Join the package collection maintainers

From FedoraProject

Revision as of 21:29, 4 May 2010 by Fcami (Talk | contribs)

Jump to: navigation, search


Contributing roles

Contributing roles
These are only suggestions for contributing roles. Only your imagination sets the limits.

Join OSDeveloper.png
OS Developer

How to join the Fedora Package Collection Maintainers?


So, you have decided to become a package maintainer in the Fedora Project? This guide will lead you through your first package submission.

Becoming a Fedora Package Collection Maintainer

Read the Guidelines

If you don't know how to create an RPM package, refer to the tutorial at A Short RPM Tutorial or the more advanced and much more detailed how to create an RPM package.

Read the Packaging Guidelines and Package Naming Guidelines .

You need to be thoroughly familiar with these. They govern all package submissions. If you have questions, ask on the Fedora Packaging List .

Create a Bugzilla Account

Make sure you have an account in Red Hat Bugzilla .

The email address that you use for your bugzilla account should be the same email address as you use in the Fedora Account System for all things related to Fedora Packaging.

Do not use your address
You should not use your email address in Bugzilla, because you will not get your bugzilla privileges once you are sponsored. If you want to use your address, you might try to request at the Fedora Infrastructure Ticket System for an administrator to manually override the bugzilla address connected with your Fedora Account.

Join the important Mailing Lists

You must join the fedora mailing list. It is a low traffic announcements only list, where important development information is posted.

You can join the fedora mailing list, where discussions about the development of Fedora are held. This is a high traffic mailing list.

You can also consider joining the mailing list -- The commits mailing list gets notifications on all commits in any package in the Fedora repository. This is a very high traffic mailing list. The Fedora package database sends commit mails for packages you (co-)maintain.

Another mailing list you might consider (at least to view the archives) is This is the mailing list of the Fedora Packaging Committee, who determine the official packaging guidelines for Fedora projects.

Verify that your review request is not a duplicate

Before filing a new review request, make sure that the software is not already in the Fedora repository or waiting for review

Search the Fedora package database for packages already in the repository - Search in the review queue -

Read Other Submissions

Read some other package submissions to learn about packaging and gain familiarity with the process and requirements.

One way of doing this is to join the mailing list ; all comments on Fedora package reviews are sent to this (read-only from your point of view) list.

Make a Package

You should make sure that it is a new package. The package you are submitting can be of any Free and open source project that is not already packaged in Fedora. You can find a list of existing packages in Fedora Package Collection in the Fedora Package Database. Please also check the in progress and unassigned Review Requests, giving the list of packages that need a review or are currently under review, as well as the retired package list.

Upload Your Package

Upload your SRPM and SPEC files onto the Internet somewhere. This can be anywhere accessible by a URL. If you have already got a Fedora Account then you can use your storage at for this.

Create Your Review Request

Fill out this form:

  • Before submitting your request, be sure there’s no a previous request for the same package.
  • Make sure that you put the name of the package (excluding version and release numbers) in the 'Review Summary' field, along with a very brief summary of what the package is.
  • Upload the spec file and SRPM to a public website. If you need hosting space, please make a note of it in your ticket submission and someone will take care of you. If you are a Fedora package maintainer already, you can make use of
  • Put a description of your package (usually, this can be the same thing as what you put in the spec %description) in the 'Review Description' field. Include the URLs to your SRPM and SPEC files. Also, explain that this is your first package and you need a sponsor.
Warning (medium size).png
Make sure that you mention in the 'Review Description' field that this is your first package, and you are seeking a sponsor. In Fedora Package Collection, all new contributors must be sponsored. Some potential sponsors will look at the FE-NEEDSPONSOR bug in bugzilla to find packages to review. You can add your package to this list by editing your review request bug and adding FE-NEEDSPONSOR in the 'Bug xyz blocks' field (where xyz is the bug number for your review request).

The review process is described in detail on the Package Review Process page.

Inform Upstream

Fedora as a project prefers to stay close to upstream. Inform the developers that you are packaging the software. You can do that by sending them a email introducing yourself and pointing out the review request. This sets up the stage for future conversations. They will usually advertise the fact that their software is now part of Fedora or might want to inform you of important bugs in the existing release, future roadmaps etc.

Watch for Feedback

Watch the Bugzilla report for your first package. You should get notifications of changes by email. Fix any blockers that the reviewer(s) point out.

Get a Fedora Account

Create an account in the Fedora Account System (this is not just a bugzilla account)

  1. Visit the account system home:
  2. Click on 'New account' and fill in the blanks.
  3. After you create your account, please be sure to sign the CLA (if you click on the "My Account" link in the top right, you should see CLA: CLA Done)
    Note: Red Hat employees should apply for cla_redhat instead. From the Account System, Apply for a New Group, put cla_redhat in the group field, and click Apply. Then ask TomCallaway to approve you.

Install the Client Tools (Koji)

To build Packages for the Fedora Collection or EPEL, you need Koji. You'll also need to generate a client side certificate at the Fedora Account System and save the file in ~/.fedora.cert, where the Fedora CVS makefiles will look for it by default.

Certificate Expiration
Your certificate will expire after 6 months. Then you have to request another one. Also everytime you request a new certificate, the old one is invalidated and cannot be used anymore.

The fedora-packager package provides tools to help you setup and work with fedora, therefore install it:

yum install fedora-packager

After installation run it as your user to setup your koji configuration:


Certificate update
You will have to rerun fedora-packager-setup everytime you update your Fedora certificate.

You can now use "koji" to try to build your RPM packages on platforms (e.g., PPC) or distributions you don't have. Note that you can test out builds ("scratch" builds) even when your package hasn't been approved and you don't have a sponsor. A simple way to do a scratch build using koji is to do this at the command line:

koji build --arch-override=PLATFORM --scratch TARGET path_to_source_RPM


  • TARGET is a distribution keyword such as dist-f9 (for Fedora 9). You can run "koji list-targets" to see all targets. To build for the next release (rawhide), don't use "dist-rawhide" - use "dist-fX" where X is one more than the latest stable release.
  • PLATFORM is a platform keyword such as i386 (32-bit), x86_64, ppc, or ppc64. You can omit --arch-override=PLATFORM, in which case koji will do test builds on all the architectures the spec file says the package supports.
  • Note that you need to supply the path to the source RPM (which ends in .src.rpm), and not a URL. (If you only have the spec file, use rpmbuild --nodeps -bs SPECFILE to create the new source RPM).

Your koji builds can only depend on packages that are actually in the TARGET distribution repository. Thus, you can't use koji to build for released distributions if your package depends on other new packages that Bodhi hasn't released yet. You can use koji to build for rawhide (the next unreleased version), even if it depends on other new packages, as long as the other packages were built in the CVS "devel" section as described below. If you need to build against a package that is not yet a stable released update, you can file a ticket with rel-eng at: and request that that package be added as a buildroot override. For packages in EPEL, you have to use the component epel to get the request to the right persons.

You can learn more about koji via:

koji --help            # General help
koji --help-commands   # list of koji commands
koji COMMAND --help    # help on command COMMAND

PackageMaintainers/UsingKoji has more information about using Koji.

Get Sponsored

When the package is APPROVED by the reviewer, you must separately obtain member sponsorship in order to check in and build your package. Sponsorship is not automatic and may require that you further participate in other ways in order to demonstrate your understanding of the packaging guidelines. Key to becoming sponsored is to convince an existing sponsor-level member that you understand and follow the project's guidelines and processes.

See how to get sponsored into the packager group for more information on the process of becoming sponsored.

Warning (medium size).png
Review and approval for the first package for new packagers must be done by registered sponsors. Subsequent reviews can be done by any package maintainer. Informal reviews can always be done by anyone interested.

Your sponsor can add you to the packager group. You should receive email confirmation of your sponsorship.

Add Package to CVS and Set Owner

Follow CVSAdminProcedure to get a CVS module for your new package and branches for recent releases.

This will be used to set up the proper records in the owners database, which is used for access to build the package, bugzilla population, and other features. This step creates a CVS module for your new package, with empty directories for each requested distribution.

Check out the module

You could check out your module now, but before doing that, consider doing "mkdir ~/cvs ; cd ~/cvs" - that way, all your files are inside that. Also, run ssh-add, so that you won't have to keep typing in your key password.

Running ssh-add before doing any cvs operations is a very good idea. It will save you from having to type your key password for every operation. You only have to run ssh-add once per session, it will remember it until you log out or reboot. If "ssh-add" reports "Could not open a connection to your authentication agent.", start a new shell under it using "exec ssh-agent bash".

Now you are ready to checkout your module from CVS:

 fedora-cvs <packagename>

Where <packagename> should be replaced with the name of your package.

You should now have a directory named after your package with a directory for each branch inside of it.

Stop (medium size).png
If this step fails, be sure your private ssh key (~/.ssh/id_rsa) mode is set to 0400. You might have to wait for up to an hour after your request for a new CVS module has been approved to get write access. Make sure your public key is the same as in the Fedora Accounts System (FAS). Key propagation may take an hour or so after uploading into FAS

You can use fedora-cvs with many modules at the same time. To checkout from cvs run fedora-cvs {module names seperated by spaces}, for example:

fedora-cvs konversation mysql-gui-tools snort

Import Your Package

Now that you've checked out your (empty) package module with fedora-cvs, cd into the module:


Run the common/ script, to import the contents of the SRPM into CVS:

./common/ PATH_TO_SRPM

Obviously, replace PATH_TO_SRPM with the full path (not URL) to your approved SRPM.

This imports into only the devel branch. You will probably also want to do additional imports using the -b parameter, which will import the package into other distribution branches like F-9, e.g.:

 ./common/ -b F-9 PATH_TO_SRPM

The program will respond with:

Checking out module: 'NAME'

You may see errors like this several times, these can be ignored:

buffer_get_ret: trying to get more bytes 129 than in buffer 34
buffer_get_string_ret: buffer_get failed
buffer_get_bignum2_ret: invalid bignum
key_from_blob: can't read rsa key
key_read: key_from_blob AA....  failed

But among them you should see:

Unpacking source package: NAME....src.rpm...

Along with a list of the source files in the source package, followed by checking and uploading of the files.

Then, you'll see "If you want to make any changes before committing, please press Ctrl-C. Otherwise press Enter to proceed to commit." Press Enter.

Finally (if you haven't set up an other editor) vi will open up to let you edit the CVS changelog. For the changelog, use the same format as the end of the .spec file. If you haven't used vi yet, after entering your changelog press 'Enter' and type


and press 'Enter' again to finish the import.

Tag Or Update Your Branches

Branches are F-# (formerly FC-#), devel, etc. So F-9 is the branch for Fedora 9.

Before a branch can be built in the Fedora Package build system, the files in that branch must be tagged in CVS.

The "import" command, described above, automatically tags the files. However, your local directory may not have exactly the right versions of the files, so go into the branch directory (e.g. cd devel/ or cd F-9/) and run:

 cvs up

The "import" script automatically tags the files. However, if you imported your files "by hand" or you're doing a release bump after a final build failure, instead of using the "import" script, then you need to tag it yourself. To tag it yourself, when you're happy with the source, go into the branch directory (e.g. cd devel/) and run:

 make tag

You should see it tag the branch with the version and release from the SPEC file. You need to tag all of the branches that you want to build.

Request Builds

For each tagged branch that you'd like to request a build for, go into the branch directory (e.g. cd devel/) and run:

make build
Warning (medium size).png
Be sure that you build for rawhide before pushing updates for any other branches! Otherwise, those updates will get inherited into rawhide, which is almost certainly not what you want.
Warning (medium size).png
Sync to buildsys is an hourly thing. So, sometimes you might have to wait for an hour to get access of the build server to give "make build"

If everything goes well, it should queue up your branch for building, the package will cleanly build, and you're done!

If it fails to build, the build system will send you an email to report the failure and show you to the logs. Commit any needed changes to cvs, bump the SPEC release number, retag the branch, and request a new build.

Submit Package as Update in Bodhi

The Fedora update system called Bodhi is used for pushing updates, classifying packages etc. Do not submit "devel" (aka rawhide) packages via bodhi.

At one time you could push an update using Bodhi via the command line using:

make update

Now, if you want to use the command line, use the "bodhi" command as described in the Bodhi Guide.

You can also use the Web interface for Bodhi to request enhancement updates for each released Fedora you are bringing a new package to.

The first field asks for the name of the "Package". This field will auto-complete the package name found in the Koji build system, e.g. <package-name>-<version>-<release>.fc9. If completion doesn't work, just enter the package build name yourself.

For new packages, choose "newpackage" as the "type" of update.

Put the "Request" as "testing" if you want to put the package through testing first, see Fedora Quality Assurance . Put "stable" if you want to push the package directly to stable.

Put the bug number of the package's Review Request in the "Bugs" field blank. Bodhi will automatically close it as NEXTRELEASE when it gets pushed to the requested update status.

For new packages, add a copy of the package's description in the "Notes" section, so end users will know what the package is.

Here is the Bodhi Guide and more information on Bodhi .

After you have submitted an upgrade through bodhi, your package is placed in a queue. Periodically, an administrator will check the queue and push all of the packages into the appropriate repositories.

Make the package available in "comps" files

If appropriate for the package, make it available in "comps" files so that it can be selected during installation and included in yum's package group operations. See PackageMaintainers/CompsXml for more info.

Watch for updates

Fedora has infrastructure available for monitoring new upstream releases of the software you are packaging. Refer to Upstream Release Monitoring for more details. Learn to handle updates by reading the Package update HOWTO

Getting Help

We know that this process can be as clear as mud sometimes, and we're always trying to make it better. If you run into any problems, or have any questions, please ask on the mailing list or in #fedora-devel on freenode . See the Communicate page for details.

The Fedora Mentors Project has people willing to help new contributors in their packaging efforts. See the Mentors page for more information.

See also the CVS FAQ

Getting a new package into Fedora Package Collection for existing maintainers

If you already maintain a package in Fedora and want to maintain another, follow the new package process for existing contributors .