diff options
Diffstat (limited to 'man/sbuild-setup.7.in')
| -rw-r--r-- | man/sbuild-setup.7.in | 303 |
1 files changed, 303 insertions, 0 deletions
diff --git a/man/sbuild-setup.7.in b/man/sbuild-setup.7.in new file mode 100644 index 0000000..102e4d7 --- /dev/null +++ b/man/sbuild-setup.7.in @@ -0,0 +1,303 @@ +.\" t +.\" +.\" Copyright © 2005-2008 Roger Leigh <rleigh@debian.org> +.\" +.\" This program is free software: you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation, either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +.\" General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program. If not, see +.\" <http://www.gnu.org/licenses/>. +.so defs.man +.TH SBUILD-SETUP 7 "\*[RELEASE_DATE]" "Version \*[VERSION]" "Debian sbuild" +.SH NAME +sbuild-setup \- sbuild setup procedure +.SH DESCRIPTION +\fBsbuild\fP uses chroots to build packages within, to provide a minimal and +consistent build environment. This man page describes the procedure to create +a chroot by hand using debootstrap. These are only guidelines; depending upon +the setup required, several of the steps may be omitted entirely. +.SH QUICK START +Simply running +.B sbuild-createchroot +will perform all the setup steps described in detail below. See the section +\[lq]\fIsbuild-createchroot\fP\[rq] below, as well as +.BR sbuild\-createchroot (8). +.SH CHROOT SETUP +This guide sets up a lenny chroot on a powerpc machine. Adjust the +names for other suites and architectures. +.SS 1. Run debootstrap to create the chroot +\f[CR]# \f[CB]mkdir \-p /srv/chroot/lenny\fP\fP +.br +.PP +The author has each chroot as a separate LVM logical volume (LV). Create and +mount an LV here if required: +.PP +\f[CR]# \f[CB]lvcreate \-L 4G \-n lenny_chroot \-Z y volume-group\fP\fP +.br +.PP +Add to /etc/fstab and mount (see next section for full fstab example). +Finally, run debootstrap to create the chroot: +.PP +\f[CR]# \f[CB]debootstrap \-\-variant=buildd lenny /srv/chroot/lenny http://deb.debian.org/debian/\fP\fP +.br +.SS 2. Set up additional mounts +An example \fI/etc/fstab\fP: +.PP +.TS +lfCR s s s s s. +/dev/volume-group/lenny_chroot \[rs] +.T& +lfCR lfCR lfCR lfCR lfCR lfCR. + /srv/chroot/lenny ext3 defaults 0 2 +/dev/pts /srv/chroot/lenny/dev/pts none rw,bind 0 0 +tmpfs /srv/chroot/lenny/dev/shm tmpfs defaults 0 0 +proc /srv/chroot/lenny/proc proc defaults 0 0 +.T& +lfCR s s s s s. +/dev/volume-group/home \[rs] +.T& +lfCR lfCR lfCR lfCR lfCR lfCR. + /srv/chroot/lenny/home ext3 quota 0 0 +/tmp /srv/chroot/lenny/tmp none rw,bind 0 0 +/etc/passwd /srv/chroot/lenny/etc/passwd none ro,bind 0 0 +/etc/shadow /srv/chroot/lenny/etc/shadow none ro,bind 0 0 +/etc/group /srv/chroot/lenny/etc/group none ro,bind 0 0 +/etc/gshadow /srv/chroot/lenny/etc/gshadow none ro,bind 0 0 +.T& +lfCR s s s s s. +/etc/resolv.conf \[rs] +.T& +lfCR lfCR s s s s. + /srv/chroot/lenny/etc/resolv.conf \[rs] +.T& +lfCR lfCR lfCR lfCR lfCR lfCR. + none ro,bind 0 0 +.TE +.PP +If the bind mountpoints don't exist in the chroot, touch them: +.PP +\f[CR]# \f[CB]touch /srv/chroot/lenny/etc/resolv.conf\fP\fP +.PP +Next, mount them all. +.PP +Depending on your kernel version and security considerations, you may wish to +do this part slightly differently. With a Linux kernel, at least version 2.6 +is required for bind mounts, and devpts (CONFIG_UNIX98_PTYS) for +\fI/dev/pts\fP. Other guides recommend copying the files, but this method +keeps them up-to-date at no cost. +.PP +If using sbuild with schroot, \fIpasswd\fP, \fIshadow\fP, \fIgroup\fP, +\fIgshadow\fP and \fIresolv.conf\fP can be updated automatically at the start +of each build, so no action is required here. schroot can also automatically +mount all of the extra filesystems, so all the other mounts may be omitted. +.PP +To disable networking, don't bind mount \fI/etc/resolv.conf\fP. This will +prevent APT from working inside the chroot, but prevents package building from +having working network access (no nameservers). +.SS 3. Edit \f[BI]sources.list\fP +Create or edit \fI/srv/chroot/lenny/etc/apt/sources.list\fP, and add all the +APT sources required to obtain binary and source packages for your chosen +distribution: +.PP +\f[CR]deb http://security.debian.org/ lenny/updates main\fP +.br +\f[CR]deb\-src http://security.debian.org/ lenny/updates main\fP +.br +\f[CR]\fP +.br +\f[CR]deb http://deb.debian.org/debian/ lenny main\fP +.br +\f[CR]deb\-src http://deb.debian.org/debian/ lenny main\fP +.br +.SS 4. Configure dchroot or schroot +This is entirely optional, but will make the chroot environment easier to +access and administer. +.PP +For dchroot, add the following line to \fI/etc/dchroot.conf\fP: +.PP +\f[CR]lenny /srv/chroot/lenny\fP +.br +.PP +For schroot, add a group to \fI/etc/schroot/schroot.conf\fP (or a new file +\fI/etc/schroot/chroot.d/lenny\fP), for example: +.PP +\f[CR][lenny]\fP +.br +\f[CR]type=directory\fP +.br +\f[CR]description=Debian lenny (stable)\fP +.br +\f[CR]location=/srv/chroot/lenny\fP +.br +\f[CR]priority=2\fP +.br +\f[CR]groups=root,sbuild\fP +.br +\f[CR]root\-groups=sbuild\fP +.br +\f[CR]aliases=stable\fP +.br +\f[CR]run\-setup\-scripts=true\fP +.br +\f[CR]run\-session\-scripts=true\fP +.br +.PP +For sudo, add a symbolic link to the directory \fI/etc/sbuild/chroot\fP, for +example: +.PP +\f[CR]# \f[CB]mkdir \-p /etc/sbuild/chroot\fP\fP +.br +\f[CR]# \f[CB]ln \-s /srv/chroot/lenny /etc/sbuild/chroot/lenny\fP\fP +.br +.SS 5. Log into chroot +\f[CR]# \f[CB]dchroot \-c lenny\fP\fP +.br +.PP +or +.PP +\f[CR]$ \f[CB]schroot \-c lenny \-u root\fP\fP +.br +.SS 6. Set up packages for sbuild +While running as root inside the chroot: +.PP +\f[CR]# \f[CB]apt\-get update\fP\fP +.br +\f[CR]# \f[CB]apt\-get dist\-upgrade\fP\fP +.br +\f[CR]# \f[CB]apt\-get install debconf\fP\fP +.br +\f[CR]# \f[CB]dpkg\-reconfigure \-plow debconf\fP\fP +.br +.PP +Answer the debconf questions as follows: +.IP \fBinterface\fP +choose \fI6/Noninteractive\fP +.IP \fBpriority\fP +choose \fI1/Critical\fP +.PP +You only need to run dpkg-reconfigure if you weren't asked the questions during +the debconf install. Next, install the packages required for building +packages: +.PP +\f[CR]# \f[CB]apt\-get install fakeroot build\-essential\fP\fP +.br +\f[CR]# \f[CB]apt\-get install makedev\fP\fP +.br +\f[CR]# \f[CB]cd /dev/\fP\fP +.br +\f[CR]# \f[CB]/sbin/MAKEDEV generic\fP\fP +.br +\f[CR]# \f[CB]touch /etc/mtab\fP\fP +.br +.PP +For some security, we don't bind mount /dev, so it can't access e.g. USB +devices +.SS 7. sbuild setup +While running as root inside the chroot: +.PP +\f[CR]# \f[CB]mkdir /build\fP\fP +.br +\f[CR]# \f[CB]chown root:sbuild /build\fP\fP +.br +\f[CR]# \f[CB]chmod 02775 /build\fP\fP +.br +\f[CR]# \f[CB]mkdir \-p /var/lib/sbuild/srcdep\-lock\fP\fP +.br +\f[CR]# \f[CB]chown \-R root:sbuild /var/lib/sbuild\fP\fP +.br +\f[CR]# \f[CB]chmod \-R 02775 /var/lib/sbuild\fP\fP +.br +.PP +Note that when using sbuild with schroot, this setup is done at the start of +each build, so is not required here. +.SS 8. Finished +Congratulations! You should now have a fully configured and operational +chroot. +.SH SBUILD-CREATECHROOT +This script will automatically perform a number of the steps described above, +including: +.IP \[bu] +Running debootstrap. +.IP \[bu] +Setting up APT sources in \fI/etc/apt/sources.list\fP. +.IP \[bu] +Setting up a minimal \fI/etc/passwd\fP +.IP \[bu] +Setting up /build and /var/lib/sbuild with appropriate ownership and +permissions. +.PP +After it has done this, you do still need to do some manual setup, completing +the steps it missed out above, for example. +.SH USER SETUP +.SS 1. Group membership +As root, run: +.PP +\f[CR]# \f[CB]sbuild-adduser \f[CBI]user\fP\fP\fP +.br +.PP +Alternatively, add the user to the \fIsbuild\fP group by hand: +.PP +\f[CR]# \f[CB]adduser \f[CBI]user\fP sbuild\fP\fP +.SS 2. \f[BI]~/.sbuildrc\fP +.br +Configure the user's \fI~/.sbuildrc\fP: +.PP +\f[CR]$ \f[CB]cp /usr/share/doc/sbuild/examples/example.sbuildrc ~\f[CBI]user\fP/.sbuildrc\fP\fP +.br +.PP +Edit to set the correct mail address to send log files to, and the correct +maintainer name and/or uploader name. +.PP +.SS 3. Build directories +Create directories to contain packages and log files. (.sbuildrc may have +configured different locations; the default build directory is the current +directory, and the default $log_dir is ~/logs): +.PP +\f[CR]$ \f[CB]mkdir ~/logs\fP\fP +.br +.SS 4. sudo setup +This step not required if schroot is used (which is the default, set in +\fIsbuild.conf\fP). If using sbuild with sudo (chroot_mode \[lq]split\[rq]), +sudo needs configuring to give the user permission to install and remove +packages in the chroot, which requires root privileges. Add the following +lines to \fI/etc/sudoers\fP: +.PP +\f[CR]\f[CI]username\fP ALL=NOPASSWD: ALL\fP +.br +\f[CR]Defaults:\f[CI]username\fP env_keep+="APT_CONFIG DEBIAN_FRONTEND SHELL"\fP +.br +.PP +where \fIusername\fP is the name of the user who will run sbuild. +.SS 5. Finished +The user should now be able to run sbuild. +.PP +\f[CR]$ \f[CB]sbuild ...\fP\fP +.br +.SH AUTHORS +Roger Leigh. +.SH COPYRIGHT +Copyright \(co 2005-2008 Roger Leigh <rleigh@debian.org> +.PP +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation; either version 2 of the License, or (at your option) +any later version. +.SH SEE ALSO +.BR debootstrap (1), +.BR sbuild (1), +.BR sbuild\-adduser (8), +.BR sbuild\-createchroot (8). +.\"# +.\"# The following sets edit modes for GNU EMACS +.\"# Local Variables: +.\"# mode:nroff +.\"# fill-column:79 +.\"# End: |