arrakis up and running!

To: debian-68k@lists.debian.org
Subject: arrakis up and running!
From: Wouter Verhelst <wouter@debian.org>
Date: Mon, 24 Dec 2012 21:36:51 +0100
Message-id: <[🔎] 20121224203651.GB6808@grep.be>

So, I spent most of today whipping arrakis into being a buildd again. The result:

http://grep.be/blog/en/computer/debian/m68k/arrakis

Party!

Now, while it's still fresh in my memory, for those of you who want to
set things up, here's a (not so) short HOWTO:

- First, set up sbuild so it can build packages. This has changed fairly
  significantly since the old days, so you'll have to learn all over
  again. Since Ingo set that up on arrakis, I'm afraid I can't help
  here, but he said he'd mail his explanation some time soon.

  Important: make sure the 'schroot' chroot name follows the following
  pattern:

  <dist>-<arch>-sbuild

  e.g.,

  sid-m68k-sbuild

  otherwise buildd won't find the chroot and can't build.
- Install buildd. Note that 'buildd.conf' has been renamed, you should
  now use ~buildd/.builddrc instead. A template configuration file looks
  like this:

--->8--->8---
@distributions = (
        {
                dist_name => [ "sid" ],
                built_architecture => 'm68k',
                wanna_build_ssh_host => "buildd.debian-ports.org",
                wanna_build_ssh_user => "buildd_m68k",
                wanna_build_ssh_socket => "buildd.debian-ports.org.ssh",
                wanna_build_ssh_options => [],
                wanna_build_db_user => "buildd_m68k-arrakis",
                dupload_local_queue_dir => "upload",
                no_auto_build => [],
                weak_no_auto_build => [],
                logs_mailed_to => 'wouter@debian.org,logs@buildd.debian-ports.org',
                sign_with => "96DC703F",
        },
);

@upload_queues = (
        {
                dupload_local_queue_dir => "upload",
                dupload_archive_name => "dports",
        },
);

my $autoclean_interval = 86400;
my $secondary_daemon_threshold = undef;
$admin_mail = "wouter\@debian.org";
$statistics_mail = $admin_mail;

# How many days until archiving build logs
my $buildd_log_keep = 7;

# Log successful messages from upload queue daemon?
my $log_queued_messages = 1;

# Send rotated daemon.log files?
$daemon_log_send = 1;

# Arrakis is a dedicated daemon, it shouldn't need nice
$nice_level = 0;

my $max_build = 1;

# Ask whether packages should be built if they failed earlier?
$should_build_msgs = 0;

# Don't remove this, Perl needs it
1;
---8<---8<---

  Yes, that means we can specify more than one distributions with more
  than one target upload queue. On debian.org machines, this is used to
  build for unstable, experimental, backports, and security, all from
  the same host.

  Obviously you'll want to change the values of logs_mailed_to,
  wanna_build_db_user, and $admin_mail :-)
- Add a cronjob for 

  schroot -c source:sid-m68k-sbuild -- apt-get update

  and have it run every six hours, but *not* at 6-12-18-24, because
  that's just *before* the archive run. This is because 'apt-get update'
  takes about 25 minutes these days, and otherwise it'll try to do that
  for *every* build, which isn't always necessary. With this, it'll do
  it as often as debian-ports gets updated; much more useful.  Note the
  source: bit in the schroot command line, it means you don't want
  schroot to create a snapshot that it'll throw away after you log out
  (fairly crucial for what we want to do here)
- Patch /usr/bin/perl5/Buildd/Daemon.pm, find the line that says
  '--apt-update' and change it into '--no-apt-update'. I'll file a
  bugreport in a minute so that isn't hardcoded anymore, but for now
  you'll have to do that.
- Generate a GPG key with:
  - 4096 bits RSA
  - expiry set to 1 year
  - no password
  You do *not* want to do this on the m68k; generate it on a faster
  machine, and use 'gpg --export-secret-key' to copy it over to the
  m68k. Otherwise you'll be at it for hours. Note that
  --export-secret-key doesn't export the public key, you have to use
  --export-key for that. Use --import on the m68k machine to import both
  files there. Don't forget to gpg --delete-secret-key it from your
  other machine (don't want to needlessly increase the attack surface)
- Sign the GPG key with your own GPG key (the one that you can use to do
  debian.org uploads with)
- Change the value of 'sign_with' in .builddrc to the key ID of the GPG
  key that you just generated.
- Upload the GPG key to some keyserver somewhere.
- Generate an SSH key (if that has not already been done)
- Send a mail to aurelien with GPG fingerprint, SSH public, and mail
  forward address
- Install buildd-watcher and buildd-uploader in cron, as before.
- Profit!

I'll work on some other machines tomorrow, but for now, arrakis already
built one package and has just started doing the next one.

-- 
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.

Reply to:

Follow-Ups:
- Re: arrakis up and running!
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: Re: packages for unreleased (was Re: [buildd] Vivaldi & Elgar sbuild ready, Arrakis next)
Next by Date: Re: arrakis up and running!
Previous by thread: Re: buildd access for m68k?
Next by thread: Re: arrakis up and running!
Index(es):
- Date
- Thread