Sanitize hidden vendored paths for PPA builds

Author: inureyes

.github/workflows/launchpad_ppa.yml

@@ -138,6 +138,25 @@ jobs:
         mkdir -p .cargo
         cargo vendor --locked vendor > .cargo/config.toml
         python3 debian/sanitize-vendor.py
+        python3 - <<'PY'
+        import json
+        from pathlib import Path, PurePosixPath
+
+        offenders = []
+        for checksum_file in Path("vendor").rglob(".cargo-checksum.json"):
+            data = json.loads(checksum_file.read_text())
+            for rel_path in data.get("files", {}):
+                if rel_path.endswith(".orig") or any(
+                    part.startswith(".") for part in PurePosixPath(rel_path).parts
+                ):
+                    offenders.append(f"{checksum_file}: {rel_path}")
+
+        if offenders:
+            raise SystemExit(
+                "vendor checksum still references hidden/orig files:\n"
+                + "\n".join(offenders[:50])
+            )
+        PY
         grep -q 'replace-with = "vendored-sources"' .cargo/config.toml
         grep -q '\[source.vendored-sources\]' .cargo/config.toml
         grep -q '^directory = "vendor"$' .cargo/config.toml

debian/__pycache__/sanitize-vendor.cpython-314.pyc

@@ -22,6 +22,7 @@ echo "Vendoring Rust dependencies..."
 rm -rf vendor .cargo
 mkdir -p .cargo
 cargo vendor --locked vendor > .cargo/config.toml
+python3 debian/sanitize-vendor.py
 
 if ! grep -q '^directory = "vendor"$' .cargo/config.toml; then
     echo "Error: cargo vendor did not generate the expected source replacement config"

debian/prepare-source-package.sh

@@ -4,6 +4,11 @@
 from pathlib import Path
 
 
+def should_strip(rel_path: str) -> bool:
+    path = Path(rel_path)
+    return rel_path.endswith(".orig") or any(part.startswith(".") for part in path.parts)
+
+
 def main() -> int:
     vendor_root = Path("vendor")
     if not vendor_root.is_dir():
@@ -17,7 +22,7 @@ def main() -> int:
 
         removed = []
         for rel_path in list(files.keys()):
-            if rel_path.endswith(".orig"):
+            if should_strip(rel_path):
                 removed.append(rel_path)
                 files.pop(rel_path, None)
                 target = crate_dir / rel_path
@@ -28,7 +33,7 @@ def main() -> int:
             checksum_file.write_text(
                 json.dumps(data, separators=(",", ":"), sort_keys=True) + "\n"
             )
-            print(f"sanitized {checksum_file} ({len(removed)} .orig entries)")
+            print(f"sanitized {checksum_file} ({len(removed)} hidden/orig entries)")
 
     return 0