source: trunk/debathena/NOTES @ 24875

Revision 24875, 25.0 KB checked in by lizdenys, 11 years ago (diff)
added how to check that the apt repo is up to date
1This hierarchy contains Debian/Ubuntu-specific materials, also known
2as "Debathena".  The contents are:
4* debathena - Debathena-specific software packages such as PAM and NSS
5  modules.
7* config - Packages for configuring native system software in a manner
8  appropriate for Athena.
10* meta - Packages which contain nothing but dependencies on other
11  packages and serve as an installation convenience.
13* scripts - Build scripts and supporting materials.
15Debathena is a SIPB project, and its infrastructure and procedures
16will need to be adapted for Athena 10.  For the moment this file will
17document the Debathena procedures as they are, not as they will be.
18The current procedures do not even use this svn repository yet.
20Debian software used by Debathena:
22  * schroot - Used to manage build chroot environments for each
23    Debian/Ubuntu version.  We use the device schroot type with aufs
24    union mounts, which allows rapid construction of ephemeral copies
25    of template "source" chroots, so that every binary package build
26    is done in a clean environment.
28  * debuild - Used to create Debian source packages from package
29    source directories.
31  * sbuild - Used to build binary packages from source packages inside
32    schroot environments.
34  * equivs - Used to create packages which only contain dependency
35    information.  Somewhat of a dirty hack, since it doesn't keep
36    proper changelogs, but it reduces overhead.
38  * CDBS (Common Debian Build System) - Referenced by debian/rules
39    files in packages.  Contains standard build rules to cut down on
40    per-package boilerplate.
42  * reprepro - Used to upload packages into the apt repositories.
44  * approx - Used to create a local cache of Debian packages on the
45    build server.  This cache is referenced by the build chroots for
46    improved performance.
48The remainder of this file documents procedures useful to Athena 10
49developers and the release engineer.
51Developers: Preferences setup
54You will probably want a $HOME/.devscripts file containing the
57DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn"
59This will save you from having to specify those options every time you
60run debuild.  Athena 10 scripts do not assume the above preferences,
61but the instructions in this file do.  The options mean:
63  * Look for original source as a tarfile or create one.
64  * Do not sign the source package.
65  * Do not sign the changes file.
66  * Ignore common version control metadata files when creating diffs.
67  * Ignore .svn paths when creating tarballs.
69You will also want a $HOME/.sbuildrc file containing the following:
71  $nolog = 1;
72  $mailto = 'yourusername';
73  $log_dir = '/tmp/sbuild-logs';
74  $maintainer_name = 'Debathena Project <>';
75  $force_orig_source = 1;
76  $sbuild_mode = "user";
77  1;
79You should also set the environment variable DEBATHENA_APT to
82Developers: Preparing a change
85To prepare a change to a regular package (a source tree containing a
86debian/ subdir), make the edits in a checkout and record a changelog
87entry.  You can either edit debian/changelog using emacs changelog
88mode (C-c C-v to add a new version entry, C-c C-a to add a change
89entry, C-c C-f to finalize the entry) or you can run "dadch" from
90the debathena locker / SVN scripts directory.
92When creating a new version entry, bump the upstream version number
93(to 10.0.0 if it was not already that high) if you are changing the
94main package source.  Otherwise, just bump the Debian version
95component (change 0debathena1 to 0debathena2, for instance).
97Developers: Building a package for test purposes on one platform
100After you have prepared a change, you will want to test that it builds
101and perhaps that it works before committing it.  First, if it is an
102Athena source directory using autoconf, run "daconfiscate" to set up
103the autoconf boilerplate which we don't check in.  Second, run
104"daorig" to copy or create an orig tarball in the parent directory if
105necessary.  Third, run "debuild".  The resulting package will be
106placed in the parent directory.
108In order to test if the package works, you can install it with "dpkg
109-i filename.deb".
111Developers: Building a package for test purposes on all platforms
114If the package you are working on interacts with the native OS in ways
115that might vary from platform to platform, you may want to do a test
116build for all platforms.  You will need to do this on or another machine which has been set up with
118build schroots.
120As above, run daconfiscate (if necessary) and then daorig.  Then run
121"debuild -S" to create a source package.  Now cd into the parent
122directory and identify the .dsc file created by debuild -S; it will
123have a name like debathena-just_9.4.0-0debathena2.dsc.  Run "da
124sbuildhack filename.dsc" to perform the package builds.  Each build
125will take place inside an ephemeral chroot based on a snapshot of a
126template for a particular Debian or Ubuntu version.  If a build fails
127and it's not obvious from the build log why, you may need to create
128your own ephemeral chroot session with a command like "schroot -c
129gutsy-amd64-sbuild /bin/sh" and then run debuild from within the
130package sources.
132If the build is successful, it will create a set of packages with
133names like debathena-just_9.4.0-0debathena2~ubuntu6.06_amd64.deb.
135Developers: Building an equivs package
138Most of the packages under debathena/meta are faked up using equivs.
139To build one, just run:
141  equivs-build --full filename.equivs
143These equivs files make reference to ../common, so you must have a
144checkout of debathena/meta/common alongside the particular
145meta-package you are building.
147Developers: The meaning of metapackages
150If you are adding a new package to the repository, you will probably
151at some point want to add it to one of the metapackages so that it
152doesn't have to be installed by hand.  Here are some descriptions
153which may help identify which metapackage is best:
155* locker: Provides access to Athena locker software--AFS and
156  automounter configuration, locker-related utilities, etc.
158* clients: Provides clients (either locally-written, like athinfo and
159  Discuss, or configurations) for Athena services, as well as
160  Athena-specific utility programs like "jot".  Configurations for
161  graphical client software are generally in the workstation package
162  instead, in order to make this package less intrusive.
164* standard: Implies locker and clients.  Also provides Athena shell
165  customizations and dotfiles.
167* login: Implies standard.  Configurations to merge the MIT user
168  namespace into the local machine namespace for the purpose of user
169  lookups and authentication.
171* login-graphical: Implies login.  Configurations for the graphical login
172  system and graphical client software intended to provide a standard
173  X login experience using Athena home directories.
175* extra-software: Implies a set of Debian packages common to cluster
176  machines and typical workstations.  The resulting software set is
177  rather large, and thus may not be desirable to all workstation
178  configurations.  Only stock Debian packages belong in this
179  metapackage; do not add other Debathena packages to it.
181* workstation: Implies login-graphical and extra-software.  The use case
182  is the same as that of the old "private workstations", so it includes
183  more centrally-managed configuration than standard or login does
184  (unattended updates, etc.). New as of May 2009.
186* thirdparty: Software supported by 3partysw that upstream Ubuntu
187  already happens to be keeping up to date, and is therefore easier to
188  install via packages than through lockers. This package is HUGE (1 GB of
189  network traffic, 3 GB installed), and is also not strongly tested on
190  Debian or on older releases of Ubuntu.
192* cluster: Implies workstation and thirdparty. Configures public cluster
193  machines (login-time LVM snapshots, cleanups between logins, public
194  root password, etc.). The snapshot code requires a particular LVM
195  layout that the PXE (netboot) cluster installer sets up.
197* debian-dev: Intended for developers of the system itself; provides a
198  set of Debian packages used by Debathena for development.
200For the most part a package should be listed in the "Depends:" line of
201a metapackage, but in some cases it is appropriate to hedge by using
202"Recommends:", which will cause aptitude to succeed even if the
203package is unavailable.  For example, a package which doesn't exist in
204all Debian/Ubuntu suites or isn't free can be listed under
205"Recommends:" so that our metapackages still work in all environments.
207Developers: Index of cluster packages
210Some private workstation admins may want specific pieces of cluster
211infrastructure.  With Athena 9.4, they would typically install the
212entire Athena software suite and then turn off features they did not
213want via /etc/athena/rc.conf.  That is not generally possible in
214Athena 10; a debathena-cluster machine acts like a cluster machine in
215all respects.  Instead, the machine owner should install
216debathena-workstation and then install specific packages they might be
217interested in.  At this time, candidate packages include:
219  * debathena-dns-config: Installs a caching DNS resolver and
220    configures the machine to use it.
222  * debathena-tmp-cleaner: Cleans files in /tmp and /var/tmp which
223    have not been recently accessed.
225  * debathena-reactivate: Causes each graphical login to be performed
226    in a separate ephemeral snapshot of the chroot.  This package
227    requires the root filesystem to be an LVM logical volume inside a
228    volume group with 21GB of free space for the snapshots; if that is
229    not the case, it will break graphical logins.  Install with care.
231  * debathena-auto-update: Periodically updates the machine's software
232    and reboots (when no one is logged in) if necessary.
234Cluster packages which are generally not of interest to private
235machine owners include:
237  * debathena-cluster-login-config: Configures a variety of system
238    services to implement the cluster login policy (no tty logins, no
239    user switching, screensaver logout button after 20 minutes, etc.).
241  * debathena-clusterinfo: Looks up the machine's cluster information
242    in Hesiod and caches it on local disk.
244  * debathena-larvnet: Reports to the central larvnet server whether
245    anyone has a graphical login to the machine.
247  * debathena-syslog-config: Configures sysklogd so that some syslog
248    messages are forwarded to a central logging host.
250Release engineer: Bootstrapping the project infrastructure
253  1. Create the package repository (detailed instructions on this
254     pending).  Set the DEBATHENA_APT environment variable to point to
255     the package repository.  Put a copy of the debathena "scripts"
256     subdir in your path.
258  2. Create the build area.
260  3. Run 'dareprepro export' to set up the repository.  Build each
261     equivs package under meta/ using 'equivs-build --full *.equivs'
262     and upload each with 'daupload-equivs-proposed *.changes',
263     followed by 'damove -proposed "" PACKAGE' (replacing PACKAGE with
264     the name of each equivs package you are moving).
266  4. Set up the build server.  The basic structure of the apt
267     repository must work for make-chroot to succeed, so this must
268     happen after step 3.
270  5. For each normal Debian package in dependency order, cd into its
271     directory in the build area and run "da sbuildhack *.dsc" and
272     "daupload-release *_source.changes".  If the package contains
273     only an "Architecture: all" binary package, pass the -A option to
274     both commands.
276     The all-packages script can generate an approximation of the
277     package list in dependency order, but it doesn't work right yet,
278     and ideally it would be possible to do several builds in parallel
279     using a Makefile like the one in scripts/build-server/build-all.
280     Improvements to this machinery are pending.
282  6. For each package under third, run "da ./debathenify-PKG source
283     binary upload".  Any created directories under third/openafs/meta
284     should be chmodded 777 to work around a perl/AFS permissions
285     issue with File::Temp; if this is not done, OpenAFS metapackage
286     builds will fail for other users.
288Release engineer: Updating the apt repository
291  1. ssh to the build server as the builder account and change to the
292     canonical build directory.
294  2. Run "gen-packages" to update the package list.  (Or "gen-packages
295     -c" if you know the AFS checkout of the source tree is up to date;
296     it should update every half hour.)
298  3. Run "ood-packages" to produce a list of out-of-date packages.
300  4. For each out of date package, run "dasource PKG".  Then change to
301     the package directory and run "da sbuildhack *.dsc" and
302     "daupload-release *_source.changes".  If the package contains
303     only an "Architecture: all" binary package, pass the -A option to
304     both commands.
306  5. svn update the meta directory.  If there are new subdirectories,
307     chmod them 777 to work around a perl/AFS permissions issue with
308     File::Temp.  For each updated subdir, change to it, run
309     "equivs-build --full *.equivs", and then "daequivsupload
310     FILENAME.changes" on the produced changes file.
312  6. svn update the third directory.  You can let autodebathenify
313     handle the updated scripts, or you can touch
314     ~/autodebathenify.suppress, make sure it's not running, and run
315     "da ./debathenify-PKG source binary upload" in each updated
316     directory.
318Sometimes you may have to mix up the order of the above steps in order
319to handle build dependencies.
321Release engineer: Setting up a build server
324  1. Install either Debian testing (or stable, if it's new enough, but
325     see the note about sbuild below) or the latest Ubuntu release.
326     The build server must be installed with free space in an LVM
327     volume group.  The build chroots consume 4GB each.
329  2. Install debathena-login as per the the instructions in
332  3. apt-key add
333     /afs/
335  4. Install the packages listed in scripts/build-server/packages
336     (using "aptitude install").
338     Note that currently the build system uses the latest version of
339     sbuild, so if you have not installed Debian testing, you'll need
340     to set up apt pinning to grab sbuild from there. See the
341     apt_preferences man page. You'll also need to grab schroot from
342     Debian experimental.
344  5. Install the aufs-modules-2.6-amd64 package.
346  6. Append to /etc/approx/approx.conf the contents of
347      scripts/build-server/approx.conf.tail.
348     Run: /etc/init.d/approx restart
350  7. Apply scripts/build-server/mount-defaults.patch and
351     scripts/build-server/pam-schroot.patch.
353  8. For each supported DIST (see scripts/ run:
355       VG=/dev/blah scripts/build-server/make-chroot DIST i386
356       VG=/dev/blah scripts/build-server/make-chroot DIST amd64
358     substituting the name of the volume group for blah.
360     Example: VG=/dev/dink scripts/build-server/make-chroot intrepid i386
362  9. Create a local account for builder with:
364       adduser --uid 1047 --disabled-password builder
366     Make the home directory mode 700.  Install a
367     daemon/ keytab in the home directory as
368     "keytab".  Install a copy of the secret repository-signing key
369     ( in the home directory's keyring with
370     something like:
372       kinit builder
373       gpg --export-secret-keys | \
374         ssh -l builder machinename gpg --import
376     Create a file named .sbuildrc in builder's homedir containing:
378       $mailto = undef;
379       $log_dir = '/tmp/sbuild-logs';
380       $maintainer_name = 'Debathena Project <>';
381       $force_orig_source = 1;
382       $sbuild_mode = "user";
383       1;
385     Create a file named .ssh/config in builder's homedir containing:
387       Host
388         User debuildsvn
390     Add builder to the sbuild group in /etc/group.
392     Copy scripts/build-server/autodebathenify to builder's homedir.
393     Create a file named autodebathenify.config in builder's homedir
394     containing:
397       scripts_dir=/mit/debathena/bin
398       build_dir=/mit/debathena/packages/third
399       packages="lprng openafs"
400       export DEBATHENA_APT=/mit/debathena/apt
402     Copy scripts/build-server/autodebathenify.cron to builder's
403     homedir and install it with "crontab autodebathenify.cron".
405     Copy scripts/build-server/autolivebuilder to builder's
406     homedir. Create a file called autolivebuilder.config in builder's
407     homedir containing:
410       release_version='9.04'
411       release='jaunty'
412       arch='i386'
413       mirror=''
414       gpg_opts=("-u" "0D8A9E8F")
415       live_dir=/net/
417     Create a file named .devscripts in builder's homedir containing:
419       DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn"
421     In builder's homedir, append to .bashrc:
423       add debathena
424       export PATH=$PATH:~/bin
425       export DEBATHENA_APT=/mit/debathena/apt
428Release engineer: Removing a build chroot on the build server
431  1. Run VG=/dev/blah scripts/clean-schroots as root to make sure that
432     the build chroot is not mounted, substituting the name of the
433     volume group for blah.
435  2. Edit /etc/schroot/schroot.conf and delete the section
436     corresponding to the chroot.
438  3. Run lvchange -an blah/chrootname
439     substituting the name of the volume group for blah and the chroot
440     name for chroot.  Example: lvchange -an dink/gutsy-i386-sbuild
442  4. Run lvremove blah/chrootname
444Release engineer: Removing a dist from the apt repository
447  1. Inside the apt repository, edit conf/distributions and remove the
448     distribution section.
450  2. Run dareprepro --delete clearvanished
452Release engineer: Setting up a canonical build area
455  1. Create an empty directory and cd into it.  The canonical build
456     area lives in /mit/debathena/packages/.
458  2. Run gen-packages to create the table of normal Debian packages.
460  3. Run dasource to create subdirs and source packages for each
461     normal Debian package.
463  4. Create checkouts of the meta and third directories:
465     svn co svn+ssh://
466     svn co svn+ssh://
467     chmod 777 meta/*
469     A couple of subdirectories of debathena/meta are normal Debian
470     packages, so this will create redundant copies of those.  Ignore
471     them; they won't be used.
473Release engineer: Adding a new suite
476This process is rarely performed and the infrastructure for it is
477imperfect.  Substitute the name of the new suite for "newdist" in all
478steps below.
480  1. Make sure the apt repository is up to date with respect to the
481     source tree for the existing dists. Check
482 and
483 More importantly, make
484     sure there is nothing in svn that isn't built. (An easy way to do
485     this is running the check-unbuilt-packages script.)
487  2. Add the new dist to scripts/  (It is not
488     necessary to add the new dist to codes at this point, but it must
489     be present in the gettag conditional.)
491  3. Create the new distribution in the apt repository's configuration
492     file.  Create the skeleton of the dist by running "dareprepro
493     export".
495  4. On the build server, create a chroot for the new distribution as
496     documented above.  This may require downloading and installing a
497     more recent version of the debootstrap package from the
498     -backports dist corresponding to the build server's OS.
500  5. Set the DEBATHENA_BUILD_AREA environment variable to point to the
501     build area.
503  6. Fire up screen.
505  7. mkdir $DEBATHENA_BUILD_AREA/stamps.newdist.
507  8. cd into a checkout of debathena/scripts/build-server/build-all.
509  9. Edit Makefile (and check in the edit) so that suite is the new
510     distribution and psuite is the previously most recent Debian or
511     Ubuntu distribution.
513  10. Run "make".
515  11. Run "make -k all STAMPS=$DEBATHENA_BUILD_AREA/stamps.newdist".
516      You can watch the builds happen in the other windows of the
517      screen session.  It's possible to do several builds at once with
518      make -j N.
520  12. debathenify packages will fail out; they must be built by hand.
521      When the build fails on one, cd into third/packagename in the
522      build area and run "./debathenify newdist-amd64 -A source binary
523      upload" and "./debathenify newdist-i386 binary upload".  Then
524      touch $DEBATHENA_BUILD_AREA/stamps.newdist/packagename.done" and
525      restart the build.
527      The newly created third/openafs/meta directories should be
528      chmodded 777 to work around a perl/AFS permissions issue.
530Release engineer: Maintaining autodebathenify
533autodebathenify is a cron job which runs on the builder account and
534keeps the OpenAFS modules and modified packages under debathena/third
535up to date when there are upstream changes.  It relies on the
538  * builder@ATHENA.MIT.EDU has access to a local account named
539    debuildsvn on with read access to the athena
540    repository.
542  * builder@ATHENA.MIT.EDU has write access to the canonical build
543    area and apt repository in the dev cell.
545  * The builder account on the build machine has a copy of the signing
546    private key for the apt repository.
548The cron job will silently exit if it detects that it is already
549running.  If it fails for any other reason, it will send mail to and touch a file named autodebathenify.suppress
551which will prevent it from running again until manual intervention.
552It is important to get autodebathenify running smoothly or the apt
553repository will become out of date with respect to third-party
554packages, which in turn will compromise the user experience.
556Even if you don't notice failure mail, it's good to check on the
557status of autodebathenify from time to time.  To do this, get tickets
558as builder and ssh to linux-build-10 as builder.  Run "ls -l logs" to
559see what's been going on.  A logfile with size around 48K indicates
560that autodebathenify ran normally but didn't find any new work to do.
561A logfile with size around 60 means that autodebathenify.suppress
562exists and the cron job has stopped running.  A longer logfile
563indicates that autodebathenify attempted to build and upload a
566Possible failure cases include:
568  * One of the upstream apt repositories timed out during an "apt-get
569    update" of an sbuild chroot.  If this happens, you can just remove
570    the autodebathenify.suppress file to get the cron job to start
571    running again.
573  * autodebathenify tried to build an upstream version which already
574    exists.  If this happens, the build will fail at upload time.  If
575    this happens, there is a bug in the part of the debathenify-*
576    script which checks whether our apt repository already has the
577    expected version of the built package.
579  * Debian and Ubuntu have .orig files with the same name but
580    different contexts for a particular third-party package.  This has
581    only happened once, with bash (which is currently not configured
582    into autodebathenify for that reason).  We do not have a general
583    mechanism for resolving such issues at this time.
585  * The new upstream version of the package is sufficiently different
586    to cause our modifications to fail to apply, and our debathenify-*
587    script needs to be adapted appropriately.
589The cron job is run out of builder's home directory, but its canonical
590source location is in debathena/scripts/build-server in this
591repository, should it need to be modified.
593After several months of operation, LVM snapshots on the build server
594will start to become slower and slower, as /etc/lvm/cache/.cache grows
595in size.  Turning off the cache entirely seems to cause schroot to
596occasionally fail; the current solution is to rm /etc/lvm/cache/.cache
597every so often.
599Release engineer: apt repository HTTP server setup
602The apt repository server ( is hosted on out of the debathena locker. To replicate it on a
604dedicated server, install Apache and AFS (e.g., debathena-standard
605and apache2), and configure the document root to be
606  /mit/debathena/web_scripts
608There's also a crontab in /mit/debathena/cron_scripts that updates
609the package lists on the website. It expects to be able to edit the
610web_scripts directory; on scripts, it does so with daemon.scripts
613Trac ( expects to use
614for its database.
Note: See TracBrowser for help on using the repository browser.