Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• tag2upload

Translations: English - Português (Brasil)

tag2upload allows DDs and DMs to upload simply by using the git-debpush script to push a signed git tag.

Currently, only maintainer uploads, of packages which are participating in our beta programme, are supported. Please refer to our announcement email for information on how to join the beta.

Be careful during the freeze: try it out on one or two packages first, or maybe try uploading to experimental first.

Important links

• git-debpush(1) - tag creation utility - the new way to upload

• https://tag2upload.debian.org - Service status front page, with stats, logs, etc.

• debian-tag2upload (at) lists.debian.org - mailing list receiving build logs, notices, etc. (not for discussion!)

• tag2upload(5) - specification for the tag format

Not supported

• Uploads to NEW (even if only binary-NEW), because for those ftp.d.o currently demands maintainer-generated binaries.

• Uploads to security-master. This is difficult: 862105.

• With a new upstream version, tag2upload will generate a fresh orig tarball with git archive (via git-deborig). This is OK, but it may surprise some users of pristine-tar. 1106071.

Setup instructions

Before using git-debpush, it is presently necessary to configure salsa to notify the tag2upload service when you push a tag, so that the service knows to fetch the tag and process your upload. (We expect this step to become unnecessary at some point.)

In your Project on gitlab, under Settings, open the Webhooks configuration. Use "Add new webhook" and add a webhook as follows (settings that aren't the default are shown here in bold):

• URL: https://webhook.tag2upload.debian.org/hook/gitlab

• Show full url

• Name: tag2upload

• Description: blank
• Secret token: blank

• Trigger: Tag push events selected, all others unselected

• Custom webhook template: blank
• SSL verification: enabled

Screenshot of the setup

When you have created the webhook, you can run a test, from the "Webhooks" configuration page. Select the tag2upload webhook, "Test" menu, "Tag push events". You should see a report like this at the top of the page: Hook executed successfully but returned HTTP 400 error: misconfigured (or malfunctioning) web hook: message field is missing. (This can happen if the gitlab UI "Test" feature is used - in which case this message indicates the hook seems like it might be properly configured.)

Unfortunately it is currently necessary to set this up once per Project.

If you have done things in the wrong order, you can cause salsa to send the webhook afresh by deleting the tag from the repository and immediately re-pushing it (with git-push - don't re-run git-debpush).

Uploading

Use the git-debpush(1) program.

This replaces the whole upload flow (except, if you're using gbp pq you must gbp pq export). NB git debpush immediately and unconditionally initiates the upload, so you should already have run all your tests and lints (eg, Salsa CI).

You need git-debpush version 11.11 or later (available in Debian trixie and bookworm-backports). (The version in bookworm-updates should also work.)

Monitoring and outputs

Your upload should result in an email to you, CC the debian-tag2upload list; if successful it will show up in dgit fetch and on https://browse.dgit.debian.org (even before it has been ACCEPTed by the ftp archive). Note that sponsees don't get mail from tag2upload, but only from dak; tag2upload wants to feed back to the signer, not the Changed-By.

The tag2upload service page can show you the service's current and recent activity.

debian-tag2upload@lists.debian.org is a fully-functional mailing list which accepts subscriptions and distributes and archives mail, but the web view for the list and its archives is currently broken. While listmaster figures that out, if you are a DD and need to access the archives, they're available in the usual place on master.debian.org.

Under Edit in the gitlab UI for a webhook, you can see a log of the requests gitlab thinks it's made.

(If the webhook is configured, every tag will be notified to the tag2upload service. However, tags that don't look enough like tag2upload tags are ignored - you can see such tag webhook requests in the gitlab web UI, but they will not show up on the tag2upload service pages. The gitlab web UI will show the "not for us" message sent by the tag2upload service in response to the webhook.)

Web service informational API

Each of the web pages under https://tag2upload.debian.org is also available in an un-rendered JSON form. Simply send an Accept: application/json header. This is a read-only view.

The JSON schema is undocumented and unstable. But, hopefully this will be helpful. If you are using this feature, please contact us so we can try to avoid breaking your code.

Reporting problems, feedback

If something seems wrong, please don't hesitate to file a bug.

• You may file bugs against git-depush, even for problems with the service rather than the tag utility.

• We don't mind duplicate bugs: we can always merge them if necessary.
• Reports about poor user experience are also welcome.

• For example, if git-depush failed to spot a mistake it could have caught, or gave a poor error message, we want to know.

• Please don't file tickets in Salsa. We prefer bugs in the Bug Tracking System.
• Don't write to the debian-tag2upload@lists mailing list - that's for robots only.
• If you would like to email us privately, use dgit-owner at debian.org

• You may have some luck with IRC. We are Diziet and spwhitton on OFTC. E.g., tag us in #debian-devel.

When filing a bug, please provide, if available:

• A URL for the git tree (your Salsa repo)

• The precise commit that you were on when you ran git debpush. (If it's not already public, push it somewhere.)

• The jobid from the tag2upload service web page

• Any error messages you received

• The git-debpush invocation you used. (Shell session transcript is ideal.)

• Any REJECT mail you received from ftpmaster systems.

And, consider providing:

• The tag object, if a tag was produced but not pushed. You can get a copy from git cat-file tag debian/NNNN.

• Copies of automated emails you received (tag2upload service, "Debian queue daemon", ftpmaster systems). Use your judgement about which to forward. The messages from the tag2upload service are likely to be relevant.

• The webhook outcome as visible in the Salsa web UI. We'll want this if it seems like the service didn't receive, or misinterpreted, the webhook. To see this in the Salsa web UI you have to pretend to be about to edit the tag.

Credits

tag2upload was designed and implemented by Ian Jackson and Sean Whitton.

Russ Allbery did a security review, and his steadfast support was invaluable.

Thanks also to the many other people who gave practical, political, and moral support, including: Aigars Mahinovs; Alexander Wirt; Andrea Pappacoda; Aníbal Monsalve Salazar; Clare Boothby; Daniel Gröber; Didier 'OdyX' Raboud; intrigeri; Jacob Nevins; Jonathan McDowell; Ke Zhang; Marco d'Itri; Matthew Vernon; Matthias Urlichs; Nilesh Patra; Philip Hands; Sam Hartman; Simon Josefsson; Timo Röhling; Xiyue Deng.

CategoryDeveloper CategoryPackaging