FILE EXAMPLES"). If its signature is not valid, or not made
672 by one of the listed keys, uscan will report an error.
673 If the oversionmangle rule exists, the source tarball version oversion
675 is generated from the downloaded upstream version uversion by applying
676 this rule. This rule is useful to add suffix such as +dfsg1 to the
677 version of all the source packages of the MUT package for which the
678 repacksuffix mechanism doesn't work.
679 uscan invokes mk-origtargz to create the source tarball properly named
681 for the source package with .orig. (or .orig-<component>. for the
682 secondary tarballs) in its filename.
683 case A: packaging of the upstream tarball as is
685 mk-origtargz creates a symlink ../bar_<oversion>.orig.tar.gz linked
686 to the downloaded local upstream tarball. Here, bar is the source
687 package name found in debian/changelog. The generated symlink may
688 be:
689 · ../bar_2.04.orig.tar.gz -> foo-2.04.tar.gz (as is)
691 Usually, there is no need to set up opts="dversionmangle= ... " for
693 this case.
694 case B: packaging of the upstream tarball after removing non-DFSG files
696 mk-origtargz checks the filename glob of the Files-Excluded stanza
697 in the first section of debian/copyright, removes matching files to
698 create a repacked upstream tarball. Normally, the repacked
699 upstream tarball is renamed with suffix to
700 ../bar_<oversion><suffix>.orig.tar.gz using the repacksuffix option
701 for the single upstream package. Here <oversion> is updated to
702 be <oversion><suffix>.
703 The removal of files is required if files are not DFSG-compliant.
705 For such case, +dfsg1 is used as suffix.
706 So the combined options are set as
708 opts="dversionmangle=s/\+dfsg\d*$// ,repacksuffix=+dfsg1", instead.
709 For example, the repacked upstream tarball may be:
711 · ../bar_2.04+dfsg1.orig.tar.gz (repackaged)
713 uscan normally invokes "uupdate --find --upstream-version oversion "
715 for the version=4 watch file.
716 Please note that --find option is used here since mk-origtargz has been
718 invoked to make *.orig.tar.gz file already. uscan picks bar from
719 debian/changelog.
720 It creates the new upstream source tree under the ../bar-<oversion>
722 directory and Debianize it leveraging the last package contents.
723
725 When writing the watch file, you should rely on the latest upstream
726 source announcement web page. You should not try to second guess the
727 upstream archive structure if possible. Here are the typical
728 debian/watch files.
729 Please note that executing uscan with -v or -vv reveals what exactly
731 happens internally.
732 The existence and non-existence of a space the before tailing \ (back
734 slash) are significant.
735 Some undocumented shorter configuration strings are used in the below
737 EXAMPLES to help you with typing. These are intentional ones. uscan
738 is written to accept such common sense abbreviations but don't push the
739 limit.
740 HTTP site (basic)
742 Here is an example for the basic single upstream tarball.
743 version=4
745 http://example.com/~user/release/foo.html \
746 files/foo-([\d\.]+)\.tar\.gz debian uupdate
747 Or using the special strings:
749 version=4
751 http://example.com/~user/release/@PACKAGE@.html \
752 files/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
753 For the upstream source package foo-2.0.tar.gz, this watch file
755 downloads and creates the Debian orig.tar file foo_2.0.orig.tar.gz.
756 HTTP site (pgpsigurlmangle)
758 Here is an example for the basic single upstream tarball with the
759 matching signature file in the same file path.
760 version=4
762 opts="pgpsigurlmangle=s%$%.asc%" http://example.com/release/@PACKAGE@.html \
763 files/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
764 For the upstream source package foo-2.0.tar.gz and the upstream
766 signature file foo-2.0.tar.gz.asc, this watch file downloads these
767 files, verifies the authenticity using the keyring
768 debian/upstream/signing-key.asc and creates the Debian orig.tar file
769 foo_2.0.orig.tar.gz.
770 Here is another example for the basic single upstream tarball with the
772 matching signature file on decompressed tarball in the same file path.
773 version=4
775 opts="pgpsigurlmangle=s%@ARCHIVE_EXT@$%.asc%,decompress" \
776 http://example.com/release/@PACKAGE@.html \
777 files/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
778 For the upstream source package foo-2.0.tar.gz and the upstream
780 signature file foo-2.0.tar.asc, this watch file downloads these files,
781 verifies the authenticity using the keyring
782 debian/upstream/signing-key.asc and creates the Debian orig.tar file
783 foo_2.0.orig.tar.gz.
784 HTTP site (pgpmode=next/previous)
786 Here is an example for the basic single upstream tarball with the
787 matching signature file in the unrelated file path.
788 version=4
790 opts="pgpmode=next" http://example.com/release/@PACKAGE@.html \
791 files/(?:\d+)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian
792 opts="pgpmode=previous" http://example.com/release/@PACKAGE@.html \
793 files/(?:\d+)/@PACKAGE@@ANY_VERSION@@SIGNATURE_EXT@ previous uupdate
794 (?:\d+) part can be any random value. The tarball file can have 53,
796 while the signature file can have 33.
797 ([\d\.]+) part for the signature file has a strict requirement to match
799 that for the upstream tarball specified in the previous line by having
800 previous as version in the watch line.
801 HTTP site (flexible)
803 Here is an example for the maximum flexibility of upstream tarball and
804 signature file extensions.
805 version=4
807 opts="pgpmode=next" http://example.com/DL/ \
808 files/(?:\d+)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian
809 opts="pgpmode=previous" http://example.com/DL/ \
810 files/(?:\d+)/@PACKAGE@@ANY_VERSION@@SIGNATURE_EXT@ \
811 previous uupdate
812 HTTP site (basic MUT)
814 Here is an example for the basic multiple upstream tarballs.
815 version=4
817 opts="pgpsigurlmangle=s%$%.sig%" \
818 http://example.com/release/foo.html \
819 files/foo-([\d\.]+)\.tar\.gz debian
820 opts="pgpsigurlmangle=s%$%.sig%, component=bar" \
821 http://example.com/release/foo.html \
822 files/foobar-([\d\.]+)\.tar\.gz same
823 opts="pgpsigurlmangle=s%$%.sig%, component=baz" \
824 http://example.com/release/foo.html \
825 files/foobaz-([\d\.]+)\.tar\.gz same uupdate
826 For the main upstream source package foo-2.0.tar.gz and the secondary
828 upstream source packages foobar-2.0.tar.gz and foobaz-2.0.tar.gz which
829 install under bar/ and baz/, this watch file downloads and creates the
830 Debian orig.tar file foo_2.0.orig.tar.gz, foo_2.0.orig-bar.tar.gz and
831 foo_2.0.orig-baz.tar.gz. Also, these upstream tarballs are verified by
832 their signature files.
833 HTTP site (recursive directory scanning)
835 Here is an example with the recursive directory scanning for the
836 upstream tarball and its signature files released in a directory named
837 after their version.
838 version=4
840 opts="pgpsigurlmangle=s%$%.sig%, dirversionmangle=s/-PRE/~pre/;s/-RC/~rc/" \
841 http://tmrc.mit.edu/mirror/twisted/Twisted/([\d+\.]+)/ \
842 Twisted-([\d\.]+)\.tar\.xz debian uupdate
843 Here, the web site should be accessible at the following URL:
845 http://tmrc.mit.edu/mirror/twisted/Twisted/
847 Here, dirversionmangle option is used to normalize the sorting order of
849 the directory names.
850 HTTP site (alternative shorthand)
852 For the bare HTTP site where you can directly see archive filenames,
853 the normal watch file:
854 version=4
856 opts="pgpsigurlmangle=s%$%.sig%" \
857 http://www.cpan.org/modules/by-module/Text/ \
858 Text-CSV_XS-(.+)\.tar\.gz \
859 debian uupdate
860 can be rewritten in an alternative shorthand form only with a single
862 string covering URL and filename:
863 version=4
865 opts="pgpsigurlmangle=s%$%.sig%" \
866 http://www.cpan.org/modules/by-module/Text/Text-CSV_XS-(.+)\.tar\.gz \
867 debian uupdate
868 In version=4, initial white spaces are dropped. Thus, this alternative
870 shorthand form can also be written as:
871 version=4
873 opts="pgpsigurlmangle=s%$%.sig%" \
874 http://www.cpan.org/modules/by-module/Text/\
875 Text-CSV_XS-(.+)\.tar\.gz \
876 debian uupdate
877 Please note the subtle difference of a space before the tailing \
879 between the first and the last examples.
880 HTTP site (funny version)
882 For a site which has funny version numbers, the parenthesized groups
883 will be joined with . (period) to make a sanitized version number.
884 version=4
886 http://www.site.com/pub/foobar/foobar_v(\d+)_(\d+)\.tar\.gz \
887 debian uupdate
888 HTTP site (DFSG)
890 The upstream part of the Debian version number can be mangled to
891 indicate the source package was repackaged to clean up non-DFSG files:
892 version=4
894 opts="dversionmangle=s/\+dfsg\d*$//,repacksuffix=+dfsg1" \
895 http://some.site.org/some/path/foobar-(.+)\.tar\.gz debian uupdate
896 See "COPYRIGHT FILE EXAMPLES".
898 HTTP site (filenamemangle)
900 The upstream tarball filename is found by taking the last component of
901 the URL and removing everything after any '?' or '#'.
902 If this does not fit to you, use filenamemangle. For example, <A
904 href="http://foo.bar.org/dl/?path=&dl=foo-0.1.1.tar.gz"> could be
905 handled as:
906 version=4
908 opts=filenamemangle=s/.*=(.*)/$1/ \
909 http://foo.bar.org/dl/\?path=&dl=foo-(.+)\.tar\.gz \
910 debian uupdate
911 <A href="http://foo.bar.org/dl/?path=&dl_version=0.1.1"> could be
913 handled as:
914 version=4
916 opts=filenamemangle=s/.*=(.*)/foo-$1\.tar\.gz/ \
917 http://foo.bar.org/dl/\?path=&dl_version=(.+) \
918 debian uupdate
919 If the href string has no version using <I>matching-pattern>, the
921 version can be obtained from the full URL using filenamemangle.
922 version=4
924 opts=filenamemangle=s&.*/dl/(.*)/foo\.tar\.gz&foo-$1\.tar\.gz& \
925 http://foo.bar.org/dl/([\.\d]+)/ foo.tar.gz \
926 debian uupdate
927 HTTP site (downloadurlmangle)
929 The option downloadurlmangle can be used to mangle the URL of the file
930 to download. This can only be used with http:// URLs. This may be
931 necessary if the link given on the web page needs to be transformed in
932 some way into one which will work automatically, for example:
933 version=4
935 opts=downloadurlmangle=s/prdownload/download/ \
936 http://developer.berlios.de/project/showfiles.php?group_id=2051 \
937 http://prdownload.berlios.de/softdevice/vdr-softdevice-(.+).tgz \
938 debian uupdate
939 HTTP site (oversionmangle, MUT)
941 The option oversionmangle can be used to mangle the version of the
942 source tarball (.orig.tar.gz and .orig-bar.tar.gz). For example,
943 +dfsg1 can be added to the upstream version as:
944 version=4
946 opts=oversionmangle=s/(.*)/$1+dfsg1/ \
947 http://example.com/~user/release/foo.html \
948 files/foo-([\d\.]*).tar.gz debian
949 opts="component=bar" \
950 http://example.com/~user/release/foo.html \
951 files/bar-([\d\.]*).tar.gz same uupdate
952 See "COPYRIGHT FILE EXAMPLES".
954 HTTP site (pagemangle)
956 The option pagemangle can be used to mangle the downloaded web page
957 before applying other rules. The non-standard web page without proper
958 <a href=" << ... >> "> entries can be converted. For example, if
959 foo.html uses <a bogus=" ... ">, this can be converted to the standard
960 page format with:
961 version=4
963 opts=pagemangle="s/<a\s+bogus=/<a href=/g" \
964 http://example.com/release/foo.html \
965 files/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
966 Please note the use of g here to replace all occurrences.
968 If foo.html uses <Key> ... </Key>, this can be converted to the
970 standard page format with:
971 version=4
973 opts="pagemangle=s%<Key>([^<]*)</Key>%<Key><a href="$1">$1</a></Key>%g" \
974 http://example.com/release/foo.html \
975 (?:.*)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
976 FTP site (basic):
978 version=4
979 ftp://ftp.tex.ac.uk/tex-archive/web/c_cpp/cweb/cweb-(.+)\.tar\.gz \
980 debian uupdate
981 FTP site (regex special characters):
983 version=4
984 ftp://ftp.worldforge.org/pub/worldforge/libs/\
985 Atlas-C++/transitional/Atlas-C\+\+-(.+)\.tar\.gz debian uupdate
986 Please note that this URL is connected to be ... libs/Atlas-C++/ ...
988 . For ++, the first one in the directory path is verbatim while the one
989 in the filename is escaped by \.
990 FTP site (funny version)
992 This is another way of handling site with funny version numbers, this
993 time using mangling. (Note that multiple groups will be concatenated
994 before mangling is performed, and that mangling will only be performed
995 on the basename version number, not any path version numbers.)
996 version=4
998 opts="uversionmangle=s/^/0.0./" \
999 ftp://ftp.ibiblio.org/pub/Linux/ALPHA/wine/\
1000 development/Wine-(.+)\.tar\.gz debian uupdate
1001 sf.net
1003 For SourceForge based projects, qa.debian.org runs a redirector which
1004 allows a simpler form of URL. The format below will automatically be
1005 rewritten to use the redirector with the watch file:
1006 version=4
1008 https://sf.net/<project>/ <tar-name>-(.+)\.tar\.gz debian uupdate
1009 For audacity, set the watch file as:
1011 version=4
1013 https://sf.net/audacity/ audacity-minsrc-(.+)\.tar\.gz debian uupdate
1014 Please note, you can still use normal functionalities of uscan to set
1016 up a watch file for this site without using the redirector.
1017 version=4
1019 opts="uversionmangle=s/-pre/~pre/, \
1020 filenamemangle=s%(?:.*)audacity-minsrc-(.+)\.tar\.xz/download%\
1021 audacity-$1.tar.xz%" \
1022 http://sourceforge.net/projects/audacity/files/audacity/(\d[\d\.]+)/ \
1023 (?:.*)audacity-minsrc-([\d\.]+)\.tar\.xz/download debian uupdate
1024 Here, % is used as the separator instead of the standard /.
1026 github.com
1028 For GitHub based projects, you can use the tags or releases page. The
1029 archive URL uses only the version as the filename. You can rename the
1030 downloaded upstream tarball from into the standard
1031 <project>-<version>.tar.gz using filenamemangle:
1032 version=4
1034 opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
1035 https://github.com/<user>/<project>/tags \
1036 (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
1037 PyPI
1039 For PyPI based projects, pypi.debian.net runs a redirector which allows
1040 a simpler form of URL. The format below will automatically be rewritten
1041 to use the redirector with the watch file:
1042 version=4
1044 https://pypi.python.org/packages/source/<initial>/<project>/ \
1045 <tar-name>-(.+)\.tar\.gz debian uupdate
1046 For cfn-sphere, set the watch file as:
1048 version=4
1050 https://pypi.python.org/packages/source/c/cfn-sphere/ \
1051 cfn-sphere-([\d\.]+).tar.gz debian uupdate
1052 Please note, you can still use normal functionalities of uscan to set
1054 up a watch file for this site without using the redirector.
1055 version=4
1057 opts="pgpmode=none" \
1058 https://pypi.python.org/pypi/cfn-sphere/ \
1059 https://pypi.python.org/packages/.*/.*/.*/\
1060 cfn-sphere-([\d\.]+).tar.gz#.* debian uupdate
1061 code.google.com
1063 Sites which used to be hosted on the Google Code service should have
1064 migrated to elsewhere (github?). Please look for the newer upstream
1065 site if available.
1066 npmjs.org (node modules)
1068 npmjs.org modules are published in JSON files. Here is a way to read
1069 them:
1070 version=4
1072 opts="searchmode=plain" \
1073 https://registry.npmjs.org/aes-js \
1074 https://registry.npmjs.org/aes-js/-/aes-js-(\d[\d\.]*)@ARCHIVE_EXT@
1075 grouped package
1077 Some node modules are split into multiple little upstream package. Here
1078 is a way to group them:
1079 version=4
1081 opts="searchmode=plain,pgpmode=none" \
1082 https://registry.npmjs.org/mongodb \
1083 https://registry.npmjs.org/mongodb/-/mongodb-(\d[\d\.]*)@ARCHIVE_EXT@ group
1084 opts="searchmode=plain,pgpmode=none,component=bson" \
1085 https://registry.npmjs.org/bson \
1086 https://registry.npmjs.org/bson/-/bson-(\d[\d\.]*)@ARCHIVE_EXT@ group
1087 opts="searchmode=plain,pgpmode=none,component=mongodb-core" \
1088 https://registry.npmjs.org/mongodb-core \
1089 https://registry.npmjs.org/mongodb-core/-/mongodb-core-(\d[\d\.]*)@ARCHIVE_EXT@ group
1090 opts="searchmode=plain,pgpmode=none,component=requireoptional" \
1091 https://registry.npmjs.org/require_optional \
1092 https://registry.npmjs.org/require_optional/-/require_optional-(\d[\d\.]*)@ARCHIVE_EXT@ group
1093 Package version is then the concatenation of upstream versions
1095 separated by "+~".
1096 direct access to the git repository (tags)
1098 If the upstream only publishes its code via the git repository and its
1099 code has no web interface to obtain the release tarball, you can use
1100 uscan with the tags of the git repository to track and package the new
1101 upstream release.
1102 version=4
1104 opts="mode=git, gitmode=full, pgpmode=none" \
1105 http://git.ao2.it/tweeper.git \
1106 refs/tags/v([\d\.]+) debian uupdate
1107 Please note "git ls-remote" is used to obtain references for tags.
1109 If a tag v20.5 is the newest tag, the above example downloads
1111 spkg-20.5.tar.xz after making a full clone of the git repository which
1112 is needed for dumb git server.
1113 If tags are signed, set pgpmode=gittag to verify them.
1115 direct access to the git repository (HEAD)
1117 If the upstream only publishes its code via the git repository and its
1118 code has no web interface nor the tags to obtain the released tarball,
1119 you can use uscan with the HEAD of the git repository to track and
1120 package the new upstream release with an automatically generated
1121 version string.
1122 version=4
1124 opts="mode=git, pgpmode=none" \
1125 https://github.com/Debian/dh-make-golang \
1126 HEAD debian uupdate
1127 Please note that a local shallow copy of the git repository is made
1129 with "git clone --bare --depth=1 ..." normally in the target directory.
1130 uscan generates the new upstream version with "git log
1131 --date=format:%Y%m%d --pretty=0.0~git%cd.%h" on this local copy of
1132 repository as its default behavior.
1133 The generation of the upstream version string may the adjusted to your
1135 taste by adding pretty and date options to the opts arguments.
1136 direct access to the Subversion repository (tags)
1138 If the upstream only publishes its code via the Subversion repository
1139 and its code has no web interface to obtain the release tarball, you
1140 can use uscan with the tags of the Subversion repository to track and
1141 package the new upstream release.
1142 version=4
1144 opts="mode=svn, pgpmode=none" \
1145 svn://svn.code.sf.net/p/jmol/code/tags/ \
1146 ([\d.]+)\/ debian uupdate
1147 direct access to the Subversion repository (HEAD)
1149 If the upstream only publishes its code via the Subversion repository
1150 and its code has no web interface to obtain the release tarball, you
1151 can use uscan to get the most recent source of a subtree in the
1152 repository with an automatically generated version string.
1153 version=4
1155 opts="mode=svn, pgpmode=none" \
1156 svn://svn.code.sf.net/p/jmol/code/trunk/ \
1157 HEAD debian uupdate
1158 By default, uscan generates the new upstream version by appending the
1160 revision number to "0.0~svn". This can later be changed using
1161 uversionmangle.
1162
1164 Here is an example for the debian/copyright file which initiates
1165 automatic repackaging of the upstream tarball into
1166 <spkg>_<oversion>.orig.tar.gz (In debian/copyright, the Files-Excluded
1167 and Files-Excluded-component stanzas are a part of the first paragraph
1168 and there is a blank line before the following paragraphs which contain
1169 Files and other stanzas.):
1170 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
1172 Files-Excluded: exclude-this
1173 exclude-dir
1174 */exclude-dir
1175 .*
1176 */js/jquery.js
1177 Files: *
1179 Copyright: ...
1180 ...
1181 Here is another example for the debian/copyright file which initiates
1183 automatic repackaging of the multiple upstream tarballs into
1184 <spkg>_<oversion>.orig.tar.gz and <spkg>_<oversion>.orig-bar.tar.gz:
1185 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
1187 Files-Excluded: exclude-this
1188 exclude-dir
1189 */exclude-dir
1190 .*
1191 */js/jquery.js
1192 Files-Excluded-bar: exclude-this
1193 exclude-dir
1194 */exclude-dir
1195 .*
1196 */js/jquery.js
1197 Files: *
1199 Copyright: ...
1200 ...
1201 See mk-origtargz(1).
1203
1205 Let's assume that the upstream "uscan test key (no secret)
1206 <none@debian.org>" signs its package with a secret OpenPGP key and
1207 publishes the corresponding public OpenPGP key. This public OpenPGP
1208 key can be identified in 3 ways using the hexadecimal form.
1209 · The fingerprint as the 20 byte data calculated from the public
1211 OpenPGP key. E. g., 'CF21 8F0E 7EAB F584 B7E2 0402 C77E 2D68 7254
1212 3FAF'
1213 · The long keyid as the last 8 byte data of the fingerprint. E. g.,
1215 'C77E2D6872543FAF'
1216 · The short keyid is the last 4 byte data of the fingerprint. E. g.,
1218 '72543FAF'
1219 Considering the existence of the collision attack on the short keyid,
1221 the use of the long keyid is recommended for receiving keys from the
1222 public key servers. You must verify the downloaded OpenPGP key using
1223 its full fingerprint value which you know is the trusted one.
1224 The armored keyring file debian/upstream/signing-key.asc can be created
1226 by using the gpg (or gpg2) command as follows.
1227 $ gpg --recv-keys "C77E2D6872543FAF"
1229 ...
1230 $ gpg --finger "C77E2D6872543FAF"
1231 pub 4096R/72543FAF 2015-09-02
1232 Key fingerprint = CF21 8F0E 7EAB F584 B7E2 0402 C77E 2D68 7254 3FAF
1233 uid uscan test key (no secret) <none@debian.org>
1234 sub 4096R/52C6ED39 2015-09-02
1235 $ cd path/to/<upkg>-<uversion>
1236 $ mkdir -p debian/upstream
1237 $ gpg --export --export-options export-minimal --armor \
1238 'CF21 8F0E 7EAB F584 B7E2 0402 C77E 2D68 7254 3FAF' \
1239 >debian/upstream/signing-key.asc
1240 The binary keyring files, debian/upstream/signing-key.pgp and
1242 debian/upstream-signing-key.pgp, are still supported but deprecated.
1243 If a group of developers sign the package, you need to list
1245 fingerprints of all of them in the argument for gpg --export ... to
1246 make the keyring to contain all OpenPGP keys of them.
1247 Sometimes you may wonder who made a signature file. You can get the
1249 public keyid used to create the detached signature file
1250 foo-2.0.tar.gz.asc by running gpg as:
1251 $ gpg -vv foo-2.0.tar.gz.asc
1253 gpg: armor: BEGIN PGP SIGNATURE
1254 gpg: armor header: Version: GnuPG v1
1255 :signature packet: algo 1, keyid C77E2D6872543FAF
1256 version 4, created 1445177469, md5len 0, sigclass 0x00
1257 digest algo 2, begin of digest 7a c7
1258 hashed subpkt 2 len 4 (sig created 2015-10-18)
1259 subpkt 16 len 8 (issuer key ID C77E2D6872543FAF)
1260 data: [4091 bits]
1261 gpg: assuming signed data in `foo-2.0.tar.gz'
1262 gpg: Signature made Sun 18 Oct 2015 11:11:09 PM JST using RSA key ID 72543FAF
1263 ...
1264
1266 For the basic usage, uscan does not require to set these options.
1267 --conffile, --conf-file
1269 Add or replace default configuration files ("/etc/devscripts.conf"
1270 and "~/.devscripts"). This can only be used as the first option
1271 given on the command-line.
1272 replace:
1274 uscan --conf-file test.conf --verbose
1275 add:
1277 uscan --conf-file +test.conf --verbose
1278 If one --conf-file has no "+", default configuration files are
1280 ignored.
1281 --no-conf, --noconf
1283 Don't read any configuration files. This can only be used as the
1284 first option given on the command-line.
1285 --no-verbose
1287 Don't report verbose information. (default)
1288 --verbose, -v
1290 Report verbose information.
1291 --debug, -vv
1293 Report verbose information including the downloaded web pages as
1294 processed to STDERR for debugging.
1295 --dehs
1297 Send DEHS style output (XML-type) to STDOUT, while send all other
1298 uscan output to STDERR.
1299 --no-dehs
1301 Use only traditional uscan output format. (default)
1302 --download, -d
1304 Download the new upstream release. (default)
1305 --force-download, -dd
1307 Download the new upstream release even if up-to-date. (may not
1308 overwrite the local file)
1309 --overwrite-download, -ddd
1311 Download the new upstream release even if up-to-date. (may
1312 overwrite the local file)
1313 --no-download, --nodownload
1315 Don't download and report information.
1316 Previously downloaded tarballs may be used.
1318 Change default to --skip-signature.
1320 --signature
1322 Download signature. (default)
1323 --no-signature
1325 Don't download signature but verify if already downloaded.
1326 --skip-signature
1328 Don't bother download signature nor verifying signature.
1329 --safe, --report
1331 Avoid running unsafe scripts by skipping both the repacking of the
1332 downloaded package and the updating of the new source tree.
1333 Change default to --no-download and --skip-signature.
1335 When the objective of running uscan is to gather the upstream
1337 package status under the security conscious environment, please
1338 make sure to use this option.
1339 --report-status
1341 This is equivalent of setting "--verbose --safe".
1342 --download-version version
1344 Specify the version which the upstream release must match in order
1345 to be considered, rather than using the release with the highest
1346 version. (a best effort feature)
1347 --download-debversion version
1349 Specify the Debian package version to download the corresponding
1350 upstream release version. The dversionmangle and uversionmangle
1351 rules are considered. (a best effort feature)
1352 --download-current-version
1354 Download the currently packaged version. (a best effort feature)
1355 --check-dirname-level N
1357 See the below section "Directory name checking" for an explanation
1358 of this option.
1359 --check-dirname-regex regex
1361 See the below section "Directory name checking" for an explanation
1362 of this option.
1363 --destdir path Normally, uscan changes its internal current directory
1365 to the package's source directory where the debian/ is located. Then
1366 the destination directory for the downloaded tarball and other files is
1367 set to the parent directory ../ from this internal current directory.
1368 This default destination directory can be overridden by setting
1369 --destdir option to a particular path. If this path is a relative
1370 path, the destination directory is determined in relative to the
1371 internal current directory of uscan execution. If this path is a
1372 absolute path, the destination directory is set to path
1373 irrespective of the internal current directory of uscan execution.
1374 The above is true not only for the sinple uscan run in the single
1376 source tree but also for the advanced scanning uscan run with
1377 subdirectories holding multiple source trees.
1378 One exception is when --watchfile and --package are used together.
1380 For this case, the internal current directory of uscan execution
1381 and the default destination directory are set to the current
1382 directory . where uscan is started. The default destination
1383 directory can be overridden by setting --destdir option as well.
1384 --package package
1386 Specify the name of the package to check for rather than examining
1387 debian/changelog; this requires the --upstream-version (unless a
1388 version is specified in the watch file) and --watchfile options as
1389 well. Furthermore, no directory scanning will be done and nothing
1390 will be downloaded. This option automatically sets --no-download
1391 and --skip-signature; and probably most useful in conjunction with
1392 the DEHS system (and --dehs).
1393 --upstream-version upstream-version
1395 Specify the current upstream version rather than examine
1396 debian/watch or debian/changelog to determine it. This is ignored
1397 if a directory scan is being performed and more than one
1398 debian/watch file is found.
1399 --watchfile watchfile
1401 Specify the watchfile rather than perform a directory scan to
1402 determine it. If this option is used without --package, then uscan
1403 must be called from within the Debian package source tree (so that
1404 debian/changelog can be found simply by stepping up through the
1405 tree).
1406 One exception is when --watchfile and --package are used together.
1408 uscan can be called from anywhare and the internal current
1409 directory of uscan execution and the default destination directory
1410 are set to the current directory . where uscan is started.
1411 See more in the --destdir explanation.
1413 --bare
1415 Disable all site specific special case codes to perform URL
1416 redirections and page content alterations.
1417 --no-exclusion
1419 Don't automatically exclude files mentioned in debian/copyright
1420 field Files-Excluded.
1421 --pasv
1423 Force PASV mode for FTP connections.
1424 --no-pasv
1426 Don't use PASV mode for FTP connections.
1427 --no-symlink
1429 Don't rename nor repack upstream tarball.
1430 --timeout N
1432 Set timeout to N seconds (default 20 seconds).
1433 --user-agent, --useragent
1435 Override the default user agent header.
1436 --help
1438 Give brief usage information.
1439 --version
1441 Display version information.
1442 uscan also accepts following options and passes them to mk-origtargz:
1444 --symlink
1446 Make orig.tar.gz (with the appropriate extension) symlink to the
1447 downloaded files. (This is the default behavior.)
1448 --copy
1450 Instead of symlinking as described above, copy the downloaded
1451 files.
1452 --rename
1454 Instead of symlinking as described above, rename the downloaded
1455 files.
1456 --repack
1458 After having downloaded an lzma tar, xz tar, bzip tar, gz tar, zip,
1459 jar, xpi archive, repack it to the specified compression (see
1460 --compression).
1461 The unzip package must be installed in order to repack zip and jar
1463 archives, the mozilla-devscripts package must be installed to
1464 repack xpi archives, and the xz-utils package must be installed to
1465 repack lzma or xz tar archives.
1466 --compression [ gzip | bzip2 | lzma | xz ]
1468 In the case where the upstream sources are repacked (either because
1469 --repack option is given or debian/copyright contains the field
1470 Files-Excluded), it is possible to control the compression method
1471 via the parameter. The default is gzip for normal tarballs, and xz
1472 for tarballs generated directly from the git repository.
1473 --copyright-file copyright-file
1475 Exclude files mentioned in Files-Excluded in the given copyright-
1476 file. This is useful when running uscan not within a source
1477 package directory.
1478
1480 For the basic usage, uscan does not require to set these configuration
1481 variables.
1482 The two configuration files /etc/devscripts.conf and ~/.devscripts are
1484 sourced by a shell in that order to set configuration variables. These
1485 may be overridden by command line options. Environment variable
1486 settings are ignored for this purpose. If the first command line option
1487 given is --noconf, then these files will not be read. The currently
1488 recognized variables are:
1489 USCAN_DOWNLOAD
1491 Download or report only:
1492 no: equivalent to --no-download, newer upstream files will not be
1494 downloaded.
1495 yes: equivalent to --download, newer upstream files will be
1496 downloaded. This is the default behavior.
1497 See also --force-download and --overwrite-download.
1498 USCAN_SAFE
1500 If this is set to yes, then uscan avoids running unsafe scripts by
1501 skipping both the repacking of the downloaded package and the
1502 updating of the new source tree; this is equivalent to the --safe
1503 options; this also sets the default to --no-download and
1504 --skip-signature.
1505 USCAN_PASV
1507 If this is set to yes or no, this will force FTP connections to use
1508 PASV mode or not to, respectively. If this is set to default, then
1509 Net::FTP(3) makes the choice (primarily based on the FTP_PASSIVE
1510 environment variable).
1511 USCAN_TIMEOUT
1513 If set to a number N, then set the timeout to N seconds. This is
1514 equivalent to the --timeout option.
1515 USCAN_SYMLINK
1517 If this is set to no, then a pkg_version.orig.tar.{gz|bz2|lzma|xz}
1518 symlink will not be made (equivalent to the --no-symlink option).
1519 If it is set to yes or symlink, then the symlinks will be made. If
1520 it is set to rename, then the files are renamed (equivalent to the
1521 --rename option).
1522 USCAN_DEHS_OUTPUT
1524 If this is set to yes, then DEHS-style output will be used. This is
1525 equivalent to the --dehs option.
1526 USCAN_VERBOSE
1528 If this is set to yes, then verbose output will be given. This is
1529 equivalent to the --verbose option.
1530 USCAN_USER_AGENT
1532 If set, the specified user agent string will be used in place of
1533 the default. This is equivalent to the --user-agent option.
1534 USCAN_DESTDIR
1536 If set, the downloaded files will be placed in this directory.
1537 This is equivalent to the --destdir option.
1538 USCAN_REPACK
1540 If this is set to yes, then after having downloaded a bzip tar,
1541 lzma tar, xz tar, or zip archive, uscan will repack it to the
1542 specified compression (see --compression). This is equivalent to
1543 the --repack option.
1544 USCAN_EXCLUSION
1546 If this is set to no, files mentioned in the field Files-Excluded
1547 of debian/copyright will be ignored and no exclusion of files will
1548 be tried. This is equivalent to the --no-exclusion option.
1549
1551 The exit status gives some indication of whether a newer version was
1552 found or not; one is advised to read the output to determine exactly
1553 what happened and whether there were any warnings to be noted.
1554 0 Either --help or --version was used, or for some watch file which
1556 was examined, a newer upstream version was located.
1557 1 No newer upstream versions were located for any of the watch files
1559 examined.
1560
1562 uscan has many other enhanced features which are skipped in the above
1563 section for the simplicity. Let's check their highlights.
1564 uscan actually scans not just the current directory but all its
1566 subdirectories looking for debian/watch to process them all. See
1567 "Directory name checking".
1568 uscan can be executed with path as its argument to change the starting
1570 directory of search from the current directory to path .
1571 If you are not sure what exactly is happening behind the scene, please
1573 enable the --verbose option. If this is not enough, enable the --debug
1574 option too see all the internal activities.
1575 See "COMMANDLINE OPTIONS" and "DEVSCRIPT CONFIGURATION VARIABLES" for
1577 other variations.
1578 Custom script
1580 The optional script parameter in debian/watch means to execute script
1581 with options after processing this line if specified.
1582 See "HISTORY AND UPGRADING" for how uscan invokes the custom script.
1584 For compatibility with other tools such as git-buildpackage, it may not
1586 be wise to create custom scripts with random behavior. In general,
1587 uupdate is the best choice for the non-native package and custom
1588 scripts, if created, should behave as if uupdate. For possible use
1589 case, see <http://bugs.debian.org/748474> as an example.
1590 URL diversion
1592 Some popular web sites changed their web page structure causing
1593 maintenance problems to the watch file. There are some redirection
1594 services created to ease maintenance of the watch file. Currently,
1595 uscan makes automatic diversion of URL requests to the following URLs
1596 to cope with this situation.
1597 · <http://sf.net>
1599 · <http://pypi.python.org>
1601 Directory name checking
1603 Similarly to several other scripts in the devscripts package, uscan
1604 explores the requested directory trees looking for debian/changelog and
1605 debian/watch files. As a safeguard against stray files causing
1606 potential problems, and in order to promote efficiency, it will examine
1607 the name of the parent directory once it finds the debian/changelog
1608 file, and check that the directory name corresponds to the package
1609 name. It will only attempt to download newer versions of the package
1610 and then perform any requested action if the directory name matches the
1611 package name. Precisely how it does this is controlled by two
1612 configuration file variables DEVSCRIPTS_CHECK_DIRNAME_LEVEL and
1613 DEVSCRIPTS_CHECK_DIRNAME_REGEX, and their corresponding command-line
1614 options --check-dirname-level and --check-dirname-regex.
1615 DEVSCRIPTS_CHECK_DIRNAME_LEVEL can take the following values:
1617 0 Never check the directory name.
1619 1 Only check the directory name if we have had to change directory in
1621 our search for debian/changelog, that is, the directory containing
1622 debian/changelog is not the directory from which uscan was invoked.
1623 This is the default behavior.
1624 2 Always check the directory name.
1626 The directory name is checked by testing whether the current directory
1628 name (as determined by pwd(1)) matches the regex given by the
1629 configuration file option DEVSCRIPTS_CHECK_DIRNAME_REGEX or by the
1630 command line option --check-dirname-regex regex. Here regex is a Perl
1631 regex (see perlre(3perl)), which will be anchored at the beginning and
1632 the end. If regex contains a /, then it must match the full directory
1633 path. If not, then it must match the full directory name. If regex
1634 contains the string package, this will be replaced by the source
1635 package name, as determined from the debian/changelog. The default
1636 value for the regex is: package(-.+)?, thus matching directory names
1637 such as package and package-version.
1638
1640 This section briefly describes the backwards-incompatible watch file
1641 features which have been added in each watch file version, and the
1642 first version of the devscripts package which understood them.
1643 Pre-version 2
1645 The watch file syntax was significantly different in those days.
1646 Don't use it. If you are upgrading from a pre-version 2 watch
1647 file, you are advised to read this manpage and to start from
1648 scratch.
1649 Version 2
1651 devscripts version 2.6.90: The first incarnation of the current
1652 style of watch files.
1653 Version 3
1655 devscripts version 2.8.12: Introduced the following: correct
1656 handling of regex special characters in the path part,
1657 directory/path pattern matching, version number in several parts,
1658 version number mangling. Later versions have also introduced URL
1659 mangling.
1660 If you are upgrading from version 2, the key incompatibility is if
1662 you have multiple groups in the pattern part; whereas only the
1663 first one would be used in version 2, they will all be used in
1664 version 3. To avoid this behavior, change the non-version-number
1665 groups to be (?: ... ) instead of a plain ( ... ) group.
1666 · uscan invokes the custom script as "script --upstream-version
1668 version ../spkg_version.orig.tar.gz".
1669 · uscan invokes the standard uupdate as "uupdate --no-symlink
1671 --upstream-version version ../spkg_version.orig.tar.gz".
1672 Version 4
1674 devscripts version 2.15.10: The first incarnation of watch files
1675 supporting multiple upstream tarballs.
1676 The syntax of the watch file is relaxed to allow more spaces for
1678 readability.
1679 If you have a custom script in place of uupdate, you may also
1681 encounter problems updating from Version 3.
1682 · uscan invokes the custom script as "script --upstream-version
1684 version".
1685 · uscan invokes the standard uupdate as "uupdate --find
1687 --upstream-version version".
1688 Restriction for --dehs is lifted by redirecting other output to
1690 STDERR when it is activated.
1691
1693 dpkg(1), mk-origtargz(1), perlre(1), uupdate(1), devscripts.conf(5)
1694
1696 The original version of uscan was written by Christoph Lameter
1697 <clameter@debian.org>. Significant improvements, changes and bugfixes
1698 were made by Julian Gilbey <jdg@debian.org>. HTTP support was added by
1699 Piotr Roszatycki <dexter@debian.org>. The program was rewritten in Perl
1700 by Julian Gilbey. Xavier Guimard converted it in object-oriented Perl
1701 using Moo.
1702Debian Utilities 2020-02-06 USCAN(1)