Re: Document correct buildd chroot setup somewhere?
[ adjusting recipients - implementation detail]
* Philipp Kern (pkern@debian.org) [100405 12:18]:
> On Mon, Apr 05, 2010 at 11:31:02AM +0200, Stefan Fritsch wrote:
> > is the correct setup for the buildd chroots documented somewhere? I
> > frequently have to have the same discussions with buildd admins again
> > and again to have them fix the configuration of the stable-security
> > chroots. It would be easier if I could just point them to the
> > documentation. And maybe, if there was some documentation, the
> > configuration wouldn't be broken that often.
>
> They should use the script we provide: create-chroot.sh. It should take
> care of those details. However...
>
> > TTBOMK, the correct setup currently is:
> >
> > sources.list:
> > - include source *and* binary lines for the security-master/buildd/
> > dir (don't know what the dir is called exactly)
> > - do not include incoming.debian.org
> > - do not include s-p-u
>
> We are currently using the base suite as the base for the security settings.
> This means incoming.debian.org as the second mirror and s-p-u included.
What I think about is that we just write sources.list on every chroot
cloning / entrying, except if we use the source chroot:
1. sources.list:
We have (currently only on some systems) the prefered mirrors in
/etc/schroot/conf.buildd. This file needs to be created where it
doesn't exist yet. As long as it doesn't exist, I'd just not do
anything for sources.list.
If we do security, proposed-updates, and in case of snapshots also any
other, we write the appropriate entries to sources.list:
security:
$nearestmirror if set
ftp.d.o
$securitymirror if set
security-master public and private (using https for private ones)
p-u:
$nearestmirror stable and p-u if set
ftp.d.o stable and p-u
incoming p-u only (?)
volatile / backports:
$nearestmirror stable and p-u if set
$nearestvol / $nearestbpo stable and p-u if set
ftp.d.o stable and p-u
volatile-master p-u / backports-master p-u
unstable:
$nearestmirror unstable
ftp.d.o unstable
incoming unstable and buildd-unstable
2. apt.conf:
We automatically write to /etc/apt/apt.conf.d/99builddauto entries
with no pdiffs, no recommends, and - in case of security chroots only
- no authentication. (Only for >= lenny, etch doesn't do apt.conf.d)
3. dpkg.cfg:
For >= squeeze we automatically write "force-confnew" to
/etc/dpkg/dpkg.conf.d/force-confnew on each entering of the chroot.
Comments? Too ugly?
Andi
Reply to: