Chapter 9. Uploading the package

Table of Contents

9.1. Uploading to the Debian archive
9.2. Including orig.tar.gz for upload
9.3. Skipped uploads

The rewrite of this tutorial document with updated contents and more practical examples is available as Guide for Debian Maintainers. Please use this new tutorial as the primary tutorial document.

Debian now requires source-only uploads for normal upload. So this page is outdated.

Now that you have tested your new package thoroughly, you want to release it to a public archive to share it.

Once you become an official developer, [82] you can upload the package to the Debian archive. [83] You can do this manually, but it's easier to use the existing automated tools, like dupload(1) or dput(1). We'll describe how it's done with dupload. [84]

First you have to set up dupload's config file. You can either edit the system-wide /etc/dupload.conf file, or have your own ~/.dupload.conf file override the few things you want to change.

You can read the dupload.conf(5) manual page to understand what each of these options means.

The $default_host option determines which of the upload queues will be used by default. anonymous-ftp-master is the primary one, but it's possible that you will want to use another one. [85]

While connected to the Internet, you can upload your package as follows:

$ dupload gentoo_0.9.12-1_i386.changes

dupload checks that the SHA1/SHA256 file checksums match those listed in the .changes file. If they do not match, it will warn you to rebuild it as described in Section 6.1, “Complete (re)build” so it can be properly uploaded.

If you encounter an upload problem at ftp://ftp.upload.debian.org/pub/UploadQueue/, you can fix this by manually uploading a GPG-signed *.commands file to there with ftp. [86] For example, using hello.commands:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Uploader: Foo Bar <Foo.Bar@example.org>
Commands: 
 rm hello_1.0-1_i386.deb
 mv hello_1.0-1.dsx hello_1.0-1.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

[...]
-----END PGP SIGNATURE-----

When you first upload the package to the archive, you need to include the original orig.tar.gz source, too. If the Debian revision number of this package is neither 1 nor 0, you must provide the dpkg-buildpackage option -sa.

For the dpkg-buildpackage command:

$ dpkg-buildpackage -sa

For the debuild command:

$ debuild -sa

For the pdebuild command:

$ pdebuild --debbuildopts -sa

On the other hand, the -sd option will force the exclusion of the original orig.tar.gz source.

If you created multiple entries in debian/changelog by skipping uploads, you must create a proper *_.changes file that includes all changes since the last upload. This can be done by specifying the dpkg-buildpackage option -v with the version, e.g., 1.2.

For the dpkg-buildpackage command:

$ dpkg-buildpackage -v1.2

For the debuild command:

$ debuild -v1.2

For the pdebuild command:

$ pdebuild --debbuildopts "-v1.2"


[83] There are publicly accessible archives such as http://mentors.debian.net/ which work almost the same way as the Debian archive and provide an upload area for non-DDs. You can set up an equivalent archive by yourself using the tools listed at http://wiki.debian.org/HowToSetupADebianRepository. So this section is useful for non-DDs, too.

[84] The dput package seems to come with more features and to be becoming more popular than the dupload package. It uses the file /etc/dput for its global configuration and the file ~/.dput.cf for per-user configuration. It supports Ubuntu-related services out-of-the-box, too.

[86] See ftp://ftp.upload.debian.org/pub/UploadQueue/README. Alternatively, you can use the dcut command from the dput package.