Bug 1558 - Easier way to upload deb files to extras repository.
: Easier way to upload deb files to extras repository.
Product: maemo.org Website
: unspecified
: All All
: Low enhancement (vote)
: 4.1.2
Assigned To: Niels Breet
  Show dependency tree
Reported: 2007-06-18 22:53 UTC by Urho Konttori
Modified: 2008-09-29 16:02 UTC (History)
6 users (show)

See Also:



You need to log in before you can comment on or make changes to this bug.

Description Urho Konttori (reporter) 2007-06-18 22:53:38 UTC
Current steps on how to get your application to extras repository are described

It is a very complex process and takes a lot of time (especially on the first
upload). I would rather put up my own repo than to follow the current steps of
uploading a file there. And I think quite many people feel the same, which
results in unnecessarily many repositories.

Comparing this to the downloads maemo downloads upload form:
Here is an example image of it:

It would make sense to allow the maemo downloads upload form to also accept
pure debians. It could then copy those to the extras repository (maybe
moderated step) and even create the install file for the user automatically, as
it is basically just normal extras repo .install file with added application
filename (equals total of four lines of code). Hopefully this would result in
more use of the extras repo.

It would also be a nice clean one step process to launch a new version of an
app. One place to go. One form to fill. Simple.
Comment 1 Kees Jongenburger 2007-06-18 23:09:05 UTC
I think this approach will be to messy, specially when the uploaded file are
other people might start using the libs as dependency and there we have a big
problem. ".deb" without sources.

I would suggest to use a tool like the oe/mud-builder to create recipes
and let "core" maintainer build binaries/do QA.
Comment 2 Urho Konttori (reporter) 2007-06-18 23:19:20 UTC
Libraries do not need to be uploaded that way if they are too complex. They
could follow the current route. 

But for normal apps, the web upload method would be much easier. If the
application needs to contain sources, then maybe the upload file should be a
capsulated zip with sources in one dir and the application at root level deb.
Comment 3 Quim Gil nokia 2007-06-19 06:54:14 UTC
Added to http://maemo.org/intro/roadmap.html (Wishlist - Development). It would
be good to i.e. create a wiki page in order to keep an updated version of the
agreed request. We all agree on the problem but as far as I see there are
different ideas on how to solve it.
Comment 4 Tuomas Kulve 2007-06-19 07:32:02 UTC
I think the dput is nice and easy way to upload packages (with or without
sources) to repositories. It wouldn't hurt to have a web form too, but keep the
dput still.

I know it has been discussed somewhere, but I think a stable and unstable
repositories would be useful. Everybody could upload to unstable, but the
package should go through some procedure (e.g. community voting) to get to the
stable. This would include all updates (i.e. only stable major releases should
try to apply to stable). A stable release means that, in addition to stable
behaviour, it works with all other packages fluently.

The stable repository must be stable enough that I could add it to my non-tech
friend's tablet without him breaking it later with upgrades.
Comment 5 Kees Jongenburger 2007-06-19 07:37:49 UTC
I backup Kulve on that but dput should work on non debian installs (from within
the sbox!!!)

We need to discuss this somewhere I don't know where. There is an other point
we discussed on irc:

When I upload a new package I usually don't know on what platforms it will run
I am not sure the packaging is 100% oke (perhaps I am missing some deps>).
I guess that I want users to test. The basic flow for me would be to assume the
package is working (add it to all the repos) and based on feedback disable
packages. BTW I would create different packages for the different platforms...

the question how can we handle this flow

1)bleeding edge testing repo
2)make it possible to remove package from the repo's (bad idea??)
Comment 6 Henri Bergius 2007-08-24 15:59:26 UTC
Moving to repositories component.
Comment 7 Urho Konttori (reporter) 2007-08-24 16:23:02 UTC
One reason for the web form is for example that I haven't found any dput nor
debsign -componets for OSX. If there are such, please let me know.

Of course, the natural question is: why develop on OSX in the first place?
Well, it's really easy to do python development on osx or windows and at the
moment, the only thing that would REQUIRE linux is to have access to the dput
and debsign commands. 

Considering that the current email that I got from garage instructing upload to
extras repo admits that the process looks complicated, would it not make sense
to also allow an easier way to upload to extras for the newbies?
Comment 8 Vladislav Grinchenko 2008-01-21 19:06:54 UTC
I concur with the sentiment expressed here that we need either

1) a platform-independent way to upload packages, or
2) sign/upload functionality built into SDK.

I guess 2) would be harder because PGP/ssh keys a stored in the home directory
of the host user account. But, perhaps, manually copying them to SDK directory
will do the trick. I have just filed another upload bug #2813 regarding the
same issues. This is very frustrating. My hope is that we can somehow solve
this problem working together.
Comment 9 Kees Jongenburger 2008-01-21 20:53:09 UTC
Hello 3rdshift

at least you have managed to upload from a non debian distro.
Makeing that possible again would be just fine by me!
Comment 10 Niels Breet maemo.org 2008-04-28 13:05:58 UTC
There now is an assistant[1] that helps a new developer with requesting upload
rights and a way to upload (via browser) properly signed source packages to the

The assistant checks if the file are signed properly and if their md5sums

The assistant is still very basic and improvement ideas are welcome.

We still need to work out how we can help users with signing of packages. I
don't like the idea of uploading the private key to the webinterface. Any

[1] https://garage.maemo.org/extras-assistant/index.php
Comment 11 Urho Konttori (reporter) 2008-05-02 14:23:23 UTC
Do we need to even sign the packages? If Nokia has the trace of who uploaded
and what, there could be a generic key to make the signature if it's uploaded
from a web form. This would make it so easy for the 'smalltime' developers such
as me. I've quite sure we would be getting a lot more packages to the extras if
the upload was as easy as using a web form. I don't mean replace the current
one, but just add another alternative to uploading to the repo.
Comment 12 BenoƮt HERVIER 2008-05-30 18:26:59 UTC
You can also use PyPackager to build your package and upload it directly from
your tablet to extras or extras-devel.

Comment 13 Quim Gil nokia 2008-07-19 15:38:31 UTC
We have a whole new process for uploading packages to extras.

Solved? Fixed? Obsolete?
Comment 14 Ryan Abel maemo.org 2008-07-19 23:22:12 UTC
(In reply to comment #13)
> We have a whole new process for uploading packages to extras.
> Solved? Fixed? Obsolete?

This one seems fixed, Niels may want to wait until everything is completely
up-to-speed, though.
Comment 15 Quim Gil nokia 2008-07-20 00:35:05 UTC
Proposing fixed with 4.1+ milestone.
Comment 16 Urho Konttori (reporter) 2008-07-25 11:55:22 UTC
If you are suggesting that the assistant in here:

makes it any easier that it has been before, well, it doesn't. 

Khertans tool would actually make it easier if it had the debsigning and
uploading in place. 

I still do not have debsign -k<key_id> <package>.changes
in windows or osx. I need to use linux to do it. When I have the debsigned
file, the upload is just one more command on the command line. The hard part
for example for people who have made themes with theme maker is getting the
thing signed. What I would appreciate is that maemo.org would also support
maemo.org hosted (and generated) keys. Then the current web tool could just
accept any debian package sign it and upload it to the extras. User has anyway
been authenticated with the username/password, so doing the signing server side
is not that much more to do. 

Anyway, just my 2 cents. 

I'll talk to khertan to get a better upload support to the pypackager (or
perhaps make an debian upload tool to maemo to go alongside it). I think it's
going to be easier for all of us. 

Resolving as fixed.