wiki:SettingUpABuildServer

Version 6 (modified by jdreed, 9 years ago) (diff)

--

Setting Up A Build Server

*Note:* Every effort should be made to ensure that we use stock versions of the build tools wherever possible. Where we can't, ensure that detailed build instructions, as well as a list of patches we apply, are available. As of October 2012, we use stock versions of sbuild and schroot.

  1. The build server should ideally be an Ubuntu LTS (as of Oct 2012, Precise). Ops prefers Ubuntu to Debian testing/unstable/experimental because they already maintain Ubuntu LTS servers (the dialups). It should have free space in an LVM volume group (ideally named "builder", but configurable in most cases). The build chroots consume 4GB each, and there are 2 architectures for each distro we support. As of Oct 2012, a 50G LVM is sufficient, but this may change in the future.
  1. Install debathena-login, as well as debathena-debian-dev.
    • If you install debathena manually (please don't), ensure that you add the apt key, either via the debathena-archive-keyring package, or with apt-key add /afs/sipb.mit.edu/project/debathena/apt/debathena-archive-keyring.asc. If you're very paranoid, you can run apt-key export on the old build server and then apt-key add on the new one.
  1. Install the packages listed in scripts/build-server/packages. debathena-debian-dev should have taken care of most of these.
  1. If we're still using a unioning filesystem, ensure that the necessary kernel modules are available. See above about using stock versions wherever possible. As of Oct 2012, the filesystems we use (overlayfs) and those we used in the past (aufs) are part of the stock kernel.
  1. Append to /etc/approx/approx.conf the contents of scripts/build-server/approx.conf.tail. Restart approx (as of precise, approx is run from inetd).
  1. Apply scripts/build-server/mount-defaults.patch and

No, just add the AFS line:

/afs /afs none rw,bind 0 0

scripts/build-server/pam-schroot.patch.

Unneeded, schroot ships with the correct pam config.

Ensure that schroot's pam-config is sane (Specifically, that it includes the usual pam stack, e.g. @include common-auth @include common-account @include common-session

TODO: Deal with the /run mess once that's finalized.

  1. For each supported DIST (see scripts/debian-versions.sh) run:

scripts/build-server/make-chroot DIST i386 scripts/build-server/make-chroot DIST amd64

Example: scripts/build-server/make-chroot intrepid i386

Configuring the builder account

  1. Create a local account for builder with:

adduser --uid 1047 --disabled-password builder

N.B. In the old days, the UID was relevant for AFS and matching Hesiod. With OpenAFS 1.6, it is likely no longer relevant, but double-checking never hurt.

  • Make the home directory mode 700.
  • Install a daemon/linux-build-10.mit.edu keytab in the home directory as

"keytab". Install a copy of the secret repository-signing key (debathena@…) in the home directory's keyring with something like:

kinit builder gpg --export-secret-keys debathena@… | \

ssh -l builder machinename gpg --import

  • Create a file named .sbuildrc in builder's homedir containing:
    $mailto = undef;
    $log_dir = '/tmp/sbuild-logs';
    $maintainer_name = 'Debathena Project <debathena@mit.edu>';
    $force_orig_source = 1;
    $sbuild_mode = 'user';
    # Pass all DEBATHENA-specific variables to external commands
    # (e.g. chroot-sources)
    $environment_filter = [ '^DEBATHENA_', ];
    # Ensure file evaluates as true in Perl
    1;
    

Create a file named .ssh/config in builder's homedir containing:

Host svn.mit.edu

User debuildsvn

Add builder to the sbuild group in /etc/group.

Ensure that daemon.(build-server) exists in Kerberos and has a pts id.

Add it to debathena-build-server-acl

Ensure daemon.(build-server) exists in -c sipb (assuming the debathena locker is still in -c sipb)

Copy scripts/build-server/autodebathenify to builder's homedir. Create a file named autodebathenify.config in builder's homedir containing:

error_addr=debathena-root@… scripts_dir=/mit/debathena/bin build_dir=/mit/debathena/packages/third packages="lprng openafs" export DEBATHENA_APT=/mit/debathena/apt

Copy scripts/build-server/autodebathenify.cron to builder's homedir and install it with "crontab autodebathenify.cron".

Copy scripts/build-server/autolivebuilder to builder's homedir. Create a file called autolivebuilder.config in builder's homedir containing:

error_addr=debathena-root@… release_version='9.04' release='jaunty' arch='i386' mirror='mirrors.mit.edu' gpg_opts=("-u" "0D8A9E8F") live_dir=/net/sipb-isilon-sc.mit.edu/ifs/mirror/sipb/debathena/livecd

Create a file named .devscripts in builder's homedir containing:

DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn"

In builder's homedir, append to .bashrc:

add debathena export PATH=$PATH:~/bin export DEBATHENA_APT=/mit/debathena/apt

blah blah copy ~/bin too

sbuild-update --keygen rng-tools is helpful for entropy