Debian Buildd Setup

This page describes setting up a new buildd. This can either be as part of the official Debian buildd network, with the machine run by DSA, or as part of the debian-ports 'unoffical' buildd network for new/old/not-released ports, where the admin is not by DSA.

Mostly because DSA has particular admin requirements some of the setup is different. See the relevant section.

This documentation supercedes https://buildd.debian.org/docs/buildd-setup.txt

Considerations

Admin

To be adopted by DSA a machine must have these things

To be used as a buildd the machine needs:

Minimum:

Preferable:

Setup

It is much easier to run a buildd using stable. The tools are built for that, external admin people expect it, and stability is good. Even if you have a new architecture it is a very good idea to run stable on the base machine, and only use unstable with the recently-bootstrapped stuff in the build chroot if you can. Not all architectures have this option of course, and you may have to run unstable <new-arch> on the bare machine too. The problem here is that you may not have everything you need built yet, and changes over time (general unstable breakage, new breakage in your new arch, ABI changes etc) will cause whoever is administering the machine some hassle. It will work like this though so ultimately the choice is yours. Once your architecture is accepted into testing it is best to use the current codename for the testing suite so that the machine starts using stable after a release.

So running an armel base machine for new armhf chroots or an armhf base machine for arm64 chroots was best, for example.

DSA may not adopt a machine that is not running stable.

debian.org Buildd setup

Much is now done by puppet. You will need to do the following before handing over to DSA:

Debian-ports Buildd Setup

* (as root) Create buildd user

adduser buildd

* (as buildd) Generate a SSH public/private key pair of type RSA in the default location without a passphrase. As the buildd will use SSH to talk to wanna-build, the public part needs to be passed on to the wanna-build administrators.

echo | ssh-keygen -N ''

* (as root) Point at special buildd.debian.org versions of buildd/sbuild tools

apt-get install apt-transport-https ca-certificates debian-archive-keyring
wget https://buildd.debian.org/apt/archive-key.asc
apt-key add archive-key.asc

* (as buildd) set up buildd directories

install --directory --mode=2770 --owner=buildd --group=buildd build logs old-logs upload-security
install --directory --mode=2775 --owner=buildd --group=buildd stats stats/graphs upload

* (as root) install tools

apt-get install sbuild buildd 

* (as buildd) .forward must be filled with "|/usr/bin/buildd-mail" to set up the buildd to handle log reply mails.

echo '|/usr/bin/buildd-mail' > ~/.forward 

* (as root) Add buildd user to sbuild group

sbuild-adduser buildd

The above will configure a mail daemon if you haven't already installed one.

* Remember to log in again as buildd at this point to gain new group

* (as buildd) generate sbuild keys

sbuild-update --keygen

* If you have lvm available then set up LVM snapshots:

YOUR_VG="vg0"
lvcreate --size 20G --name buildd-trees $YOUR_VG
install --directory --mode=2700 --owner=buildd --group=buildd ~buildd/build-trees
mkfs.ext3 /dev/$YOUR_VG/buildd-trees
echo "/dev/$YOUR_VG/buildd-trees /home/buildd/build-trees ext3 rw 0 2" >> /etc/fstab
mount ~buildd/build-trees
/usr/share/sbuild/create-chroot --arch=arm64 unstable $YOUR_VG 5G