source: trunk/debathena/NOTES @ 23084

Revision 23084, 18.1 KB checked in by ghudson, 16 years ago (diff)
There is a perl/AFS permissions issue which can interfere with multiple users using the same build area. The workaround is to chmod directories 777 if perl's File::Temp will be used in that directory. dpkg-source and equivs-build are affected. We have automated the workaround for dasource, but are working around it manually for equivs-build. In NOTES, document where the manual workaround is necessary.
Line 
1This hierarchy contains Debian/Ubuntu-specific materials, also known
2as "Debathena".  The contents are:
3
4* debathena - Debathena-specific software packages such as PAM and NSS
5  modules.
6
7* config - Packages for configuring native system software in a manner
8  appropriate for Athena.
9
10* meta - Packages which contain nothing but dependencies on other
11  packages and serve as an installation convenience.
12
13* scripts - Build scripts and supporting materials.
14
15Debathena is a SIPB project, and its infrastructure and procedures
16will need to be adapted for Athena 10.  For the moment this file will
17document the Debathena procedures as they are, not as they will be.
18The current procedures do not even use this svn repository yet.
19
20Debian software used by Debathena:
21
22  * schroot - Used to manage build chroot environments for each
23    Debian/Ubuntu version.  We use the lvm-snapshot schroot type,
24    which allows rapid construction of ephemeral copies of template
25    "source" chroots, so that every binary package build is done in a
26    clean environment.
27
28  * debuild - Used to create Debian source packages from package
29    source directories.
30
31  * sbuild - Used to build binary packages from source packages inside
32    schroot environments.
33
34  * equivs - Used to create packages which only contain dependency
35    information.  Somewhat of a dirty hack, since it doesn't keep
36    proper changelogs, but it reduces overhead.
37
38  * CDBS (Common Debian Build System) - Referenced by debian/rules
39    files in packages.  Contains standard build rules to cut down on
40    per-package boilerplate.
41
42  * reprepro - Used to upload packages into the apt repositories.
43
44  * approx - Used to create a local cache of Debian packages on the
45    build server.  This cache is referenced by the build chroots for
46    improved performance.
47
48The remainder of this file documents procedures useful to Athena 10
49developers and the release engineer.
50
51Developers: Preferences setup
52-----------------------------
53
54You will probably want a $HOME/.devscripts file containing the
55following:
56
57DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn"
58
59This will save you from having to specify those options every time you
60run debuild.  Athena 10 scripts do not assume the above preferences,
61but the instructions in this file do.  The options mean:
62
63  * Look for original source as a tarfile or create one.
64  * Do not sign the source package.
65  * Do not sign the changes file.
66  * Ignore common version control metadata files when creating diffs.
67  * Ignore .svn paths when creating tarballs.
68
69You will also want a $HOME/.sbuildrc file containing the following:
70
71  $nolog = 1;
72  $mailto = 'yourusername';
73  $log_dir = '/tmp/sbuild-logs';
74  $maintainer_name = 'Debian-Athena Project <debathena@mit.edu>';
75  $force_orig_source = 1;
76  $sbuild_mode = "user";
77  1;
78
79You should also set the environment variable DEBATHENA_APT to
80"/afs/dev.mit.edu/system/athena10/apt".
81
82Developers: Preparing a change
83------------------------------
84
85To prepare a change to a regular package (a source tree containing a
86debian/ subdir), make the edits in a checkout and record a changelog
87entry.  You can either edit debian/changelog using emacs changelog
88mode (C-c C-v to add a new version entry, C-c C-a to add a change
89entry, C-c C-f to finalize the entry) or you can run "dadch".
90
91When creating a new version entry, bump the upstream version number
92(to 10.0.0 if it was not already that high) if you are changing the
93main package source.  Otherwise, just bump the Debian version
94component (change 0debathena1 to 0debathena2, for instance).
95
96Developers: Building a package for test purposes on one platform
97----------------------------------------------------------------
98
99After you have prepared a change, you will want to test that it builds
100and perhaps that it works before committing it.  First, if it is an
101Athena source directory using autoconf, run "daconfiscate" to set up
102the autoconf boilerplate which we don't check in.  Second, run
103"daorig" to copy or create an orig tarball in the parent directory if
104necessary.  Third, run "debuild".  The resulting package will be
105placed in the parent directory.
106
107In order to test if the package works, you can install it with "dpkg
108-i filename.deb".
109
110Developers: Building a package for test purposes on all platforms
111-----------------------------------------------------------------
112
113If the package you are working on interacts with the native OS in ways
114that might vary from platform to platform, you may want to do a test
115build for all platforms.  You will need to do this on
116linux-build-10.mit.edu or another machine which has been set up with
117build schroots.
118
119As above, run daconfiscate (if necessary) and then daorig.  Then run
120"debuild -S" to create a source package.  Now cd into the parent
121directory and identify the .dsc file created by debuild -S; it will
122have a name like debathena-just_9.4.0-0debathena2.dsc.  Run "da
123sbuildhack filename.dsc" to perform the package builds.  Each build
124will take place inside an ephemeral chroot based on a snapshot of a
125template for a particular Debian or Ubuntu version.  If a build fails
126and it's not obvious from the build log why, you may need to create
127your own ephemeral chroot session with a command like "schroot -c
128gutsy-amd64-sbuild /bin/sh" and then run debuild from within the
129package sources.
130
131If the build is successful, it will create a set of packages with
132names like debathena-just_9.4.0-0debathena2~ubuntu6.06_amd64.deb.
133
134Developers: Building an equivs package
135--------------------------------------
136
137Most of the packages under debathena/meta are faked up using equivs.
138To build one, just run:
139
140  equivs-build --full filename.equivs
141
142These equivs files make reference to ../common, so you must have a
143checkout of debathena/meta/common alongside the particular
144meta-package you are building.
145
146Developers: The meaning of metapackages
147---------------------------------------
148
149If you are adding a new package to the repository, you will probably
150at some point want to add it to one of the metapackages so that it
151doesn't have to be installed by hand.  Here are some descriptions
152which may help identify which metapackage is best:
153
154* locker: Provides access to Athena locker software--AFS and
155  automounter configuration, locker-related utilities, etc.
156
157* clients: Provides clients (either locally-written, like athinfo and
158  Discuss, or configurations) for Athena services, as well as
159  Athena-specific utility programs like "jot".  Configurations for
160  graphical client software are generally in the workstation package
161  instead, in order to make this package less intrusive.
162
163* standard: Implies locker and clients.  Also provides Athena shell
164  customizations and dotfiles.
165
166* login: Implies standard.  Configurations to merge the MIT user
167  namespace into the local machine namespace for the purpose of user
168  lookups and authentication.
169
170* workstation: Implies login.  Configurations for the graphical login
171  system and graphical client software intended to provide a standard
172  X login experience using Athena home directories.  Still in
173  development.
174
175* cluster-software: Provides a set of Debian packages common to
176  cluster machines.  The resulting software set is rather large, and
177  thus may not be desirable to all workstation configurations.  Only
178  stock Debian packages belong in this metapackage; do not add
179  other Debathena packages to it.
180
181* cluster: Implies workstation and cluster-software.  Also contains
182  configurations for self-maintenance of machines (unattended updates,
183  cleanups between logins, etc.).  Does not exist yet.
184
185* debian-dev: Intended for developers of the system itself; provides a
186  set of Debian packages used by Debathena for development.
187
188For the most part a package should be listed in the "Depends:" line of
189a metapackage, but in some cases it is appropriate to hedge by using
190"Recommends:", which will cause aptitude to succeed even if the
191package is unavailable.  For example, a package which doesn't exist in
192all Debian/Ubuntu suites or isn't free can be listed under
193"Recommends:" so that our metapackages still work in all environments.
194
195Release engineer: Bootstrapping the project infrastructure
196----------------------------------------------------------
197
198  1. Create the package repository (detailed instructions on this
199     pending).  Set the DEBATHENA_APT environment variable to point to
200     the package repository.  Put a copy of the debathena "scripts"
201     subdir in your path.
202
203  2. Create the build area.
204
205  3. Build each equivs package under meta/ using "equivs-build --full
206     *.equivs" and upload each with "daequivsupload *.changes".  This
207     has the side-effect of creating the basic structure of the
208     package repository.
209
210  4. Set up the build server.  The basic structure of the apt
211     repository must work for make-chroot to succeed, so this must
212     happen after step 3.
213
214  5. For each normal Debian package in dependency order, cd into its
215     directory in the build area and run "da sbuildhack *.dsc" and
216     "daupload-release *_source.changes".  If the package contains
217     only an "Architecture: all" binary package, pass the -A option to
218     both commands.
219
220     The all-packages script can generate an approximation of the
221     package list in dependency order, but it doesn't work right yet,
222     and ideally it would be possible to do several builds in parallel
223     using a Makefile like the one in scripts/build-server/build-all.
224     Improvements to this machinery are pending.
225
226  6. For each package under third, run "da ./debathenify-PKG source
227     binary upload".  Any created directories under third/openafs/meta
228     should be chmodded 777 to work around a perl/AFS permissions
229     issue with File::Temp; if this is not done, OpenAFS metapackage
230     builds will fail for other users.
231
232Release engineer: Setting up a build server
233-------------------------------------------
234
235  1. The build server must be installed with free space in an LVM
236     volume group.  The build chroots consume 2GB each.  There is a
237     known memory corruption issue with LVM snapshots in the kernel
238     used in Ubuntu Gutsy (which is based on 2.6.22), so use a newer
239     kernel such as the one in Ubuntu Hardy (based on 2.6.24) instead.
240
241  2. Install debathena-standard as per the the instructions in
242     http://debathena.mit.edu/install.
243
244  3. apt-key add /afs/dev.mit.edu/system/athena10/apt/athena10-archive.asc
245
246  4. Install the packages listed in
247     scripts/build-server/packages (using "aptitude install")
248
249  5. Install debathena-login, debathena-ssh-server, and
250     debathena-build-depends (using "aptitude install").
251
252     (Depending on how recently debathena-build-depends was rebuilt,
253     additional packages might need to be installed to satisfy the
254     build-depends of newer packages.  This can be taken care of later
255     when an error occurs building a source package.)
256
257  6. Edit /etc/security/access.conf and add a first line:
258     -:ALL EXCEPT root <developer usernames>:ALL
259
260  7. Edit /etc/pam.d/schroot, comment out "@include common-session",
261     and add:
262
263       # Basic pam_unix session module in place of common-session.
264       session required         pam_unix.so
265
266  8. Edit /etc/group and add the developers to the sbuild group.
267
268  9. Create /etc/passwd entries for each developer with "hesinfo
269     username passwd >> /etc/passwd" and then run pwconv.
270
271     (This is not necessary for the login system on the main root
272     environment, but is for the chroot environments.)
273
274  10. Append to /etc/approx/approx.conf the contents of
275       scripts/build-server/approx.conf.tail.
276      Change the last line from http://debathena.mit.edu/apt to
277       file:///afs/dev.mit.edu/system/athena10/apt
278      Add "$interval 0" above the repository lines (only necessary if
279       the version of approx as reported by "dpkg -l approx" is less
280       than 3.0)
281      Run: /etc/init.d/approx restart
282
283  11. Apply scripts/build-server/mount-defaults.patch.
284
285  12. For each supported DIST (see scripts/debian-versions.sh) run:
286
287        VG=/dev/blah scripts/build-server/make-chroot DIST i386
288        VG=/dev/blah scripts/build-server/make-chroot DIST amd64
289
290      substituting the name of the volume group for blah.  Omit the
291      amd64 line if DIST is sarge.
292
293      Example: VG=/dev/dink scripts/build-server/make-chroot gutsy i386
294
295  13. Create a local account for builder with:
296
297        adduser --uid 1047 --disabled-password builder
298
299      Make the home directory mode 700.  Install a
300      daemon/linux-build-10.mit.edu keytab in the home directory as
301      "keytab".  Install a copy of the secret repository-signing key
302      (athena10@mit.edu) in the home directory's keyring with
303      something like:
304
305        kinit builder
306        gpg --export-secret-keys athena10@mit.edu | \
307          ssh -l builder machinename gpg --import
308
309      Create a file named .sbuildrc in builder's homedir containing:
310
311        $nolog = 1;
312        $mailto = 'source-wash@mit.edu';
313        $log_dir = '/tmp/sbuild-logs';
314        $maintainer_name = 'Debian-Athena Project <debathena@mit.edu>';
315        $force_orig_source = 1;
316        $sbuild_mode = "user";
317        1;
318
319      Create a file named .ssh/config in builder's homedir containing:
320
321        Host svn.mit.edu
322          User debuildsvn
323
324      Add builder to the sbuild group in /etc/group.
325
326      Copy scripts/build-server/autodebathenify to builder's homedir.
327      Create a file named autodebathenify.config in builder's homedir
328      containing:
329
330        error_addr=source-wash@mit.edu
331        scripts_dir=/afs/dev.mit.edu/source/src-svn/debathena/scripts
332        build_dir=/afs/dev.mit.edu/project/release/10/build/third
333        packages="cyrus-sasl2-mit evolution-data-server lprng openafs tcsh"
334        export DEBATHENA_APT=/afs/dev.mit.edu/system/athena10/apt
335
336      Copy scripts/build-server/autodebathenify.cron to builder's
337      homedir and install it with "crontab autodebathenify.cron".
338
339      In builder's homedir, append to .profile:
340
341        PATH=${PATH}:/afs/dev.mit.edu/source/src-svn/debathena/scripts
342        export DEBATHENA_APT=/afs/dev.mit.edu/system/athena10/apt
343
344      and to .bashrc:
345
346        bld=/afs/dev.mit.edu/project/release/10/build
347
348Release engineer: Removing a build chroot on the build server
349-------------------------------------------------------------
350
351  1. Run VG=/dev/blah scripts/clean-schroots as root to make sure that
352     the build chroot is not mounted, substituting the name of the
353     volume group for blah.
354
355  2. Edit /etc/schroot/schroot.conf and delete the section
356     corresponding to the chroot.
357
358  3. Run lvchange -an blah/chrootname
359     substituting the name of the volume group for blah and the chroot
360     name for chroot.  Example: lvchange -an dink/gutsy-i386-sbuild
361
362  4. Run lvremove blah/chrootname
363
364Release engineer: Removing a dist from the apt repository
365---------------------------------------------------------
366
367  1. Inside the apt repository, edit conf/distributions and remove the
368     distribution section.
369
370  2. Run reprepro -Vb $DEBATHENA_APT --delete clearvanished
371
372Release engineer: Setting up a canonical build area
373---------------------------------------------------
374
375  1. Create an empty directory and cd into it.  The canonical build
376     area lives in /afs/dev.mit.edu/project/release/10/build.
377
378  2. Run gen-packages to create the table of normal Debian packages.
379
380  3. Run dasource to create subdirs and source packages for each
381     normal Debian package.
382
383  4. Create checkouts of the meta and third directories:
384
385     svn co svn+ssh://svn.mit.edu/athena/trunk/debathena/meta
386     svn co svn+ssh://svn.mit.edu/athena/trunk/debathena/third
387     chmod 777 meta/*
388
389     A couple of subdirectories of debathena/meta are normal Debian
390     packages, so this will create redundant copies of those.  Ignore
391     them; they won't be used.
392
393Release engineer: Adding a new suite
394------------------------------------
395
396This process is rarely performed and the infrastructure for it is
397imperfect.  Substitute the name of the new suite for "newdist" in all
398steps below.
399
400  1. Make sure the apt repository is up to date with respect to the
401     source tree for the existing dists.
402
403  2. Add the new dist to scripts/debian-versions.sh.  (It is not
404     necessary to add the new dist to codes at this point, but it must
405     be present in the gettag conditional.)
406
407  3. Create the new distribution in the apt repository's configuration
408     file.  Create the skeleton of the dist by installing at least one
409     equivs package from meta/ with "reprepro -Vb $DEBATHENA_APT
410     include newdistname file.changes".
411
412  4. On the build server, create a chroot for the new distribution as
413     documented above.  This may require downloading and installing a
414     more recent version of the debootstrap package from the
415     -backports dist corresponding to the build server's OS.
416
417  5. Set the DEBATHENA_BUILD_AREA environment variable to point to the
418     build area.
419
420  6. Fire up screen.
421
422  7. mkdir $DEBATHENA_BUILD_AREA/stamps.newdist.
423
424  8. cd into a checkout of debathena/scripts/build-server/build-all.
425
426  9. Edit Makefile (and check in the edit) so that suite is the new
427     distribution and psuite is the previously most recent Debian or
428     Ubuntu distribution.
429
430  10. Run "make deps.mk".
431
432  11. Run "make -k all STAMPS=$DEBATHENA_BUILD_AREA/stamps.newdist".
433      You can watch the builds happen in the other windows of the
434      screen session.  It's possible to do several builds at once with
435      make -j N.
436
437  12. debathenify packages will fail out; they must be built by hand.
438      When the build fails on one, cd into third/packagename in the
439      build area and run "./debathenify newdist-amd64 -A source binary
440      upload" and "./debathenify newdist-i386 binary upload".  Then
441      touch $DEBATHENA_BUILD_AREA/stamps.newdist/packagename.done" and
442      restart the build.
443
444      The newly created third/openafs/meta directories should be
445      chmodded 777 to work around a perl/AFS permissions issue.
446
447Release engineer: apt repository HTTP server setup
448--------------------------------------------------
449
450The apt repository server (athena10.mit.edu) is an ops virtual image
451with httpd and AFS installed.  At the moment, the only customization
452is two changes to /etc/httpd/conf/httpd.conf:
453
454  * The DocumentRoot is set to "/afs/dev.mit.edu/system/athena10".
455  * The Directory entry for /var/html/www is also changed to
456    "/afs/dev.mit.edu/system/athena10".
Note: See TracBrowser for help on using the repository browser.