arrakis up and running!
So, I spent most of today whipping arrakis into being a buildd again. The result:
Now, while it's still fresh in my memory, for those of you who want to
set things up, here's a (not so) short HOWTO:
- First, set up sbuild so it can build packages. This has changed fairly
significantly since the old days, so you'll have to learn all over
again. Since Ingo set that up on arrakis, I'm afraid I can't help
here, but he said he'd mail his explanation some time soon.
Important: make sure the 'schroot' chroot name follows the following
otherwise buildd won't find the chroot and can't build.
- Install buildd. Note that 'buildd.conf' has been renamed, you should
now use ~buildd/.builddrc instead. A template configuration file looks
@distributions = (
dist_name => [ "sid" ],
built_architecture => 'm68k',
wanna_build_ssh_host => "buildd.debian-ports.org",
wanna_build_ssh_user => "buildd_m68k",
wanna_build_ssh_socket => "buildd.debian-ports.org.ssh",
wanna_build_ssh_options => ,
wanna_build_db_user => "buildd_m68k-arrakis",
dupload_local_queue_dir => "upload",
no_auto_build => ,
weak_no_auto_build => ,
logs_mailed_to => 'firstname.lastname@example.org,email@example.com',
sign_with => "96DC703F",
@upload_queues = (
dupload_local_queue_dir => "upload",
dupload_archive_name => "dports",
my $autoclean_interval = 86400;
my $secondary_daemon_threshold = undef;
$admin_mail = "wouter\@debian.org";
$statistics_mail = $admin_mail;
# How many days until archiving build logs
my $buildd_log_keep = 7;
# Log successful messages from upload queue daemon?
my $log_queued_messages = 1;
# Send rotated daemon.log files?
$daemon_log_send = 1;
# Arrakis is a dedicated daemon, it shouldn't need nice
$nice_level = 0;
my $max_build = 1;
# Ask whether packages should be built if they failed earlier?
$should_build_msgs = 0;
# Don't remove this, Perl needs it
Yes, that means we can specify more than one distributions with more
than one target upload queue. On debian.org machines, this is used to
build for unstable, experimental, backports, and security, all from
the same host.
Obviously you'll want to change the values of logs_mailed_to,
wanna_build_db_user, and $admin_mail :-)
- Add a cronjob for
schroot -c source:sid-m68k-sbuild -- apt-get update
and have it run every six hours, but *not* at 6-12-18-24, because
that's just *before* the archive run. This is because 'apt-get update'
takes about 25 minutes these days, and otherwise it'll try to do that
for *every* build, which isn't always necessary. With this, it'll do
it as often as debian-ports gets updated; much more useful. Note the
source: bit in the schroot command line, it means you don't want
schroot to create a snapshot that it'll throw away after you log out
(fairly crucial for what we want to do here)
- Patch /usr/bin/perl5/Buildd/Daemon.pm, find the line that says
'--apt-update' and change it into '--no-apt-update'. I'll file a
bugreport in a minute so that isn't hardcoded anymore, but for now
you'll have to do that.
- Generate a GPG key with:
- 4096 bits RSA
- expiry set to 1 year
- no password
You do *not* want to do this on the m68k; generate it on a faster
machine, and use 'gpg --export-secret-key' to copy it over to the
m68k. Otherwise you'll be at it for hours. Note that
--export-secret-key doesn't export the public key, you have to use
--export-key for that. Use --import on the m68k machine to import both
files there. Don't forget to gpg --delete-secret-key it from your
other machine (don't want to needlessly increase the attack surface)
- Sign the GPG key with your own GPG key (the one that you can use to do
debian.org uploads with)
- Change the value of 'sign_with' in .builddrc to the key ID of the GPG
key that you just generated.
- Upload the GPG key to some keyserver somewhere.
- Generate an SSH key (if that has not already been done)
- Send a mail to aurelien with GPG fingerprint, SSH public, and mail
- Install buildd-watcher and buildd-uploader in cron, as before.
I'll work on some other machines tomorrow, but for now, arrakis already
built one package and has just started doing the next one.
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.