X-Git-Url: https://git.tld-linux.org/?p=TLD.git;a=blobdiff_plain;f=pld-builder.new%2FREADME.bin-builder;fp=pld-builder.new%2FREADME.bin-builder;h=89a7b775ce33acd2ba34f489443b588571a121b8;hp=0000000000000000000000000000000000000000;hb=90809c8fec988489786ce00247d9a4150070748b;hpb=ab3934fab858112cd552359b18cb980ea07c310b diff --git a/pld-builder.new/README.bin-builder b/pld-builder.new/README.bin-builder new file mode 100644 index 0000000..89a7b77 --- /dev/null +++ b/pld-builder.new/README.bin-builder @@ -0,0 +1,86 @@ +new bin builder setup + +packages and chroot +~~~~~~~~~~~~~~~~~~~ +1. install pld-builder from th repoeistory on target host + +2. create chroot /srv/chroot +(you can symlink to real dest for the sake of copy-paste from here) +mkdir -p /srv/chroot + +- if you're using rpm < 4.5-29, make system rpmdb linked to target rpmdb, as + rpm gets it all very messy. see LP#395177. +mv /var/lib/rpm{,-host} +ln -s /srv/chroot/var/lib/rpm /var/lib/rpm +install -d /srv/chroot/var/lib/rpm +rpm -r /srv/chroot --initdb + +therwise it's just: +rpm -r /srv/chroot --initdb + +- install distro gpg key as default th config packages are signed and sign verify enabled in config: +rpm -r /srv/chroot --import /etc/pki/rpm-gpg/PLD-*.asc + +- setup minimal /dev +install -d /srv/chroot/dev +cp -a /dev/{full,null,random,urandom,zero} /srv/chroot/dev + +- install vserver-packages, but as it is usually hidden, so you must unhide it + with --noignore: +poldek -r /srv/chroot -u vserver-packages -Q --noignore + +- install pld-builder-chroot from th repos +poldek -r /srv/chroot -u pld-builder-chroot -Q --sn th --sn th-ready + +- make rpmdb readable for builder user +chmod -R a+rX /srv/chroot/var/lib/rpm + +- setup /srv/chroot/etc/resolv.conf so if you enter manually you can work with poldek +cat /etc/resolv.conf > /srv/chroot/etc/resolv.conf + +- restore rpmdb hack +rm -f /var/lib/rpm +mv /var/lib/rpm{-host,} + +gpg keys +~~~~~~~~ +1. import src builder key to bin builder so it can download queue.gz + +src-builder$ gpg --export builder-th-src@pld-linux.org --armor > th-src.asc +bin-builder$ gpg --import < th-src.asc + +2. generate new key for bin builder and import it to src builder so it can + accept spool/notify messages + +3. import that public key to src builder keyring +bin-builder$ gpg --gen-key +bin-builder$ gpg --export KEYID --armor > th-i686.asc +src-builder$ gpg --import < th-i686.asc + +ssh keys +~~~~~~~~ + +generate key on bin builder and add it to authorized_keys of ftp account + +i.e account where you push your uploads: +[th-i686] +ftp_url = scp://fpldth@ep09.pld-linux.org:ftp/.tree/.incoming/i686/ + +bin-builder$ ssh-keygen +bin-builder$ ssh-copy-id -i .ssh/id_rsa.pub fpldth@ep09.pld-linux.org + +buildlogs +~~~~~~~~~ +buildlogs are copied with rsync. ask buildlogs.pld-linux.org admin to allow your ip +also you need to setup password that is used to authenticate in rsync-passwords + +sudo access +~~~~~~~~~~~ +make sure builder user (who runs crons) can sudo chroot to the chroots: +builder ALL=(ALL) NOPASSWD: /usr/sbin/chroot /home/users/builder/chroot-th * + +testing +~~~~~~~ + +keep /var/lib/pld-builder/spool/log running with tail -f +run the cronjobs under builder account.