// vim:set filetype=asciidoc:
[[sanitize]]
== Sanitization of the source

There are a few cases that require sanitizing the source to prevent contamination of the generated Debian source package.

* Non-https://www.debian.org/social_contract.html#guidelines[DFSG] compliant content in the upstream source.
** Debian takes software freedom seriously and adheres to the https://www.debian.org/social_contract.html#guidelines[DFSG].
* Extraneous auto-generated content in the upstream source.
** Debian packages should rebuild these under the latest system.
* Extraneous VCS content in the upstream source.
** The *-i* and *-I* options set in "`<<devscripts-setup>>`" for the *dpkg-source*(1) command should avoid these.
*** The *-i* option is intended for non-native Debian packages.
*** The *-I* option is intended for native Debian packages.

There are several methods to avoid including undesirable content.

[[files-excluded]]
=== Fix with *Files-Excluded*

This method is suitable for avoiding non-https://www.debian.org/social_contract.html#guidelines[DFSG] compliant content in the upstream source tarball.

* List the files to be removed in the *Files-Excluded* stanza of the  *debian/copyright* file.
* List the URL to download the upstream tarball in the *debian/watch* file.
* Run the *uscan* command to download the new upstream tarball.
** Alternatively, use the "`*gbp import-orig --uscan --pristine-tar*`" command.
* *mk-origtargz* invoked from *uscan* removes excluded files from the upstream tarball and repack it as a clean tarball.
* The resulting tarball has the version number with an additional suffix *+dfsg*.

See "`*COPYRIGHT FILE EXAMPLES*`" in *mk-origtargz*(1).

[[rules-clean]]
=== Fix with "`*debian/rules clean*`"

This method is suitable for avoiding auto-generated files by removing them in the "*debian/rules clean*" target.

NOTE: The "**debian/rules clean**" target is called before the "**dpkg-source --build**" command by the **dpkg-buildpackage** command. The "**dpkg-source --build**" command ignores removed files.

[[extend-diff-ignore]]
=== Fix with *extend-diff-ignore*

This is for the non-native Debian package.

The problem of extraneous diffs can be fixed by ignoring changes made to specific parts of the source tree. This is done by adding the "**extend-diff-ignore=...**" line in the **debian/source/options** file.

.**debian/source/options** to exclude the *config.sub*, *config.guess* and *Makefile* files:
----
# Don't store changes on autogenerated files
extend-diff-ignore = "(^|/)(config\.sub|config\.guess|Makefile)$"
----

NOTE: This approach always works, even when you can't remove the file. It saves you from having to make a backup of the unmodified file just to restore it before the next build.

TIP: If you use the *debian/source/local-options* file instead, you can hide this setting from the generated source package. This may be useful when local non-standard VCS files interfere with your packaging.

[[tar-ignore]]
=== Fix with *tar-ignore*

This is for the native Debian package.

You can exclude certain files in the source tree from the generated tarball by adjusting the file glob. Add the "**tar-ignore=...**" lines in the **debian/source/options** or **debian/source/local-options** files.

NOTE: For example, if the source package of a native package needs files with the *.o* extension as part of the test data, the setting in "`<<devscripts-setup>>`" may be too aggressive. You can work around this by dropping the *-I* option for *DEBUILD_DPKG_BUILDPACKAGE_OPTS* in "`<<devscripts-setup>>`" and adding the "**tar-ignore=...**" lines in the *debian/source/local-options* file for each package.

[[git-clean]]
=== Fix with "`*git clean -dfx*`"

The problem of extraneous content in the second build can be avoided by restoring the source tree. This is done by committing the source tree to the Git repository before the first build.

You can restore the source tree before the second package build. For example:

----
 $ git reset --hard
 $ git clean -dfx
----

This works because the *dpkg-source* command ignores the contents of typical VCS files in the source tree, as specified by the *DEBUILD_DPKG_BUILDPACKAGE_OPTS* setting in "`<<devscripts-setup>>`".

TIP: If the source tree is not managed by a VCS, run "**git init; git add -A .; git commit**" before the first build.
