Re: Document correct buildd chroot setup somewhere?

To: debian-wb-team@lists.debian.org
Subject: Re: Document correct buildd chroot setup somewhere?
From: Andreas Barth <aba@not.so.argh.org>
Date: Mon, 5 Apr 2010 13:16:35 +0200
Message-id: <[🔎] 20100405111635.GR19557@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-wb-team@lists.debian.org
In-reply-to: <[🔎] 20100405101812.GA18055@kelgar.0x539.de>
References: <[🔎] 201004051131.11557.sf@debian.org> <[🔎] 20100405101812.GA18055@kelgar.0x539.de>

[ adjusting recipients - implementation detail]

* Philipp Kern (pkern@debian.org) [100405 12:18]:
> On Mon, Apr 05, 2010 at 11:31:02AM +0200, Stefan Fritsch wrote:
> > is the correct setup for the buildd chroots documented somewhere? I 
> > frequently have to have the same discussions with buildd admins again 
> > and again to have them fix the configuration of the stable-security 
> > chroots. It would be easier if I could just point them to the 
> > documentation. And maybe, if there was some documentation, the 
> > configuration wouldn't be broken that often.
> 
> They should use the script we provide: create-chroot.sh.  It should take
> care of those details.  However...
> 
> > TTBOMK, the correct setup currently is:
> > 
> > sources.list:
> > - include source *and* binary lines for the security-master/buildd/ 
> > dir (don't know what the dir is called exactly)
> > - do not include incoming.debian.org
> > - do not include s-p-u
> 
> We are currently using the base suite as the base for the security settings.
> This means incoming.debian.org as the second mirror and s-p-u included.

What I think about is that we just write sources.list on every chroot
cloning / entrying, except if we use the source chroot:


1. sources.list:

We have (currently only on some systems) the prefered mirrors in
/etc/schroot/conf.buildd. This file needs to be created where it
doesn't exist yet. As long as it doesn't exist, I'd just not do
anything for sources.list.

If we do security, proposed-updates, and in case of snapshots also any
other, we write the appropriate entries to sources.list:

security:
$nearestmirror if set
ftp.d.o
$securitymirror if set
security-master public and private (using https for private ones)

p-u:
$nearestmirror stable and p-u if set
ftp.d.o stable and p-u
incoming p-u only (?)

volatile / backports:
$nearestmirror stable and p-u if set
$nearestvol / $nearestbpo stable and p-u if set
ftp.d.o stable and p-u
volatile-master p-u / backports-master p-u

unstable:
$nearestmirror unstable
ftp.d.o unstable
incoming unstable and buildd-unstable



2. apt.conf:

We automatically write to /etc/apt/apt.conf.d/99builddauto entries
with no pdiffs, no recommends, and - in case of security chroots only
- no authentication. (Only for >= lenny, etch doesn't do apt.conf.d)


3. dpkg.cfg:

For >= squeeze we automatically write "force-confnew" to
/etc/dpkg/dpkg.conf.d/force-confnew on each entering of the chroot.



Comments? Too ugly?



Andi

Reply to:

Follow-Ups:
- Re: Document correct buildd chroot setup somewhere?
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Document correct buildd chroot setup somewhere?
  - From: Stefan Fritsch <sf@debian.org>
- Re: Document correct buildd chroot setup somewhere?
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: Document correct buildd chroot setup somewhere?
Next by Date: Re: Document correct buildd chroot setup somewhere?
Previous by thread: Re: Document correct buildd chroot setup somewhere?
Next by thread: Re: Document correct buildd chroot setup somewhere?
Index(es):
- Date
- Thread