You are not logged in.

Pages: 1

#1 2016-09-17 11:41:22

NicoHood
Package Maintainer (PM)
Registered: 2016-09-08
Posts: 6

Submitting packages as TU questions

Hey Arch Team,
I've recently become a TU. First I want to thank everyone who voted for me. I hope I can convince those who didn't that I am doing the job good. Looking forward for some good teamwork smile

I've got a few questions regarding the first package upload.

I want to be careful when doing my first upload, I hope the answers to my questions are not too obivous. To me it seems some wiki pages are wrong/outdated or just unclear to me. A lot of things were made simpler with scripts, but the normal way is also always described which makes it quite hard to keep the overview as new TU.

First off I applied with a new PGP key for package signing. I think this provides better security if I separate the PGP key for package signing from the email key. I was told, that this is unusual. Is it still a bad idea or better? The TODO list #8 suggest to create an extra key for package signing.

Now I try to upload my first community package "arduino". I am following this guide:
https://wiki.archlinux.org/index.php/AU … Repository

First the svn checkout did not work, because it did not search for my ssh key. I had to edit the ssh config, similar to AUR access. Did i configure something wrong, or is this normal? If its normal it should possibly be added to the wiki similar to AUR.

Then I created the folders for arduino and added the PKGBUILD. I've also added the install script and other patches. I think that was correct, but should be noted somewhere. The builded packages should not be included to the svn if I understand that correct.

Now when building the package I've used the provided script extra-x86_64-build. The question now is: what is different between the extra-x86_64-build script and testing-x86_64-build? I've compared those files and they seem idential. Why not remove the testing script then? Or at least note that there is no difference in the wiki.

Now that I've build the package I need to sign it. Coming back to my previous PGP question, I need to add the parameter "-u" to use a different key than my default one. The provided communitypkg script seems to not provide a way to use such an option. Does this mean I always have to do the steps manually? Also communitypkg and community-testingpkg also seem to be idential.

The copy command (scp) copies the packages to staging. For me it is unclear what staging is. On the wiki is only limited information about this, and I am not sure if uploading to staging is correct or not. However if it is, how can I make sure that my packages end up in testing or the normal repository? For my first upload I want to add it to the testing repository of course before it moves to community. There is a command to move a package from testing to community, but its unclear how to upload to testing.

Point #13 of the TODO list suggests to create staging directories. Those are still empty for me and I am wondering when those are used.
https://wiki.archlinux.org/index.php/AU … sted_Users
Doesnt this mean the folder structure is required on the server side?
https://wiki.archlinux.org/index.php/De … irectories

Also the wiki talks about the server nymeria, but florian gave me access to orion. Is that correct and whats the difference? I've never seen any note about orion. Regarding this wiki page it could be possible, that the TU starter page is out of date about nymeria? https://wiki.archlinux.org/index.php/De … rMigration

I can possibly edit the wiki pages once things are more clear, so new TUs don't have the same questions again. But before I do I need to know if I am correct wink

I am also still missing the TU chat key, so I have no chance to ask there yet.

Thank you very much.

Cheers,
Nico

Offline

#2 2016-09-17 17:11:45

Muflone
Package Maintainer (PM)
From: Italy
Registered: 2013-10-08
Posts: 106
Website

Re: Submitting packages as TU questions

Hi Nico and welcome again.

Your questions are legitimate and you're doing well in asking.
While your questions are always welcome, I suggest you to ask to your mentor to solve your doubts about packaging.
Your mentor and the arch-dev-public mailing list are the best places where to ask your questions.

NicoHood wrote:

First off I applied with a new PGP key for package signing. I think this provides better security if I separate the PGP key for package signing from the email key. I was told, that this is unusual. Is it still a bad idea or better? The TODO list #8 suggest to create an extra key for package signing.

Regarding the separated gpg key there's no point in having one, two or tens of different keys. The most important thing is to keep the private key as securely private.

NicoHood wrote:

First the svn checkout did not work, because it did not search for my ssh key. I had to edit the ssh config, similar to AUR access. Did i configure something wrong, or is this normal? If its normal it should possibly be added to the wiki similar to AUR.

The SSH configuration depends on your ssh client, if you use the openssh client, then it could be normal that your keys wasn't found. Often is useful to add the -v argument to ssh to watch the order of the used keys, if you have too many (> 3 keys), the SSH server will close your connection after the third attempt to connect, before the right key is found.
In this case, the config file need to be used (or add command line arguments).

NicoHood wrote:

Now when building the package I've used the provided script extra-x86_64-build. The question now is: what is different between the extra-x86_64-build script and testing-x86_64-build? I've compared those files and they seem idential. Why not remove the testing script then? Or at least note that there is no difference in the wiki.

In Arch Linux there're many repositories, in general the TU are allowed to upload only in the community repository.
There're three versions of each repository:
- the official (core, extra, community)
- the testing (testing and community-testing) used for packages that are not yet in the official repositories
- the staging (staging and community-staging) used for packages that are still experimental. This in particular is actually used for packages that need a coordinated action from many TUs, everyone put the rebuild packages in staging and after all the needed rebuilds are done, someone moves everything to testing or official.

See also  https://wiki.archlinux.org/index.php/Of … positories

NicoHood wrote:

The provided communitypkg script seems to not provide a way to use such an option. Does this mean I always have to do the steps manually?

Just add GPGKEY=yourkeyid in /etc/makepkg.conf

NicoHood wrote:

The copy command (scp) copies the packages to staging.

the staging directory in orion, where the packages are ready to be released.

NicoHood wrote:

how can I make sure that my packages end up in testing or the normal repository?

communitypkg uploads the packages in the official repository (staging/community directory in orion)
community-testingpkg uploads the packages in the testing repository (staging/community-testing directory in orion)
community-stagingpkg upload the packages in the staging repository (staging/community-staging directory in orion)

NicoHood wrote:

For my first upload I want to add it to the testing repository of course before it moves to community. There is a command to move a package from testing to community, but its unclear how to upload to testing.

simply use the community-testingpkg command
When you're sure to move from testing to official you can use '/community/db-move community-testing community PACKAGES'

NicoHood wrote:

Point #13 of the TODO list suggests to create staging directories. Those are still empty for me and I am wondering when those are used.

When I became TU someone/something created for me the staging directories in orion:

$ ssh orion.archlinux.org 
Last login: Sat Sep 17 17:02:04 2016 from 123.123.123.123
[muflone@orion ~]$ tree
.
└── staging
    ├── community
    ├── community-staging
    ├── community-testing
    ├── core
    ├── extra
    ├── gnome-unstable
    ├── kde-unstable
    ├── multilib
    ├── multilib-staging
    ├── multilib-testing
    ├── staging
    └── testing

These are used by the *pkg commands

NicoHood wrote:

Also the wiki talks about the server nymeria, but florian gave me access to orion. Is that correct and whats the difference? I've never seen any note about orion. Regarding this wiki page it could be possible, that the TU starter page is out of date about nymeria? https://wiki.archlinux.org/index.php/De … rMigration

I can possibly edit the wiki pages once things are more clear, so new TUs don't have the same questions again. But before I do I need to know if I am correct wink

Someday ago the packages were moved from nymeria to orion. See https://lists.archlinux.org/pipermail/a … 28047.html

host repos.archlinux.org

reveals that repos and orion are the same server, while nymeria wasn't

I hope to be useful, I had some difficulties on my first days as TU :-)

Regards

Last edited by Muflone (2016-09-17 17:24:54)

Offline

Pages: 1

Board footer

Powered by FluxBB