Re: Question about Debian build infrastructure

To: Kyle Edwards <kyle.edwards@kitware.com>, debian-devel <debian-devel@lists.debian.org>
Subject: Re: Question about Debian build infrastructure
From: Benjamin Drung <benjamin.drung@cloud.ionos.com>
Date: Tue, 11 Jun 2019 19:05:49 +0200
Message-id: <[🔎] ce13cb59156310942fb1897a11deeb79957a3e99.camel@cloud.ionos.com>
In-reply-to: <[🔎] 1559845959.3051.9.camel@kitware.com>
References: <[🔎] 1559845959.3051.9.camel@kitware.com>

Hi,

Am Donnerstag, den 06.06.2019, 14:32 -0400 schrieb Kyle Edwards:
> Hello all,
> 
> I have been preparing Ubuntu releases for CMake on our own APT
> repository for several months now. We did this by preparing our own
> repository infrastructure - we have a machine that builds packages,
> and
> a machine that hosts an Aptly instance and pushes the repository to
> our
> web server. However, all of these things had a lot of manual steps to
> set up and use, and I'm wondering how Debian handles this problem.
> Here
> are some of my questions:
> 
> 1. What software do the official Debian repositories use? Do they use
> Aptly or reprepro or something else? Is there a downloadable OS image
> which comes with this pre-set up? Does it run on a cron job or does
> it
> have some sort of continuous monitoring? (We have ours run on a cron
> job every 10 minutes.)
> 2. According to https://wiki.debian.org/BuilddSetup, there seems to
> be
> a distinction between the build broker (wanna-build) and the build
> workers (buildd). Do either of these roles have their own OS images
> one
> can download?
> 3. I understand that source packages are signed by developers before
> being sent to the build farm, but what about the binary packages
> built
> by the build farm and uploaded to the repository? Do the build farm
> servers have their own GPG keys? Does the repository server recognize
> these keys?
> 
> Thanks in advance, all this info would be helpful for me as I expand
> our Ubuntu build infrastructure.

You already got a bunch of responses. I was responsible for our inhouse
Debian build chain and faced similar questions than you - except that I
took over the maintenance of the existing setup. Here are some tips:

* We use sbuild to build the packages (for using the same tool than
Debian and for the nice looking logs). To speed up, use an overlay
placed it on tmpfs.

* I had to patch reprepro to support multiple versions: 
https://github.com/profitbricks/reprepro

* The build bots upload the binary packages to the repository host with
dput. The repository host uses restricted-ssh-commands to allow only
the upload.

* We use gluing code in lot of places, e.g. as wrapper around sbuild,
for package approval, etc.

When I had to start from scratch, I would probably have a look at
laniakea, because things like testing migration with britney and
autopkgtest is something useful to have.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.drung@cloud.ionos.com | Web: www.ionos.de

Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss

Member of United Internet

Reply to:

Follow-Ups:
- Re: Question about Debian build infrastructure
  - From: Paul Wise <pabs@debian.org>

References:
- Question about Debian build infrastructure
  - From: Kyle Edwards <kyle.edwards@kitware.com>

Prev by Date: Re: speeding up installs
Next by Date: Bug#930378: ITP: qunit-selenium -- Run QUnit tests through Selenium WebDriver
Previous by thread: Re: Question about Debian build infrastructure
Next by thread: Re: Question about Debian build infrastructure
Index(es):
- Date
- Thread