Difference between revisions of "Build Server"
From stoney cloud
[unchecked revision] | [unchecked revision] |
(16 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Overview = | = Overview = | ||
* Base chroot environment for the creation of most binary packages which will be copied to the [[Binary Package Server]]. | * Base chroot environment for the creation of most binary packages which will be copied to the [[Binary Package Server]]. | ||
− | * Packages, which don't need to be built | + | * Packages, which don't need to be built, for example [http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html Oracle's Java SE Development Kit] (JDK), can be fetched from the [[Mirror Server]]. |
* Software stacks built upon specialized binary packages, require their own chroot environment. If possible, avoid this. | * Software stacks built upon specialized binary packages, require their own chroot environment. If possible, avoid this. | ||
+ | * For reproducibility, Portage and Profiles are frozen with the help of version control system (git in our case). This is only done on the [[Mirror Server]]. | ||
+ | * When building packages in a chroot environment, the portage and overlay versions need to set. | ||
+ | == Portage Snapshotting == | ||
+ | |||
+ | To be able to reliably rebuild packages, we are working with a snapshotted/versioned portage tree. | ||
+ | |||
+ | === Updating the snapshot to latest === | ||
+ | |||
+ | We are using <code>emerge-webrsync</code> since it features an already determined version, checksum- and gpg-validation. | ||
+ | |||
+ | {{Cmd | ||
+ | |git clone "${PORTAGE_GIT_REPO}" portage | ||
+ | |cd portage | ||
+ | |PORTAGE_RSYNC_EXTRA_OPTS{{=}}"--exclude{{=}}/.git --exclude{{=}}/.gitignore" PORTDIR{{=}}"${PWD}" emerge-webrsync | ||
+ | |output=<pre> | ||
+ | Fetching most recent snapshot ... | ||
+ | Trying to retrieve 20140821 snapshot from http://mirror.switch.ch/mirror/gentoo ... | ||
+ | Fetching file portage-20140821.tar.xz.md5sum ... | ||
+ | Fetching file portage-20140821.tar.xz.gpgsig ... | ||
+ | Fetching file portage-20140821.tar.xz ... | ||
+ | Checking digest ... | ||
+ | Getting snapshot timestamp ... | ||
+ | Syncing local tree ... | ||
+ | |||
+ | </pre>}} | ||
+ | |||
+ | {{Warning|If you get the following instead then there is no newer snapshot available}} | ||
+ | |||
+ | {{Cmd | ||
+ | |PORTAGE_RSYNC_EXTRA_OPTS{{=}}"--exclude{{=}}/.git --exclude{{=}}/.gitignore" PORTDIR{{=}}"${PWD}" emerge-webrsync | ||
+ | |output=<pre> | ||
+ | Fetching most recent snapshot ... | ||
+ | * Latest snapshot date: 20140821 | ||
+ | * | ||
+ | * Approximate snapshot timestamp: 1408668300 | ||
+ | * Current local timestamp: 1408667701 | ||
+ | * | ||
+ | * The current local timestamp is possibly identical to the | ||
+ | * timestamp of the latest snapshot. In order to force sync, use | ||
+ | * the --revert option or remove the timestamp file located at | ||
+ | * '/run/user/1000/portage/metadata/timestamp.x'. | ||
+ | </pre>}} | ||
+ | |||
+ | Set the tag and push if there was an update: | ||
+ | {{Cmd | ||
+ | |cd portage/ | ||
+ | |git add -A | ||
+ | |snapshot_date{{=}}$(date --date{{=}}@$(( $(cut -f 1 -d " " metadata/timestamp.x) - 86400 )) +%Y-%m-%d) | ||
+ | |git commit -m "Update portage tree to ${snapshot_date}" | ||
+ | |git tag -a -m "Tagging ${snapshot_date}" ${snapshot_date} | ||
+ | |git push && git push --tags | ||
+ | |echo "snapshot date: ${snapshot_date}" | ||
+ | }} | ||
+ | |||
+ | The subtraction of 86400 (1 day in seconds) above is to account for the fact that the snapshot for a given day is taken at 00:45 UTC on the following day and the timestamp contained in the tarball therefore is one day ahead (see {{Path|/usr/bin/emerge-webrsync}}). | ||
+ | |||
+ | The meaning of the tag is therefore: contains at least all changes from that day (and possibly a bit more). | ||
+ | |||
+ | == Chroot Setup == | ||
+ | |||
+ | === Preparation === | ||
+ | |||
+ | At least the following is required beforehand to ensure reproducible building: | ||
+ | |||
+ | * a versioned portage tree | ||
+ | * versioned overlays (if any) | ||
+ | |||
+ | === Setup === | ||
+ | |||
+ | * Create a staging root directory and extract a stage3 or stage4 tarball | ||
+ | * Mount proc, sys and dev (required for portage to control the tty, determine available storage space, etc.) | ||
+ | * Copy {{Path|/etc/resolv.conf}} | ||
+ | * Checkout the versioned portage tree (since you probably won't have git yet in the tree) | ||
+ | * Enter the chroot | ||
+ | |||
+ | {{RootCmd | ||
+ | |stagingRoot{{=}}/var/staging/staging-base | ||
+ | |mkdir -p "${stagingRoot}" | ||
+ | |tar -xjpf /var/tmp/your-stage4.tbz2 -C "${stagingRoot}" | ||
+ | |mount -t proc none "${stagingRoot}/proc" | ||
+ | |mount --rbind /dev/ "${stagingRoot}/dev/" | ||
+ | |mount --rbind /sys/ "${stagingRoot}/sys/" | ||
+ | |cp -af /etc/resolv.conf "${stagingRoot}/etc/" | ||
+ | |git clone "${PORTAGE_GIT_REPO}" "${stagingRoot}/usr/portage" | ||
+ | |chmod -R a+rX "${stagingRoot}/usr/portage" | ||
+ | |chroot "${stagingRoot}" /usr/bin/env -i HOME{{=}}"/root" TERM{{=}}"${TERM}" /bin/bash --login | ||
+ | |}} | ||
+ | |||
+ | {{Note|We are deliberately using a special command for entering the chroot to avoid leaking environment variables}} | ||
+ | |||
+ | * Install {{Package|app-portage/layman}} and probably {{Package|dev-vcs/git}} to install overlays | ||
+ | * You may want to add a mirror configuration if you have local mirrors: | ||
+ | {{File|/etc/portage/make.conf||<source lang='bash'> | ||
+ | GENTOO_MIRRORS="https://mirror.example.com/public/gentoo" | ||
+ | </source>}} | ||
+ | |||
+ | * If needed, put the mirror for fetch restricted ebuilds in a local mirror definition: | ||
+ | {{File|/etc/portage/mirrors||<pre> | ||
+ | local https://mirror.example.com/restricted/gentoo | ||
+ | </pre>}} | ||
+ | |||
+ | * Add the following to generate binary packages during installation: | ||
+ | {{File|/etc/portage/make.conf||<source lang='bash'> | ||
+ | FEATURES="${FEATURES} buildpkg cgroup ipc-sandbox network-sandbox parallel-fetch" | ||
+ | </source>}} | ||
+ | |||
+ | * Make sure that the repository configuration points to your git mirror as well: | ||
+ | {{File|/etc/portage/repos.conf/gentoo.conf||<source lang='ini'> | ||
+ | [DEFAULT] | ||
+ | main-repo = gentoo | ||
+ | |||
+ | [gentoo] | ||
+ | location = /usr/portage | ||
+ | sync-type = git | ||
+ | sync-uri = https://mirror.example.com/versioned/portage.git | ||
+ | </source>}} | ||
+ | |||
+ | * Rebuild everything: | ||
+ | {{RootCmd|emerge -e world}} | ||
[[Category:Infrastructure]] | [[Category:Infrastructure]] |
Latest revision as of 08:51, 1 June 2015
Contents
Overview
- Base chroot environment for the creation of most binary packages which will be copied to the Binary Package Server.
- Packages, which don't need to be built, for example Oracle's Java SE Development Kit (JDK), can be fetched from the Mirror Server.
- Software stacks built upon specialized binary packages, require their own chroot environment. If possible, avoid this.
- For reproducibility, Portage and Profiles are frozen with the help of version control system (git in our case). This is only done on the Mirror Server.
- When building packages in a chroot environment, the portage and overlay versions need to set.
Portage Snapshotting
To be able to reliably rebuild packages, we are working with a snapshotted/versioned portage tree.
Updating the snapshot to latest
We are using emerge-webrsync
since it features an already determined version, checksum- and gpg-validation.
Warning
If you get the following instead then there is no newer snapshot available
Set the tag and push if there was an update:
The subtraction of 86400 (1 day in seconds) above is to account for the fact that the snapshot for a given day is taken at 00:45 UTC on the following day and the timestamp contained in the tarball therefore is one day ahead (see /usr/bin/emerge-webrsync).
The meaning of the tag is therefore: contains at least all changes from that day (and possibly a bit more).
Chroot Setup
Preparation
At least the following is required beforehand to ensure reproducible building:
- a versioned portage tree
- versioned overlays (if any)
Setup
- Create a staging root directory and extract a stage3 or stage4 tarball
- Mount proc, sys and dev (required for portage to control the tty, determine available storage space, etc.)
- Copy /etc/resolv.conf
- Checkout the versioned portage tree (since you probably won't have git yet in the tree)
- Enter the chroot
Note
We are deliberately using a special command for entering the chroot to avoid leaking environment variables
- Install app-portage/layman and probably dev-vcs/git to install overlays
- You may want to add a mirror configuration if you have local mirrors:
File/etc/portage/make.conf
GENTOO_MIRRORS="https://mirror.example.com/public/gentoo"
- If needed, put the mirror for fetch restricted ebuilds in a local mirror definition:
File/etc/portage/mirrors
local https://mirror.example.com/restricted/gentoo
- Add the following to generate binary packages during installation:
File/etc/portage/make.conf
FEATURES="${FEATURES} buildpkg cgroup ipc-sandbox network-sandbox parallel-fetch"
- Make sure that the repository configuration points to your git mirror as well:
File/etc/portage/repos.conf/gentoo.conf
[DEFAULT] main-repo = gentoo [gentoo] location = /usr/portage sync-type = git sync-uri = https://mirror.example.com/versioned/portage.git
- Rebuild everything: