REVU

Differences between revisions 52 and 55 (spanning 3 versions)
Revision 52 as of 2006-08-29 20:46:31
Size: 6907
Editor: office
Comment: Spelling fix
Revision 55 as of 2006-10-01 21:07:18
Size: 7318
Editor: smtp
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
[http://revu.tauware.de/ REVU] is a web-based tool to give people who have worked on packages a chance to "put their packages out there" for other people to look at and comment on in a structured manner. [http://revu.tauware.de/ REVU] (http://revu.tauware.de) is a web-based tool to give people who have worked on packages a chance to "put their packages out there" for other people to look at and comment on in a structured manner.
Line 9: Line 9:
Once a packager's ["GPGKey"] has been added to the REVU keyring, the packager can begin to upload his packages to REVU. They are then commented by [:MOTU/Teams/Reviewers:reviewers] and the packager can send updates of his package to REVU until it gets advocated by at least 2 ["MOTU"]s. When that point is reached, a MOTU uploads the approved package to Universe. Once a packager's ["GPGKey"] has been added to the REVU keyring, the packager can begin to upload his packages to REVU. The packages can then be commented on by [:MOTU/Teams/Reviewers:reviewers], and the packager can send updates of their package to REVU until it gets advocated by at least 2 ["MOTU"]s. At that point, a MOTU can upload the approved package to Universe.
Line 11: Line 11:
This service is experimental at the moment and involves some manual interaction. The service is located at [http://revu.tauware.de].
This service is experimental at the moment, and involves some manual interaction.
Line 16: Line 15:
=== Why contribute as Uploader ? === === Why contribute as an Uploader ? ===
Line 18: Line 17:
Would you like a program to be distributed in Ubuntu that's not available in the development version of either Ubuntu (currently EdgyEft) or Debian (Sid)?
Then you might like to package this program and upload it to REVU!. In order to do so, you need to register as an uploader on the REVU system.
If you've built a package of a program that's not available in the development version of either Ubuntu (currently EdgyEft) or Debian (Sid), you can upload it to REVU. It can then be checked over by MOTUs and advocated into Ubuntu's Universe archive.
Line 21: Line 19:
In order to do this, you need to register as an uploader on the REVU system.
Line 22: Line 21:
=== Register as uploader === === Register as a REVU uploader ===
Line 24: Line 23:
What you need : You need:
Line 28: Line 27:
 * Know how to make Debian packages (see PackagingTips)  * To know how to make Debian packages (see PackagingTips)
Line 31: Line 30:
It is not necessary to GetYourKeySigned, but it is a good idea anyway. In order to upload to REVU, you will need to be added to the REVU keyring. Be sure that you have a [https://launchpad.net Launchpad] account and that you have added your ["GPGKey"] to it. Then ask to [https://launchpad.net/people/ubuntu-universe-contributors/+join be added to the Ubuntu Universe Contributors team]. One of the REVU admins will add you then to the group (== Upload rights for REVU). You don't need a password to upload packages, only to log in to the website and reply to comments. In order to upload to REVU, you will need to be added to the REVU keyring. Be sure that you have a [https://launchpad.net Launchpad] account and that you have added your ["GPGKey"] to it. Then, ask [https://launchpad.net/people/ubuntu-universe-contributors/+join to be added to the Ubuntu Universe Contributors team]. Next, ask the REVU admins in {{{#ubuntu-motu}}} or at keyring@tiber.tauware.de to re-sync the REVU uploaders keyring, which grants you upload rights to REVU. It is a good idea to GetYourKeySigned, but it is not a requirement for using REVU.
Line 33: Line 32:
Important note : Once you have uploaded a package to REVU, a password will be created for you, that you will be able to recover. REVU will provide you an '''encrypted''' message for your key with your password in it. Therefore, your GPG key needs to have an Elgamal secondary key in order to allow encrypting data for it. If you don't create an Elgamal key, you will be able to upload to REVU but '''not''' to recover your password, and hence, to login on the web interface. ==== Passwords ====
Line 35: Line 34:
You don't need a password to upload packages, only to log in to the website and reply to comments.

Once you have uploaded a package to REVU, a password will be created for you. To get it, enter your e-mail address into the login box, leaving the password field blank, and click Login. Click Recover, and REVU will display an '''encrypted''' message with your password in it.

attachment:IconsPage/note.png Your GPG key needs to have an Elgamal secondary key in order to allow encrypting data as well as signing it. If you don't create an Elgamal key, you will be able to upload to REVU but '''not''' to recover your password, and hence, to login on the web interface.
Line 39: Line 43:
Since Ubuntu 6.06 LTS (the Dapper Drake), dput is already set for REVU uploads, with the [revu] entry. However, if you need to set it - because you are not using Dapper or Edgy - you can add the following entry to your /etc/dput.cf:
Since Ubuntu 6.06 LTS (Dapper Drake), dput is already configured for REVU uploads, with the [revu] entry. However, if are running an earlier version you can add the following entry to your /etc/dput.cf:
Line 49: Line 54:
If you are not an Ubuntu developer, you can set REVU as the default host for dput by modifying the [DEFAULT] section like this. This way, you don't need to specify what host to use when using dput to upload: If you are not an Ubuntu developer, you can set REVU as the default host for dput by modifying the [DEFAULT] section in dput.cf. This way, you don't need to specify what host to use when using dput to upload.
Line 54: Line 60:
Please only signed uploads (HINT: add ''allow_unsigned_uploads = 0'' to the ''[revu]'' stanza in dput.cf), and always include the original tarball, otherwise reviewers won't be able to look at your extracted source package.
In order to do so, use options "-S -sa" (with either "debuild" or "dpkg-buildpackage -rfakeroot") to build only the source package and also include the original source in the package.
==== Building a package for upload ====
Line 57: Line 62:
After the package is built, you can use dput with the above config file changes to upload it by specifying just the *_source.changes file that was created, ie. dput *_source.changes. If your firewall requires a passive FTP, dput will seem to hang while uploading. In that case, try "dput -P *_source.changes". Uploads to REVU should only be signed source files, with the original tarball. Please do not upload unsigned source or binary packages.
Line 59: Line 64:
Note : if you haven't set REVU as the default host as explained before, you need to specify that you are using it to dput, with {{{dput revu *_source.changes}}}, the default host being the Ubuntu official repository. If you are not an Ubuntu developer, your upload to the Ubuntu repository will be rejected. Inside your package directory, issue
Line 61: Line 66:
{{{
   debuild -S -sa
}}}

-S builds a source package, and -sa includes the original source. If your GPG key is not configured correctly, add {{{-kGPGKEYID}}} to the command line.

attachment:IconsPage/info.png You can add''allow_unsigned_uploads = 0'' to the ''[revu]'' stanza in dput.cf to enforce this.

==== Uploading it ====

debuild will output a package-version_source.changes file, which is uploaded with ''dput''.

{{{
   dput package-version_source.changes
}}}

If your firewall requires passive FTP, dput may hang while uploading. In that case, try {{{dput -P package-version_source.changes}}}.

attachment:IconsPage/notepng If you haven't set REVU as the default host (as explained previously), you need to specify to dput that you wish to use it on the command line: {{{dput revu *_source.changes}}}. The default host is the Ubuntu official repository, and if you are not an Ubuntu developer, your upload to the Ubuntu repository will be rejected.
Line 68: Line 92:
Line 70: Line 95:
Processing of uploads is done every 5 min. So, if your upload doesn't show up, please contact revu administrators by email (admin@tiber.tauware.de) or join irc channel #ubuntu-motu : Processing of uploads is done every 5 min. If your upload doesn't show up, please contact the REVU administrators by email (admin@tiber.tauware.de) or join the IRC channel #ubuntu-motu and talk to one of:
Line 79: Line 105:
After your first upload, you will be automatically registered to the database and assigned a random password. Use the email address you used in the changelog file of your upload as login and press the 'recover password' link, so as to receive your password by email. After your first upload, you will be automatically registered to the database and assigned a random password. Use the email address you used in the changelog file of your upload as the login name, and press the 'recover password' link, so as to receive your password by email.
Line 85: Line 111:
However, commenting uploads is only available to registered users. As an uploader, you can only comment your own uploads. This can be useful to give reviewers some info on the changes you have made between two uploads of your packages. However, commenting uploads is only available to registered users. As an uploader, you can only comment on your own uploads. This can be useful to give reviewers some info on the changes you have made between two uploads of your packages.

What is REVU ?

[http://revu.tauware.de/ REVU] (http://revu.tauware.de) is a web-based tool to give people who have worked on packages a chance to "put their packages out there" for other people to look at and comment on in a structured manner.

Once a packager's ["GPGKey"] has been added to the REVU keyring, the packager can begin to upload his packages to REVU. The packages can then be commented on by [:MOTU/Teams/Reviewers:reviewers], and the packager can send updates of their package to REVU until it gets advocated by at least 2 ["MOTU"]s. At that point, a MOTU can upload the approved package to Universe.

This service is experimental at the moment, and involves some manual interaction.

Contribute as an Uploader

Why contribute as an Uploader ?

If you've built a package of a program that's not available in the development version of either Ubuntu (currently EdgyEft) or Debian (Sid), you can upload it to REVU. It can then be checked over by MOTUs and advocated into Ubuntu's Universe archive.

In order to do this, you need to register as an uploader on the REVU system.

Register as a REVU uploader

You need:

In order to upload to REVU, you will need to be added to the REVU keyring. Be sure that you have a [https://launchpad.net Launchpad] account and that you have added your ["GPGKey"] to it. Then, ask [https://launchpad.net/people/ubuntu-universe-contributors/+join to be added to the Ubuntu Universe Contributors team]. Next, ask the REVU admins in #ubuntu-motu or at keyring@tiber.tauware.de to re-sync the REVU uploaders keyring, which grants you upload rights to REVU. It is a good idea to GetYourKeySigned, but it is not a requirement for using REVU.

Passwords

You don't need a password to upload packages, only to log in to the website and reply to comments.

Once you have uploaded a package to REVU, a password will be created for you. To get it, enter your e-mail address into the login box, leaving the password field blank, and click Login. Click Recover, and REVU will display an encrypted message with your password in it.

attachment:IconsPage/note.png Your GPG key needs to have an Elgamal secondary key in order to allow encrypting data as well as signing it. If you don't create an Elgamal key, you will be able to upload to REVU but not to recover your password, and hence, to login on the web interface.

Upload your packages

Uploading to REVU uses dput.

Since Ubuntu 6.06 LTS (Dapper Drake), dput is already configured for REVU uploads, with the [revu] entry. However, if are running an earlier version you can add the following entry to your /etc/dput.cf:

  [revu]
  fqdn = revu.tauware.de
  incoming = /incoming
  login = anonymous

If you are not an Ubuntu developer, you can set REVU as the default host for dput by modifying the [DEFAULT] section in dput.cf. This way, you don't need to specify what host to use when using dput to upload.

  default_host_main = revu

Building a package for upload

Uploads to REVU should only be signed source files, with the original tarball. Please do not upload unsigned source or binary packages.

Inside your package directory, issue

   debuild -S -sa

-S builds a source package, and -sa includes the original source. If your GPG key is not configured correctly, add -kGPGKEYID to the command line.

attachment:IconsPage/info.png You can addallow_unsigned_uploads = 0 to the [revu] stanza in dput.cf to enforce this.

Uploading it

debuild will output a package-version_source.changes file, which is uploaded with dput.

   dput package-version_source.changes

If your firewall requires passive FTP, dput may hang while uploading. In that case, try dput -P package-version_source.changes.

attachment:IconsPage/notepng If you haven't set REVU as the default host (as explained previously), you need to specify to dput that you wish to use it on the command line: dput revu *_source.changes. The default host is the Ubuntu official repository, and if you are not an Ubuntu developer, your upload to the Ubuntu repository will be rejected.

If you are reuploading a changed package (after receiving reviews), you may get an error like this:

  Upload package to host revu
  Already uploaded to tauware.de
  Doing nothing for myapp_source.changes

To fix, add the -f option to dput to force the upload.

Processing of uploads is done every 5 min. If your upload doesn't show up, please contact the REVU administrators by email (admin@tiber.tauware.de) or join the IRC channel #ubuntu-motu and talk to one of:

How to log in

After your first upload, you will be automatically registered to the database and assigned a random password. Use the email address you used in the changelog file of your upload as the login name, and press the 'recover password' link, so as to receive your password by email.

View and comment uploads

Packages uploaded to REVU are made public. You can browse them without logging in to the system. However, commenting uploads is only available to registered users. As an uploader, you can only comment on your own uploads. This can be useful to give reviewers some info on the changes you have made between two uploads of your packages.

Additional rules

(moved from UniverseCandidates)

  • you must have reviewed this package for known security vulnerabilities and provide patches for all of them
  • we can refuse the package on the grounds of known security problems and design
  • you must have included a copyright and license file, and those must allow inclusion of the package in the universe component and on mirrors
  • the package must be known to build on top of the main component of the current ubuntu stable release; it may require other packages already in universe

Getting help

If you need help on these steps or if you have more questions about REVU, you can ask on #ubuntu-motu on the Freenode network.

Contribute as Reviewer

Why contribute as Reviewer?

Do you have some experience in packaging and know policy well? Then you can help improving the packages uploaded to universe and guide packagers in doing so, by contributing as a reviewer on REVU.

Register as reviewer

What you need :

  • A ["GPGKey"]
  • Be a ["MOTU"]

Please send a signed and encrypted mail with your password and GnuPG keyid to keyring@tiber.tauware.de. We will mark you as Reviewer in the database.

Using REVU-Tools to review on REVU

See [:/REVU-Tools].

Feature Requests

please use [http://revu.tauware.de/cgi-bin/trac.cgi The revu-Development-Center] for feature requests and bug reports.


["CategoryMOTU"]

MOTU/Packages/REVU (last edited 2011-12-08 16:58:49 by static-50-53-26-176)