BuildEnvironment
Describe SecurityTeam/BuildEnvironment here.
In an effort to recreate a build environment that closely mimics the Launchpad buildds, the Ubuntu Security team has defined the following steps. This is in many ways an extension of SbuildLVMHowto. This is also documented in LINK HERE.
Sbuild/Aufs with ddebs (Lucid)
mk-sbuild in Lucid uses 'union-type=aufs' by default with schroot now. Also, mk-sbuild passes --variant=buildd to debootstrap so you don't have to. Due to performance issues with ext4 in Ubuntu 10.04 LTS, it is recommened that you use ext3 for your builds.
Creating the schroots
Install sbuild and schroot:
$ sudoa pt-get install sbuild schroot
Make sure you are in the 'sbuild' group:
$ sudo adduser <username> sbuild
If /var doesn't have enough space, create a big partition for your chroots:
$ sudo mkfs.ext3 /dev/sdXN $ sudo mkdir /srv/devel $ ls -l /dev/disk/by-uuid/|grep sdXN lrwxrwxrwx 1 root root 10 2010-04-22 12:14 d9300709-7b77-4fcc-8d95-77cecdef9e51 -> ../../sdXN
Add to /etc/fstab:
UUID=d9300709-7b77-4fcc-8d95-77cecdef9e51 /srv/devel ext3 defaults,relatime 0 0
Mount it:
$ sudo mount /srv/devel $ df -h|grep devel /dev/sdXN 166G 188M 157G 1% /srv/devel
Create the schroot directory:
$ sudo mkdir /srv/devel/schroot
- Create ~/.mk-sbuild.sources.ubuntu (can use simply .mk-sbuild.sources and
also .mk-sbuild.sources.debian). Eg:
deb http://debmirror/ubuntu RELEASE main restricted universe multiverse deb-src http://debmirror/ubuntu RELEASE main restricted universe multiverse deb http://debmirror/ubuntu RELEASE-updates main restricted universe multiverse deb-src http://debmirror/ubuntu RELEASE-updates main restricted universe multiverse deb http://debmirror/ubuntu RELEASE-security main restricted universe multiverse deb-src http://debmirror/ubuntu RELEASE-security main restricted universe multiverse
- Setup for extracting the ddebs:
Append /etc/schroot/mount-defaults:
/home/<username>/scratch /scratch none rw,bind 0 0
Create /etc/schroot/script-get-ddebs:
# Do whatever the default script would do . /etc/schroot/script-defaults # Clean up during 00check if [ "x$0" = "x/etc/schroot/setup.d/00check" ]; then if [ $1 = "setup-stop" ]; then # Pull out .ddebs mv /var/cache/buildtmp/schroot/union/overlay/"$SESSION_ID"/build/*/*.ddeb /scratch/ddebs/ 2>/dev/null || true fi fi # end script
Create the following directory:
$ mkdir ~/scratch/ddebs
- Create ~/.mk-sbuild.rc:
# mk-sbuild tunables -- SOURCE_CHROOTS_TGZ used with 'file' and SOURCE_CHROOTS_DIR with 'directory' SOURCE_CHROOTS_DIR="/srv/devel/schroot" # default: /var/lib/schroot/chroots SCHROOT_CONF_SUFFIX="script-config=script-get-ddebs source-root-users=root,sbuild,admin source-root-groups=root,sbuild,admin" SKIP_UPDATES="1"
- What this does is tells schroot that the chroots are in "/srv/devel/schroot", and to append to the configuration of the chroot in /etc/schroot/schroot.conf the contents of SCHROOT_CONF_SUFFIX. Using 'SCHROOT_CONF_SUFFIX="script-config=script-get-ddebs"' means that /etc/schroot/script-get-ddebs gets called to configure the chroot. This script sources '/etc/schroot/script-defaults' so it behaves normally, then pulls the ddebs out and puts them into the bind mounted /scratch directory in the chroot (ie into ~/scratch).
Finally, create the schroots (see man mk-sbuild for details):
for i in dapper hardy intrepid jaunty karmic lucid ; do mk-sbuild $i --arch=amd64 --skip-updates --debootstrap-mirror=http://debmirror/ubuntu --distro=ubuntu mk-sbuild $i --arch=i386 --skip-updates --debootstrap-mirror=http://debmirror/ubuntu --distro=ubuntu done for i in etch lenny squeeze sid ; do mk-sbuild $i --skip-updates --distro=debian done
For arm (see ARM/RootfsFromScratch for more details) :
$ mk-sbuild --arch armel lucid
Deleting a schroot
Edit /etc/schroot/schroot.conf to remove the stanza for the chroot, then do:
$ sudo rm -rf /srv/devel/schroot/lucid-amd64
Using the schroot
Using a schroot is similar to the chroot command but you specify the chroot and user you want to use rather than the directory.
$ schroot -c lucid-amd64 -u root (lucid-amd64)root@foo:/home/user# apt-get install ... (lucid-amd64)root@foo:/home/user# su user (lucid-amd64)user@foo$ exit exit (lucid-amd64)root@foo:/home/user# exit logout $
Login to the other architectures with:
$ schroot -c lucid-i386 -u root $ schroot -c lucid-armel -u root
Or without root with:
$ schroot -c lucid-amd64