1 | This hierarchy contains Debian/Ubuntu-specific materials, also known |
---|
2 | as "Debathena". The contents are: |
---|
3 | |
---|
4 | * debathena - Debathena-specific software packages such as PAM and NSS |
---|
5 | modules. |
---|
6 | |
---|
7 | * config - Packages for configuring native system software in a manner |
---|
8 | appropriate for Athena. |
---|
9 | |
---|
10 | * meta - Packages which contain nothing but dependencies on other |
---|
11 | packages and serve as an installation convenience. |
---|
12 | |
---|
13 | * scripts - Build scripts and supporting materials. |
---|
14 | |
---|
15 | Debathena is a SIPB project, and its infrastructure and procedures |
---|
16 | will need to be adapted for Athena 10. For the moment this file will |
---|
17 | document the Debathena procedures as they are, not as they will be. |
---|
18 | The current procedures do not even use this svn repository yet. |
---|
19 | |
---|
20 | Debian software used by Debathena: |
---|
21 | |
---|
22 | * schroot - Used to manage build chroot environments for each |
---|
23 | Debian/Ubuntu version. We use the lvm-snapshot schroot type, |
---|
24 | which allows rapid construction of ephemeral copies of template |
---|
25 | "source" chroots, so that every binary package build is done in a |
---|
26 | clean environment. |
---|
27 | |
---|
28 | * debuild - Used to create Debian source packages from package |
---|
29 | source directories. |
---|
30 | |
---|
31 | * sbuild - Used to build binary packages from source packages inside |
---|
32 | schroot environments. |
---|
33 | |
---|
34 | * equivs - Used to create packages which only contain dependency |
---|
35 | information. Somewhat of a dirty hack, since it doesn't keep |
---|
36 | proper changelogs, but it reduces overhead. |
---|
37 | |
---|
38 | * CDBS (Common Debian Build System) - Referenced by debian/rules |
---|
39 | files in packages. Contains standard build rules to cut down on |
---|
40 | per-package boilerplate. |
---|
41 | |
---|
42 | * reprepro - Used to upload packages into the apt repositories. |
---|
43 | |
---|
44 | * approx - Used to create a local cache of Debian packages on the |
---|
45 | build server. This cache is referenced by the build chroots for |
---|
46 | improved performance. |
---|
47 | |
---|
48 | The remainder of this file documents procedures useful to Athena 10 |
---|
49 | developers and the release engineer. |
---|
50 | |
---|
51 | Developers: Preferences setup |
---|
52 | ----------------------------- |
---|
53 | |
---|
54 | You will probably want a $HOME/.devscripts file containing the |
---|
55 | following: |
---|
56 | |
---|
57 | DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn" |
---|
58 | |
---|
59 | This will save you from having to specify those options every time you |
---|
60 | run debuild. Athena 10 scripts do not assume the above preferences, |
---|
61 | but the instructions in this file do. The options mean: |
---|
62 | |
---|
63 | * Look for original source as a tarfile or create one. |
---|
64 | * Do not sign the source package. |
---|
65 | * Do not sign the changes file. |
---|
66 | * Ignore common version control metadata files when creating diffs. |
---|
67 | * Ignore .svn paths when creating tarballs. |
---|
68 | |
---|
69 | You will also want a $HOME/.sbuildrc file containing the following: |
---|
70 | |
---|
71 | $nolog = 1; |
---|
72 | $mailto = 'yourusername'; |
---|
73 | $log_dir = '/tmp/sbuild-logs'; |
---|
74 | $maintainer_name = 'Debian-Athena Project <debathena@mit.edu>'; |
---|
75 | $force_orig_source = 1; |
---|
76 | $sbuild_mode = "user"; |
---|
77 | 1; |
---|
78 | |
---|
79 | You should also set the environment variable DEBATHENA_APT to |
---|
80 | "/afs/dev.mit.edu/system/athena10/apt". |
---|
81 | |
---|
82 | Developers: Preparing a change |
---|
83 | ------------------------------ |
---|
84 | |
---|
85 | To prepare a change to a regular package (a source tree containing a |
---|
86 | debian/ subdir), make the edits in a checkout and record a changelog |
---|
87 | entry. You can either edit debian/changelog using emacs changelog |
---|
88 | mode (C-c C-v to add a new version entry, C-c C-a to add a change |
---|
89 | entry, C-c C-f to finalize the entry) or you can run "dadch". |
---|
90 | |
---|
91 | When creating a new version entry, bump the upstream version number |
---|
92 | (to 10.0.0 if it was not already that high) if you are changing the |
---|
93 | main package source. Otherwise, just bump the Debian version |
---|
94 | component (change 0debathena1 to 0debathena2, for instance). |
---|
95 | |
---|
96 | Developers: Building a package for test purposes on one platform |
---|
97 | ---------------------------------------------------------------- |
---|
98 | |
---|
99 | After you have prepared a change, you will want to test that it builds |
---|
100 | and perhaps that it works before committing it. First, if it is an |
---|
101 | Athena source directory using autoconf, run "daconfiscate" to set up |
---|
102 | the autoconf boilerplate which we don't check in. Second, run |
---|
103 | "daorig" to copy or create an orig tarball in the parent directory if |
---|
104 | necessary. Third, run "debuild". The resulting package will be |
---|
105 | placed in the parent directory. |
---|
106 | |
---|
107 | In order to test if the package works, you can install it with "dpkg |
---|
108 | -i filename.deb". |
---|
109 | |
---|
110 | Developers: Building a package for test purposes on all platforms |
---|
111 | ----------------------------------------------------------------- |
---|
112 | |
---|
113 | If the package you are working on interacts with the native OS in ways |
---|
114 | that might vary from platform to platform, you may want to do a test |
---|
115 | build for all platforms. You will need to do this on |
---|
116 | linux-build-10.mit.edu or another machine which has been set up with |
---|
117 | build schroots. |
---|
118 | |
---|
119 | As above, run daconfiscate (if necessary) and then daorig. Then run |
---|
120 | "debuild -S" to create a source package. Now cd into the parent |
---|
121 | directory and identify the .dsc file created by debuild -S; it will |
---|
122 | have a name like debathena-just_9.4.0-0debathena2.dsc. Run "da |
---|
123 | sbuildhack filename.dsc" to perform the package builds. Each build |
---|
124 | will take place inside an ephemeral chroot based on a snapshot of a |
---|
125 | template for a particular Debian or Ubuntu version. If a build fails |
---|
126 | and it's not obvious from the build log why, you may need to create |
---|
127 | your own ephemeral chroot session with a command like "schroot -c |
---|
128 | gutsy-amd64-sbuild /bin/sh" and then run debuild from within the |
---|
129 | package sources. |
---|
130 | |
---|
131 | If the build is successful, it will create a set of packages with |
---|
132 | names like debathena-just_9.4.0-0debathena2~ubuntu6.06_amd64.deb. |
---|
133 | |
---|
134 | Developers: Building an equivs package |
---|
135 | -------------------------------------- |
---|
136 | |
---|
137 | Most of the packages under debathena/meta are faked up using equivs. |
---|
138 | To build one, just run: |
---|
139 | |
---|
140 | equivs-build --full filename.equivs |
---|
141 | |
---|
142 | These equivs files make reference to ../common, so you must have a |
---|
143 | checkout of debathena/meta/common alongside the particular |
---|
144 | meta-package you are building. |
---|
145 | |
---|
146 | Developers: The meaning of metapackages |
---|
147 | --------------------------------------- |
---|
148 | |
---|
149 | If you are adding a new package to the repository, you will probably |
---|
150 | at some point want to add it to one of the metapackages so that it |
---|
151 | doesn't have to be installed by hand. Here are some descriptions |
---|
152 | which may help identify which metapackage is best: |
---|
153 | |
---|
154 | * locker: Provides access to Athena locker software--AFS and |
---|
155 | automounter configuration, locker-related utilities, etc. |
---|
156 | |
---|
157 | * clients: Provides clients (either locally-written, like athinfo and |
---|
158 | Discuss, or configurations) for Athena services, as well as |
---|
159 | Athena-specific utility programs like "jot". Configurations for |
---|
160 | graphical client software are generally in the workstation package |
---|
161 | instead, in order to make this package less intrusive. |
---|
162 | |
---|
163 | * standard: Implies locker and clients. Also provides Athena shell |
---|
164 | customizations and dotfiles. |
---|
165 | |
---|
166 | * login: Implies standard. Configurations to merge the MIT user |
---|
167 | namespace into the local machine namespace for the purpose of user |
---|
168 | lookups and authentication. |
---|
169 | |
---|
170 | * workstation: Implies login. Configurations for the graphical login |
---|
171 | system and graphical client software intended to provide a standard |
---|
172 | X login experience using Athena home directories. Still in |
---|
173 | development. |
---|
174 | |
---|
175 | * cluster-software: Provides a set of Debian packages common to |
---|
176 | cluster machines. The resulting software set is rather large, and |
---|
177 | thus may not be desirable to all workstation configurations. Only |
---|
178 | stock Debian packages belong in this metapackage; do not add |
---|
179 | other Debathena packages to it. |
---|
180 | |
---|
181 | * cluster: Implies workstation and cluster-software. Also contains |
---|
182 | configurations for self-maintenance of machines (unattended updates, |
---|
183 | cleanups between logins, etc.). Does not exist yet. |
---|
184 | |
---|
185 | * debian-dev: Intended for developers of the system itself; provides a |
---|
186 | set of Debian packages used by Debathena for development. |
---|
187 | |
---|
188 | For the most part a package should be listed in the "Depends:" line of |
---|
189 | a metapackage, but in some cases it is appropriate to hedge by using |
---|
190 | "Recommends:", which will cause aptitude to succeed even if the |
---|
191 | package is unavailable. For example, a package which doesn't exist in |
---|
192 | all Debian/Ubuntu suites or isn't free can be listed under |
---|
193 | "Recommends:" so that our metapackages still work in all environments. |
---|
194 | |
---|
195 | Release engineer: Bootstrapping the project infrastructure |
---|
196 | ---------------------------------------------------------- |
---|
197 | |
---|
198 | 1. Create the package repository (detailed instructions on this |
---|
199 | pending). Set the DEBATHENA_APT environment variable to point to |
---|
200 | the package repository. Put a copy of the debathena "scripts" |
---|
201 | subdir in your path. |
---|
202 | |
---|
203 | 2. Create the build area. |
---|
204 | |
---|
205 | 3. Build each equivs package under meta/ using "equivs-build --full |
---|
206 | *.equivs" and upload each with "daequivsupload *.changes". This |
---|
207 | has the side-effect of creating the basic structure of the |
---|
208 | package repository. |
---|
209 | |
---|
210 | 4. Set up the build server. The basic structure of the apt |
---|
211 | repository must work for make-chroot to succeed, so this must |
---|
212 | happen after step 3. |
---|
213 | |
---|
214 | 5. For each normal Debian package in dependency order, cd into its |
---|
215 | directory in the build area and run "da sbuildhack *.dsc" and |
---|
216 | "daupload-release *_source.changes". If the package contains |
---|
217 | only an "Architecture: all" binary package, pass the -A option to |
---|
218 | both commands. |
---|
219 | |
---|
220 | The all-packages script can generate an approximation of the |
---|
221 | package list in dependency order, but it doesn't work right yet, |
---|
222 | and ideally it would be possible to do several builds in parallel |
---|
223 | using a Makefile like the one in scripts/build-server/build-all. |
---|
224 | Improvements to this machinery are pending. |
---|
225 | |
---|
226 | 6. For each package under third, run "da ./debathenify-PKG source |
---|
227 | binary upload". Any created directories under third/openafs/meta |
---|
228 | should be chmodded 777 to work around a perl/AFS permissions |
---|
229 | issue with File::Temp; if this is not done, OpenAFS metapackage |
---|
230 | builds will fail for other users. |
---|
231 | |
---|
232 | Release engineer: Setting up a build server |
---|
233 | ------------------------------------------- |
---|
234 | |
---|
235 | 1. The build server must be installed with free space in an LVM |
---|
236 | volume group. The build chroots consume 2GB each. There is a |
---|
237 | known memory corruption issue with LVM snapshots in the kernel |
---|
238 | used in Ubuntu Gutsy (which is based on 2.6.22), so use a newer |
---|
239 | kernel such as the one in Ubuntu Hardy (based on 2.6.24) instead. |
---|
240 | |
---|
241 | 2. Install debathena-standard as per the the instructions in |
---|
242 | http://debathena.mit.edu/install. |
---|
243 | |
---|
244 | 3. apt-key add /afs/dev.mit.edu/system/athena10/apt/athena10-archive.asc |
---|
245 | |
---|
246 | 4. Install the packages listed in |
---|
247 | scripts/build-server/packages (using "aptitude install") |
---|
248 | |
---|
249 | 5. Install debathena-login, debathena-ssh-server, and |
---|
250 | debathena-build-depends (using "aptitude install"). |
---|
251 | |
---|
252 | (Depending on how recently debathena-build-depends was rebuilt, |
---|
253 | additional packages might need to be installed to satisfy the |
---|
254 | build-depends of newer packages. This can be taken care of later |
---|
255 | when an error occurs building a source package.) |
---|
256 | |
---|
257 | 6. Edit /etc/security/access.conf and add a first line: |
---|
258 | -:ALL EXCEPT root <developer usernames>:ALL |
---|
259 | |
---|
260 | 7. Edit /etc/pam.d/schroot, comment out "@include common-session", |
---|
261 | and add: |
---|
262 | |
---|
263 | # Basic pam_unix session module in place of common-session. |
---|
264 | session required pam_unix.so |
---|
265 | |
---|
266 | 8. Edit /etc/group and add the developers to the sbuild group. |
---|
267 | |
---|
268 | 9. Create /etc/passwd entries for each developer with "hesinfo |
---|
269 | username passwd >> /etc/passwd" and then run pwconv. |
---|
270 | |
---|
271 | (This is not necessary for the login system on the main root |
---|
272 | environment, but is for the chroot environments.) |
---|
273 | |
---|
274 | 10. Append to /etc/approx/approx.conf the contents of |
---|
275 | scripts/build-server/approx.conf.tail. |
---|
276 | Change the last line from http://debathena.mit.edu/apt to |
---|
277 | file:///afs/dev.mit.edu/system/athena10/apt |
---|
278 | Add "$interval 0" above the repository lines (only necessary if |
---|
279 | the version of approx as reported by "dpkg -l approx" is less |
---|
280 | than 3.0) |
---|
281 | Run: /etc/init.d/approx restart |
---|
282 | |
---|
283 | 11. Apply scripts/build-server/mount-defaults.patch. |
---|
284 | |
---|
285 | 12. For each supported DIST (see scripts/debian-versions.sh) run: |
---|
286 | |
---|
287 | VG=/dev/blah scripts/build-server/make-chroot DIST i386 |
---|
288 | VG=/dev/blah scripts/build-server/make-chroot DIST amd64 |
---|
289 | |
---|
290 | substituting the name of the volume group for blah. Omit the |
---|
291 | amd64 line if DIST is sarge. |
---|
292 | |
---|
293 | Example: VG=/dev/dink scripts/build-server/make-chroot gutsy i386 |
---|
294 | |
---|
295 | 13. Create a local account for builder with: |
---|
296 | |
---|
297 | adduser --uid 1047 --disabled-password builder |
---|
298 | |
---|
299 | Make the home directory mode 700. Install a |
---|
300 | daemon/linux-build-10.mit.edu keytab in the home directory as |
---|
301 | "keytab". Install a copy of the secret repository-signing key |
---|
302 | (athena10@mit.edu) in the home directory's keyring with |
---|
303 | something like: |
---|
304 | |
---|
305 | kinit builder |
---|
306 | gpg --export-secret-keys athena10@mit.edu | \ |
---|
307 | ssh -l builder machinename gpg --import |
---|
308 | |
---|
309 | Create a file named .sbuildrc in builder's homedir containing: |
---|
310 | |
---|
311 | $nolog = 1; |
---|
312 | $mailto = 'source-wash@mit.edu'; |
---|
313 | $log_dir = '/tmp/sbuild-logs'; |
---|
314 | $maintainer_name = 'Debian-Athena Project <debathena@mit.edu>'; |
---|
315 | $force_orig_source = 1; |
---|
316 | $sbuild_mode = "user"; |
---|
317 | 1; |
---|
318 | |
---|
319 | Create a file named .ssh/config in builder's homedir containing: |
---|
320 | |
---|
321 | Host svn.mit.edu |
---|
322 | User debuildsvn |
---|
323 | |
---|
324 | Add builder to the sbuild group in /etc/group. |
---|
325 | |
---|
326 | Copy scripts/build-server/autodebathenify to builder's homedir. |
---|
327 | Create a file named autodebathenify.config in builder's homedir |
---|
328 | containing: |
---|
329 | |
---|
330 | error_addr=source-wash@mit.edu |
---|
331 | scripts_dir=/afs/dev.mit.edu/source/src-svn/debathena/scripts |
---|
332 | build_dir=/afs/dev.mit.edu/project/release/10/build/third |
---|
333 | packages="cyrus-sasl2-mit evolution-data-server lprng openafs tcsh" |
---|
334 | export DEBATHENA_APT=/afs/dev.mit.edu/system/athena10/apt |
---|
335 | |
---|
336 | Copy scripts/build-server/autodebathenify.cron to builder's |
---|
337 | homedir and install it with "crontab autodebathenify.cron". |
---|
338 | |
---|
339 | In builder's homedir, append to .profile: |
---|
340 | |
---|
341 | PATH=${PATH}:/afs/dev.mit.edu/source/src-svn/debathena/scripts |
---|
342 | export DEBATHENA_APT=/afs/dev.mit.edu/system/athena10/apt |
---|
343 | |
---|
344 | and to .bashrc: |
---|
345 | |
---|
346 | bld=/afs/dev.mit.edu/project/release/10/build |
---|
347 | |
---|
348 | Release engineer: Removing a build chroot on the build server |
---|
349 | ------------------------------------------------------------- |
---|
350 | |
---|
351 | 1. Run VG=/dev/blah scripts/clean-schroots as root to make sure that |
---|
352 | the build chroot is not mounted, substituting the name of the |
---|
353 | volume group for blah. |
---|
354 | |
---|
355 | 2. Edit /etc/schroot/schroot.conf and delete the section |
---|
356 | corresponding to the chroot. |
---|
357 | |
---|
358 | 3. Run lvchange -an blah/chrootname |
---|
359 | substituting the name of the volume group for blah and the chroot |
---|
360 | name for chroot. Example: lvchange -an dink/gutsy-i386-sbuild |
---|
361 | |
---|
362 | 4. Run lvremove blah/chrootname |
---|
363 | |
---|
364 | Release engineer: Removing a dist from the apt repository |
---|
365 | --------------------------------------------------------- |
---|
366 | |
---|
367 | 1. Inside the apt repository, edit conf/distributions and remove the |
---|
368 | distribution section. |
---|
369 | |
---|
370 | 2. Run reprepro -Vb $DEBATHENA_APT --delete clearvanished |
---|
371 | |
---|
372 | Release engineer: Setting up a canonical build area |
---|
373 | --------------------------------------------------- |
---|
374 | |
---|
375 | 1. Create an empty directory and cd into it. The canonical build |
---|
376 | area lives in /afs/dev.mit.edu/project/release/10/build. |
---|
377 | |
---|
378 | 2. Run gen-packages to create the table of normal Debian packages. |
---|
379 | |
---|
380 | 3. Run dasource to create subdirs and source packages for each |
---|
381 | normal Debian package. |
---|
382 | |
---|
383 | 4. Create checkouts of the meta and third directories: |
---|
384 | |
---|
385 | svn co svn+ssh://svn.mit.edu/athena/trunk/debathena/meta |
---|
386 | svn co svn+ssh://svn.mit.edu/athena/trunk/debathena/third |
---|
387 | chmod 777 meta/* |
---|
388 | |
---|
389 | A couple of subdirectories of debathena/meta are normal Debian |
---|
390 | packages, so this will create redundant copies of those. Ignore |
---|
391 | them; they won't be used. |
---|
392 | |
---|
393 | Release engineer: Adding a new suite |
---|
394 | ------------------------------------ |
---|
395 | |
---|
396 | This process is rarely performed and the infrastructure for it is |
---|
397 | imperfect. Substitute the name of the new suite for "newdist" in all |
---|
398 | steps below. |
---|
399 | |
---|
400 | 1. Make sure the apt repository is up to date with respect to the |
---|
401 | source tree for the existing dists. |
---|
402 | |
---|
403 | 2. Add the new dist to scripts/debian-versions.sh. (It is not |
---|
404 | necessary to add the new dist to codes at this point, but it must |
---|
405 | be present in the gettag conditional.) |
---|
406 | |
---|
407 | 3. Create the new distribution in the apt repository's configuration |
---|
408 | file. Create the skeleton of the dist by installing at least one |
---|
409 | equivs package from meta/ with "reprepro -Vb $DEBATHENA_APT |
---|
410 | include newdistname file.changes". |
---|
411 | |
---|
412 | 4. On the build server, create a chroot for the new distribution as |
---|
413 | documented above. This may require downloading and installing a |
---|
414 | more recent version of the debootstrap package from the |
---|
415 | -backports dist corresponding to the build server's OS. |
---|
416 | |
---|
417 | 5. Set the DEBATHENA_BUILD_AREA environment variable to point to the |
---|
418 | build area. |
---|
419 | |
---|
420 | 6. Fire up screen. |
---|
421 | |
---|
422 | 7. mkdir $DEBATHENA_BUILD_AREA/stamps.newdist. |
---|
423 | |
---|
424 | 8. cd into a checkout of debathena/scripts/build-server/build-all. |
---|
425 | |
---|
426 | 9. Edit Makefile (and check in the edit) so that suite is the new |
---|
427 | distribution and psuite is the previously most recent Debian or |
---|
428 | Ubuntu distribution. |
---|
429 | |
---|
430 | 10. Run "make deps.mk". |
---|
431 | |
---|
432 | 11. Run "make -k all STAMPS=$DEBATHENA_BUILD_AREA/stamps.newdist". |
---|
433 | You can watch the builds happen in the other windows of the |
---|
434 | screen session. It's possible to do several builds at once with |
---|
435 | make -j N. |
---|
436 | |
---|
437 | 12. debathenify packages will fail out; they must be built by hand. |
---|
438 | When the build fails on one, cd into third/packagename in the |
---|
439 | build area and run "./debathenify newdist-amd64 -A source binary |
---|
440 | upload" and "./debathenify newdist-i386 binary upload". Then |
---|
441 | touch $DEBATHENA_BUILD_AREA/stamps.newdist/packagename.done" and |
---|
442 | restart the build. |
---|
443 | |
---|
444 | The newly created third/openafs/meta directories should be |
---|
445 | chmodded 777 to work around a perl/AFS permissions issue. |
---|
446 | |
---|
447 | Release engineer: apt repository HTTP server setup |
---|
448 | -------------------------------------------------- |
---|
449 | |
---|
450 | The apt repository server (athena10.mit.edu) is an ops virtual image |
---|
451 | with httpd and AFS installed. At the moment, the only customization |
---|
452 | is two changes to /etc/httpd/conf/httpd.conf: |
---|
453 | |
---|
454 | * The DocumentRoot is set to "/afs/dev.mit.edu/system/athena10". |
---|
455 | * The Directory entry for /var/html/www is also changed to |
---|
456 | "/afs/dev.mit.edu/system/athena10". |
---|