How to sponsor an upload¶
Use these instructions when sponsoring an upload.
Sponsorship series
The article series provides guidance on requesting sponsorship and sponsoring.
- Overview:
- For contributors:
- For sponsors:
If you are interested in sponsoring, and have gained upload rights, you can join the Ubuntu sponsors team (and Ubuntu security sponsors) to be notified of new requests in the sponsorship queue. See Path to upload rights for details on how to apply for upload rights.
Sponsor a package¶
This is similar to uploading your own .changes
file, except that after ensuring the upload follows all quality standards (see How to review a merge proposal), you sign the content of the proposing person with your key and upload it to the Ubuntu Archive instead of a PPA.
Note
These instructions assume the request for sponsorship is in the form of a merge proposal. See How can I convert a debdiff contribution into a git-ubuntu branch? under Patch Pilot Git Ubuntu Tips for guidance on working with a ‘traditional’ contribution in the form of a patch generated by the debdiff(1) tool.
Clone the package repository and change to the created directory:
$ git ubuntu clone <package> $ cd <package>
Add the Launchpad ID for which you’re sponsoring as a Git
remote
:$ git ubuntu remote add <sponsored_LP_user>
Switch to the merge-proposal branch:
$ git checkout "<sponsoree_LP_user>/<MP_branch_name>" -b "<MP_branch_name>"
Generate the
orig
tarballs for the source package:$ git ubuntu export-orig
In case the upload is for a merge, add the
--for-merge
flag:$ git ubuntu export-orig --for-merge
Push the branch to your Launchpad namespace:
$ upload_args=$(git ubuntu prepare-upload args)
This command generates arguments for the build step to include the appropriate header reference to the rich history in the
.changes
file and stores the output in theupload_args
variable.Build the source package (with arguments generated in the previous step – and stored in the
upload_args
variable – appended to the command):$ debuild --build=source --no-check-builddeps \ --unsigned-changes --unsigned-source \ ${upload_args}
The same command with short options:
$ debuild -S -d -uc -us ${upload_args}
Note
Use your preferred build method (
debuild
,sbuild
,dpkg-buildpackage
), but always append${upload_args}
.In case the upload is for a merge in which the
changelog
has more than one entry compared to the version in the release pocket (e.g. uploading2.0-1ubuntu1
, and the previous Ubuntu version was1.1-1ubuntu1
), add the-v
flag with the previous Ubuntu version to include the changelog entries between the previous Debian base and the new Debian base:$ debuild -S -d -uc -us -v1.1-1ubuntu1 ${upload_args}
Do a final check of the
.changes
file:$ less <package>_<version>_source.changes
Check that:
The
changelog
references the Launchpad bug to be closed by the upload.For new upstream releases, the upstream
orig
tarball is included.The
git-ubuntu
branch is mentioned.
See How to review a merge proposal for general review details.
Sign the
.changes
file:$ cd .. $ debsign -k$DEBSIGN_KEYID <package>_<version>_source.changes
Upload the package:
$ dput ubuntu <package>_<version>_source.changes
Signing methods¶
To ensure your GPG key is automatically used to sign all uploads, including sponsored ones, you can set the following in the ~/.devscripts
configuration file (see also the debuild(1) manual page):
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-k'Jane Packager <[email protected]>' -sa"
For this setting to take effect, modify the debuild
build command to omit the -uc
and -us
flags, which prevent signing (the same applies to builds with dpkg-buildpackage
). For example:
$ debuild -S -d ${upload_args}
Then do not run the debsign
command.
$DEBSIGN_KEYID
and $DEB_SIGN_KEYID
The debsign
and dpkg-buildpackage
tools use similar variable names for GPG keys. Do not confuse them:
tool |
variable |
manual page |
---|---|---|
|
|
|
|
|