18 | | 7. Apply scripts/build-server/mount-defaults.patch and |
19 | | |
20 | | No, just add the AFS line: |
21 | | |
22 | | /afs /afs none rw,bind 0 0 |
23 | | |
24 | | scripts/build-server/pam-schroot.patch. |
25 | | Unneeded, schroot ships with the correct pam config. |
26 | | |
27 | | Ensure that schroot's pam-config is sane (Specifically, that it includes the usual pam |
28 | | stack, e.g. |
29 | | @include common-auth |
30 | | @include common-account |
31 | | @include common-session |
32 | | |
33 | | |
34 | | TODO: Deal with the /run mess once that's finalized. |
35 | | |
36 | | |
37 | | 8. For each supported DIST (see scripts/debian-versions.sh) run: |
| 23 | 8. For each supported DIST (see scripts/debian-versions.sh) run: |
52 | | * Make the home directory mode 700. |
53 | | * Install a daemon/linux-build-10.mit.edu keytab in the home directory as |
54 | | "keytab". Install a copy of the secret repository-signing key |
55 | | (debathena@mit.edu) in the home directory's keyring with |
56 | | something like: |
57 | | |
58 | | kinit builder |
59 | | gpg --export-secret-keys debathena@mit.edu | \ |
60 | | ssh -l builder machinename gpg --import |
61 | | |
62 | | * Create a file named `.sbuildrc` in builder's homedir containing: |
| 38 | 2. Make the home directory mode 700. |
| 39 | 3. Install a `daemon` keytab for the host (e.g. daemon/linux-build-10.mit.edu) in the home directory, named `keytab`. Ensure that this principal also has a PTS id in both the `sipb` and `athena` cells, and add it to the list `debathena-build-server-acl`. |
| 40 | 4. Install a copy of the secret repository-signing key (for debathena@mit.edu) in the home directory's keyring with something like: |
| 41 | {{{ |
| 42 | builder@old-build-server:~$ kinit builder |
| 43 | builder@old-build-server:~$ gpg --export-secret-keys debathena@mit.edu | \ |
| 44 | ssh -l builder new-build-server gpg --import |
| 45 | }}} |
| 46 | You may transfer the key securely via another method, but ensure that the key is not left lying around anywhere. (Even a correctly-ACL'd directory in AFS is not ideal). |
| 47 | 5.Create a file named `.sbuildrc` in builder's homedir containing: |
76 | | Create a file named .ssh/config in builder's homedir containing: |
77 | | |
78 | | Host svn.mit.edu |
79 | | User debuildsvn |
80 | | |
81 | | Add builder to the sbuild group in /etc/group. |
82 | | |
83 | | Ensure that daemon.(build-server) exists in Kerberos and has a pts id. |
84 | | |
85 | | Add it to debathena-build-server-acl |
86 | | |
87 | | Ensure daemon.(build-server) exists in -c sipb (assuming the debathena locker is still in -c sipb) |
88 | | |
89 | | |
90 | | |
91 | | Copy scripts/build-server/autodebathenify to builder's homedir. |
92 | | Create a file named autodebathenify.config in builder's homedir |
93 | | containing: |
| 73 | {{{ |
| 74 | Host svn.mit.edu |
| 75 | User debuildsvn |
| 76 | }}} |
| 77 | 7. Add builder to the sbuild group in /etc/group. |
| 78 | 8. Create a file named .devscripts in builder's homedir containing: |
| 79 | {{{ |
| 80 | DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn" |
| 81 | }}} |
| 82 | 9. In builder's homedir, append to .bashrc: |
| 83 | {{{ |
| 84 | add debathena |
| 85 | export PATH=$PATH:~/bin |
| 86 | export DEBATHENA_APT=/mit/debathena/apt |
| 87 | }}} |
| 88 | 10. Copy ~/bin from the old build server. |
| 89 | 11. Run `sbuild-update --keygen` to generate the key for signing the temporary repo used during the build process. This requires entropy, and the rng-tools package is helpful for generating the necessary entropy, seeing as how you probably don't have access to the machine's keyboard or mouse. |
| 90 | 12. Copy scripts/build-server/autodebathenify to builder's homedir. Create a file named autodebathenify.config in builder's homedir containing: |
| 91 | {{{ |