Bug#311363: sbuild: Documentation for cdebootstrap chroots

Tue, 31 May 2005 07:55:09 -0700 

Package: sbuild
Version: 0.35
Severity: normal

Hi,

I've recently set up some sbuild chroots with cdebootstrap.  This isn't
entirely straightforward, since the sbuild chroot scripts need
examination to reproduce the same effect by hand.  I've documented the
changes, and you are free to include them in the package.  I can mark
them up as manpages or whatever format you like. (File attached.)

The approach I've used (particularly with the mounts) isn't what
typical buildds use; so if any parts are not recommended practice, I can
easily change that.


Regards,
Roger


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc4
Locale: LANG=en_GB.UTF8, LC_CTYPE=en_GB.UTF8 (charmap=UTF-8)

Versions of packages sbuild depends on:
ii  adduser                      3.63        Add and remove users and groups
ii  apt                          0.5.28.6    Advanced front-end for dpkg
ii  dpkg-dev                     1.10.28     Package building tools for Debian
ii  exim4                        4.50-8      metapackage to ease exim MTA (v4) 
ii  exim4-daemon-light [mail-tra 4.50-8      lightweight exim MTA (v4) daemon
ii  grep-dctrl                   2.1.11      Grep Debian package information
ii  perl                         5.8.4-8     Larry Wall's Practical Extraction 
ii  sudo                         1.6.8p7-1.1 Provide limited super user privile

-- no debconf information

Setting up an sbuild chroot with cdebootstrap                       -*- text -*-
---------------------------------------------

This guide sets up a sarge chroot on a powerpc machine.  Adjust the
names for other suites and architectures.


1. Run cdebootstrap to create the chroot.

   mkdir -p /srv/chroot/sarge

   [I have each chroot as a separate LVM volume group; create and
    mount here if wanted
      lvcreate -L 4G -n sarge_chroot -Z y hda_vg
    and add to /etc/fstab and mount (see next section)]

   cdebootstrap -a powerpc -f build sarge /srv/chroot/sarge 
http://ftp.uk.debian.org/debian/

2. Set up additional mounts.  My /etc/fstab:

/dev/mapper/hda_vg-sarge_chroot /srv/chroot/sarge            ext3  defaults     
    0 2
/dev/pts                        /srv/chroot/sarge/dev/pts    none  rw,bind      
    0 0
tmpfs                           /srv/chroot/sarge/dev/shm    tmpfs defaults     
    0 0
proc                            /srv/chroot/sarge/proc       proc  defaults     
    0 0
/dev/mapper/hda_vg-home         /srv/chroot/sarge/home       ext3  
quota,user_xattr 0 0
/tmp                            /srv/chroot/sarge/tmp        none  rw,bind      
    0 0
/etc/passwd                     /srv/chroot/sarge/etc/passwd none  ro,bind      
    0 0
/etc/shadow                     /srv/chroot/sarge/etc/shadow none  ro,bind      
    0 0
/etc/group                      /srv/chroot/sarge/etc/group  none  ro,bind      
    0 0
/etc/resolv.conf                /srv/chroot/sarge/etc/resolv.conf  none ro,bind 
    0 0

If the bind mountpoints don't exist in the chroot, touch them, e.g.

   touch /srv/chroot/sarge/etc/resolv.conf

and then mount them all.  Depending on your kernel version and
security considerations, you may wish to do this part slightly
differently.  You need 2.6 kernel for bind mounts, and devpts
(CONFIG_UNIX98_PTYS) for /dev/pts.  Other guides recommend copying the
files, but this method keeps them up-to-date at no cost.

To disable networking, don't bind mount /etc/resolv.conf.  This will
prevent APT from working inside the chroot, but prevents package
building from having network access (no nameservers).

3. Edit /srv/chroot/sarge/etc/apt/sources.list:

deb http://security.debian.org/ sarge/updates main
deb-src http://security.debian.org/ sarge/updates main

deb http://ftp.uk.debian.org/debian/ sarge main
deb-src http://ftp.uk.debian.org/debian/ sarge main

4. Configure dchroot [add to /etc/dchroot.conf]

sarge /srv/chroot/sarge

5. Log into chroot

   dchroot -c sarge

6. Set up packages for sbuild

   apt-get update
   apt-get dist-upgrade
   apt-get install debconf
   dpkg-reconfigure -plow debconf

[Answer the debconf questions as follows:
   interface: choose 6/Noninteractive
    priority:  choose 1/Critical
 You only need to run dpkg-reconfigure if you weren't asked the
 questions during the debconf install]

   apt-get install sudo debfoster fakeroot build-essential
   apt-get install makedev
   cd /dev/
   /sbin/MAKEDEV generic
   touch /etc/mtab

[For some security, we don't bind mount /dev, so it can't access
e.g. USB devices]

7. sbuild setup

   mkdir /build
   chown root:sbuild /build
   mkdir -p /var/lib/sbuild/srcdep-lock
   chown -R root:sbuild /var/lib/sbuild
   chmod -R 02775 /var/lib/sbuild

8. user setup

Configure the user's .sbuildrc, and make the build directories:

   mkdir ~/build ~/logs

As root, run

   /usr/share/sbuild/add_sbuild_user /srv/chroot/sarge testing $username

[follow the instructions, and update ~/build etc. as shown]

Reply via email to