fpm icon indicating copy to clipboard operation
fpm copied to clipboard

Published 20 hours ago verified publisher icon jordansissel

Don't bother packaging a changelog if all it says is "Package created with FPM".

Open miiichael opened this issue 7 months ago • 3 comments

Something about FPM makes it far too easy to make Debian packages with rubbish changelogs:

Image

miiichael avatar Apr 30 '25 12:04 miiichael

Thanks for the detail - it's interesting so many different tools are packaged with fpm :)

This behavior is intended and by design: FPM exists in a complex world with a specific goal of making it easier to create packages. FPM creates a "rubbish" changelog when one is not provided because some Debian tools require this file exist.

Your proposal has a problem: If fpm were to omit the changelog file, this is often handled as an error by downstream tools.

Some background: For Debian, FPM aims to create packages which, by default, should pass lintian (and other policy-enforcement tools).

The goal is to make folks successful when creating packages. Sometimes an fpm user can create packages, but they may not control what happens after. For example, some organizations have tools which run additional policy checks against packages, and running lintian is often one such policy tool. To reduce noise and frustration as a packager, fpm will try to create packages that make lintian run without errors. Lintian's defaults change over time, so fpm adapts behavior as needed. There are likely other tools in the Debian ecosystem that will treat "missing changelog file" as an error and fail to operate on the package.

In this case, it means fpm will generate a mostly-empty changelog file if one is not provided, and "rubbish" may even be an accurate term. It's a struggle to balance these things - end user needs, packager needs, and possibly irrelevant policy controls.

Packagers (like Signal Desktop, etc) could provide their own changelog file with the --upstream-changelog fpm flag. I briefly checked the Signal Desktop github repo but was unable to find where they use fpm - possible it's in a dependency or another repo.

jordansissel avatar Apr 30 '25 17:04 jordansissel

I'd be open to adding a flag which skips creating the "rubbish" changelog file, if that would be helpful in this case, though to preserve existing behavior, the flag would be off by default. Thoughts?

jordansissel avatar Apr 30 '25 17:04 jordansissel

Some history/related issues:

  • A proposal to bypass the default changelog - https://github.com/jordansissel/fpm/issues/1176
  • A PR that got lost in review for #1176 aimed to add a flag that allows a package to be created without the default changeloge entry: https://github.com/jordansissel/fpm/pull/1331
  • PR from 11 years ago to use lintian in the fpm test suite - https://github.com/jordansissel/fpm/pull/648

jordansissel avatar May 01 '25 00:05 jordansissel