Exclude VCS files et al. from Debian source package; explicitly declare Debian source format version

[jwodder]

This PR adds a patch to git-annex that does the following:

• Configures the Debian source package builds to exclude common VCS files, along with excluding some non-git-annex files that are present for this repository's builds

  • Because all(?) builds done in this repository have a version with a nonzero component after the final hyphen, we cannot use the "3.0 (native)" format, which would enable these exclusions automatically, and using "3.0 (quilt)" instead would be needlessly complicated. We thus have to stick with "1.0", which does not exclude VCS files unless we tell it to.

• Declares the Debian source package format to be "1.0"; declaring the format explicitly is highly recommended

@yarikoptic Once we confirm this works properly, we should submit this patch upstream to @joeyh.

[yarikoptic]

ping @joeyh -- would you mind if we move away from git source for git-annex? There is a security consideration (I will forward email).

[yarikoptic]

I have disabled actions for now:

[yarikoptic]

Merging for now as is since works and would mitigate immediate security hazard.

[joeyh]

If i recall correctly, usually when one is building a debian source package from a git repository, it's typical to use dpkg-buildpackage -I, which excludes the .git directory.

Still it might be a reasonable belt and suspenders thing to ignore .git in debian/source/options

I am much more doubtful about putting ignores specific to some github CI thing in there, because I don't use it, don't know how I would maintain it, and don't want to be on the hook for maintaining similar things for any other similar CI system that might be used.

Is the ignore of "clients" and "patches" to do with github CI or part of your build process?

Have you considered an alternative of creating a clean tree with only the files from git and building in there? eg

git archive --format=tar --prefix=builddir/ HEAD | tar x
cd builddir

(Note for my future reference, see email with message-id Zcun7-vjJ5R1zEvO@bilena for context not mentioned in this bug report.)

[jwodder]

@joeyh .github/, clients/, and patches/ are directories from this repo's master branch that are checked out during the datalad/git-annex build, as they contain scripts and other resources needed for the build.

Also, I don't believe building inside a untarred git archive would work, as the build process needs to get the current git-annex source commit from git's HEAD.