Contents
Debian Buildd Setup
This page describes setting up a new buildd. This can either be as part of the official Debian buildd network, with the machine run by DSA, or as part of the debian-ports 'unoffical' buildd network for new/old/not-released ports, where the admin is not by DSA.
Mostly because DSA has particular admin requirements some of the setup is different. See the relevant section.
This documentation supercedes https://buildd.debian.org/docs/buildd-setup.txt
Considerations
Admin
To be adopted by DSA a machine must have these things
<list>
To be used as a buildd the machine needs:
Minimum:
- To be able to ssh out
- To send and receive email
- Ability for buildd admin to ssh in and get root access
Preferable:
- Remote serial access and power control
- Ability to ssh in for remote access
Setup
It is much easier to run a buildd using stable. The tools are built for that, external admin people expect it, and stability is good. Even if you have a new architecture it is a very good idea to run stable on the base machine, and only use unstable with the recently-bootstrapped stuff in the build chroot if you can. Not all architectures have this option of course, and you may have to run unstable <new-arch> on the bare machine too. The problem here is that you may not have everything you need built yet, and changes over time (general unstable breakage, new breakage in your new arch, ABI changes etc) will cause whoever is administering the machine some hassle. It will work like this though so ultimately the choice is yours. Once your architecture is accepted into testing it is best to use the current codename for the testing suite so that the machine starts using stable after a release.
So running an armel base machine for new armhf chroots or an armhf base machine for arm64 chroots was best, for example.
DSA may not adopt a machine that is not running stable.
debian.org Buildd setup
Much is now done by puppet. You will need to do the following before handing over to DSA:
Debian-ports Buildd Setup
* (as root) Create buildd user
adduser buildd
* (as buildd) Generate a SSH public/private key pair of type RSA in the default location without a passphrase. As the buildd will use SSH to talk to wanna-build, the public part needs to be passed on to the wanna-build administrators.
echo | ssh-keygen -N ''
* (as root) Point at special buildd.debian.org versions of buildd/sbuild tools
apt-get install apt-transport-https ca-certificates debian-archive-keyring wget https://buildd.debian.org/apt/archive-key.asc apt-key add archive-key.asc
* (as buildd) set up buildd directories
install --directory --mode=2770 --owner=buildd --group=buildd build logs old-logs upload-security install --directory --mode=2775 --owner=buildd --group=buildd stats stats/graphs upload
* (as root) install tools
apt-get install sbuild buildd
* (as buildd) .forward must be filled with "|/usr/bin/buildd-mail" to set up the buildd to handle log reply mails.
echo '|/usr/bin/buildd-mail' > ~/.forward
* (as root) Add buildd user to sbuild group
sbuild-adduser buildd
The above will configure a mail daemon if you haven't already installed one.
* Remember to log in again as buildd at this point to gain new group
* (as buildd) generate sbuild keys
sbuild-update --keygen
* If you have lvm available then set up LVM snapshots:
YOUR_VG="vg0" lvcreate --size 20G --name buildd-trees $YOUR_VG install --directory --mode=2700 --owner=buildd --group=buildd ~buildd/build-trees mkfs.ext3 /dev/$YOUR_VG/buildd-trees echo "/dev/$YOUR_VG/buildd-trees /home/buildd/build-trees ext3 rw 0 2" >> /etc/fstab mount ~buildd/build-trees /usr/share/sbuild/create-chroot --arch=arm64 unstable $YOUR_VG 5G