Categories
Practical Packaging
Our open source L2TP library go-l2tp recently made its way into the package repositories for Fedora and Debian.
This post explores the process for making a package submission to the major distributions.
Why a new package?
We initially created go-l2tp to provide an easy way to create L2TP applications on Linux platforms.
As a proof of concept, we later forked NetworkManager-l2tp (nm-l2tp) and added support for kl2tpd to our fork. We felt the fork was a nice way to practically demonstrate how to make use of go-l2tp.
Fast forward nine months or so, and something unexpected happened.
The maintainer of nm-l2tp picked up some aspects of our forked version of the plugin, and made kl2tpd the default L2TP daemon where it is available. This was very exciting!
However, there was one major drawback. To use kl2tpd, people would need to build and install it themselves. For people already used to building Golang projects this may seem trivial, but for the typical end user it's a big barrier to entry.
Life would be very much simpler if kl2tpd could be simply installed using the normal distribution package management tools.
The main distributions
We had a challenge then: to make it easy for people to use kl2tpd with nm-l2tp if they so chose.
The most direct way to meet that challenge was to get a package for kl2tpd into distribution repositories. That way kl2tpd could be easily installed using distro package management tools.
To reach the most users possible we chose to target Debian and Fedora.
These distributions represent the most common packaging formats, and many other distributions derive from them.
Of course there are plenty of other distributions which derive from neither Debian nor Fedora. But it seems fair to say that packaging for Debian and Fedora would make kl2tpd accessible to the majority of Linux users.
Creating a package
Creating a package for Debian or Fedora means first becoming familiar with the underlying packaging technologies, which are the deb file format in the case of Debian, and rpm in the case of Fedora.
But to be honest, creating a package is relatively easy. You can find plenty of tutorials for both packaging systems online, and there's no point rehashing that here.
Suffice to say, from a technical perspective, creating .deb and .rpm packages for go-l2tp took relatively little time.
We just needed to get it into the packaging repository, so that people could actually start using it. How hard could that be?
Getting the package submitted
Although very different projects in many ways, Debian and Fedora are alike in that you can't submit a package into the distribution repositories without some checks and balances being satisfied.
Both projects have the concept of a trusted package maintainer who can freely make package commits and changes.
If you're not one of these trusted maintainers then you effectively need to get the backing of someone who is in order to get your package into the distribution.
Debian
Happily, Debian has a dedicated team of packagers who work with Golang projects. Their web pages were very helpful in getting up and running with the Debian packaging process.
After joining the Debian Go Packaging Team mailing list I got quick review feedback on my package and I was able to get it into acceptable shape for submission. Once the package was ready, a Debian Developer on the list offered to sponsor the package for upload.
Ultimately, it took just over a month from the creation of the initial bug to the upload of the go-l2tp package to the Debian FTP server.
The package was then available in Debian. To begin with it was just in the sid (unstable) distribution. It later filtered into testing and will enter stable over time.
Since my initial submission I've had to make a couple of updates to the Debian package.
The first was due to the Debian package continuous integration pipeline flagging up what turned out to be a kernel regression. The regression caused one of go-l2tp's unit tests to fail, which in turn caused a "failure to build from source" (FTBFS) issue in the CI/CD pipeline.
The second was due to a user report of a kl2tpd bug exposed by running against a specific L2TP peer: frustrating to have missed during development, but somewhat to be expected as more people have access to kl2tpd and run it in different environments.
In both cases, I prepared a package update, and asked on the mailing list for a Debian Developer to submit the update for upload to the package repository.
Fedora
The Fedora package submission was in some respects more difficult than the Debian one.
The process looked quite similar to Debian initially: I created a bug to ask for my package to be reviewed, and the review was conducted very quickly.
But I needed to get sponsorship to progress further, and the process stalled there.
The Fedora documentation suggested I open a ticket in the "package-sponsors" repository to request a sponsor, which I did.
After a month or so with no activity on the sponsorship ticket, I pinged my package reviewer on the review bug entry asking for advice on getting a sponsor. They made the good suggestion to try asking on the Fedora Matrix server.
After joining the server I was happy to see there was a Golang-specific room. Given my good experience with the Debian Go Packagers mailing list I hoped I'd found a similar forum for Fedora. Unfortunately, however, I tried several times over a period of a few weeks to request sponsorship there with no success.
I kept returning to the Fedora packaging effort as a side-task over time. I hoped the sponsorship ticket might get some input; and I tried directly contacting various sponsors with an interest in Golang. It wasn't easy to work out how to move forward.
Eventually, the NetworkManager-l2tp maintainer suggested a potential sponsor with an interest in VPN technologies. Happily they were good enough to agree to sponsor the package submission!
From there, everything progressed quickly, and the go-l2tp package was added to the Fedora 41 stable repository earlier this month, around nine months after the review bug was initially opened.
Although the Fedora process appears to be more long-winded than the Debian one, there are actually fewer internal steps in the process. I think if I'd had a sponsor lined up from the start the Fedora process would have been quicker.
Conclusions
Its exciting to have gotten to this stage. Having kl2tpd packaged for both Fedora and Debian will allow more people to make use of it with nm-l2tp, and perhaps for other uses too.
While the two distributions we targeted have very different tooling and approaches to submitting a new package, ultimately the process looks quite similar at a high level.
In both cases negotiating the process was more involved than the technical work of creating the package.
This makes sense. Both these distributions are very large projects with contributors around the globe, coordinated by diverse bug tracking systems, mailing lists, and instant messaging servers.
Figuring out the way through these mazes, irregardless of excellent documentation for both projects, was always going to be a bit of a challenge!
Although it took a little longer than I had anticipated to submit the go-l2tp packages upstream, the experience has been valuable.
I'm grateful to all the people who helped by providing reviews and sponsorship, as well as answering silly questions now and then. And I'm certain that next time things should go a lot more smoothly.