How to sponsor an upload¶
Use these instructions when sponsoring an upload.
Sponsorship series
The article series provides guidance on requesting sponsorship and sponsoring.
- Overview:
- For contributors:
- For sponsors:
If you are interested in sponsoring, and have gained upload rights, you can join the Ubuntu sponsors team (and Ubuntu security sponsors) to be notified of new requests in the sponsorship queue. See Path to upload rights for details on how to apply for upload rights.
Sponsor a package¶
This is similar to uploading your own .changes file, except that after ensuring the upload follows all quality standards (see How to review a merge proposal), you sign the content of the proposing person with your key and upload it to the Ubuntu Archive instead of a PPA.
Note
These instructions assume the request for sponsorship is in the form of a merge proposal. See How can I convert a debdiff contribution into a git-ubuntu branch? under Patch Pilot Git Ubuntu Tips for guidance on working with a ‘traditional’ contribution in the form of a patch generated by the debdiff(1) tool.
Clone the package repository and change to the created directory:
$ git ubuntu clone <package> $ cd <package>
Add the Launchpad ID for which you’re sponsoring as a Git
remote:$ git ubuntu remote add <sponsored_LP_user>
Switch to the merge-proposal branch:
$ git checkout "<sponsoree_LP_user>/<MP_branch_name>" -b "<MP_branch_name>"
Generate the
origtarballs for the source package:$ git ubuntu export-orig
In case the upload is for a merge, add the
--for-mergeflag:$ git ubuntu export-orig --for-merge
Push the branch to your Launchpad namespace:
$ upload_args=$(git ubuntu prepare-upload args)
This command generates arguments for the build step to include the appropriate header reference to the rich history in the
.changesfile and stores the output in theupload_argsvariable.Build the source package (with arguments generated in the previous step – and stored in the
upload_argsvariable – appended to the command):$ debuild --build=source --no-check-builddeps \ --unsigned-changes --unsigned-source \ ${upload_args}The same command with short options:
$ debuild -S -d -uc -us ${upload_args}Note
Use your preferred build method (
debuild,sbuild,dpkg-buildpackage), but always append${upload_args}.In case the upload is for a merge in which the
changeloghas more than one entry compared to the version in the release pocket (e.g. uploading2.0-1ubuntu1, and the previous Ubuntu version was1.1-1ubuntu1), add the-vflag with the previous Ubuntu version to include the changelog entries between the previous Debian base and the new Debian base:$ debuild -S -d -uc -us -v1.1-1ubuntu1 ${upload_args}Do a final check of the
.changesfile:$ less <package>_<version>_source.changes
Check that:
The
changelogreferences the Launchpad bug to be closed by the upload.For new upstream releases, the upstream
origtarball is included.The
git-ubuntubranch is mentioned.
See How to review a merge proposal for general review details.
Sign the
.changesfile:$ cd .. $ debsign -k$DEBSIGN_KEYID <package>_<version>_source.changes
Upload the package:
$ dput ubuntu <package>_<version>_source.changes
Signing methods¶
To ensure your GPG key is automatically used to sign all uploads, including sponsored ones, you can set the following in the ~/.devscripts configuration file (see also the debuild(1) manual page):
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-k'Jane Packager <[email protected]>' -sa"
For this setting to take effect, modify the debuild build command to omit the -uc and -us flags, which prevent signing (the same applies to builds with dpkg-buildpackage). For example:
$ debuild -S -d ${upload_args}
Then do not run the debsign command.
$DEBSIGN_KEYID and $DEB_SIGN_KEYID
The debsign and dpkg-buildpackage tools use similar variable names for GPG keys. Do not confuse them:
tool |
variable |
manual page |
|---|---|---|
|
|
|
|
|