[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Document correct buildd chroot setup somewhere?

[ adjusting recipients - implementation detail]

* Philipp Kern (pkern@debian.org) [100405 12:18]:
> On Mon, Apr 05, 2010 at 11:31:02AM +0200, Stefan Fritsch wrote:
> > is the correct setup for the buildd chroots documented somewhere? I 
> > frequently have to have the same discussions with buildd admins again 
> > and again to have them fix the configuration of the stable-security 
> > chroots. It would be easier if I could just point them to the 
> > documentation. And maybe, if there was some documentation, the 
> > configuration wouldn't be broken that often.
> They should use the script we provide: create-chroot.sh.  It should take
> care of those details.  However...
> > TTBOMK, the correct setup currently is:
> > 
> > sources.list:
> > - include source *and* binary lines for the security-master/buildd/ 
> > dir (don't know what the dir is called exactly)
> > - do not include incoming.debian.org
> > - do not include s-p-u
> We are currently using the base suite as the base for the security settings.
> This means incoming.debian.org as the second mirror and s-p-u included.

What I think about is that we just write sources.list on every chroot
cloning / entrying, except if we use the source chroot:

1. sources.list:

We have (currently only on some systems) the prefered mirrors in
/etc/schroot/conf.buildd. This file needs to be created where it
doesn't exist yet. As long as it doesn't exist, I'd just not do
anything for sources.list.

If we do security, proposed-updates, and in case of snapshots also any
other, we write the appropriate entries to sources.list:

$nearestmirror if set
$securitymirror if set
security-master public and private (using https for private ones)

$nearestmirror stable and p-u if set
ftp.d.o stable and p-u
incoming p-u only (?)

volatile / backports:
$nearestmirror stable and p-u if set
$nearestvol / $nearestbpo stable and p-u if set
ftp.d.o stable and p-u
volatile-master p-u / backports-master p-u

$nearestmirror unstable
ftp.d.o unstable
incoming unstable and buildd-unstable

2. apt.conf:

We automatically write to /etc/apt/apt.conf.d/99builddauto entries
with no pdiffs, no recommends, and - in case of security chroots only
- no authentication. (Only for >= lenny, etch doesn't do apt.conf.d)

3. dpkg.cfg:

For >= squeeze we automatically write "force-confnew" to
/etc/dpkg/dpkg.conf.d/force-confnew on each entering of the chroot.

Comments? Too ugly?


Reply to: