propellor-4.7.3: property-based host configuration management in haskell

Propellor.Property.Sbuild

Description

Build and maintain schroots for use with sbuild.

For convenience we set up several enhancements, such as ccache and eatmydata. This means we have to make several assumptions:

1. you want to build for a Debian release strictly newer than squeeze, or for a Buntish release newer than or equal to trusty
2. if you want to build for Debian stretch or newer, you have sbuild 0.70.0 or newer (there is a backport to jessie)

The latter is due to the migration from GnuPG v1 to GnuPG v2.1 in Debian stretch, which older sbuild can't handle.

Suggested usage in config.hs:

 & Apt.installed ["piuparts", "autopkgtest", "lintian"]
& Sbuild.builtFor (System (Debian Linux Unstable) X86_32) Sbuild.UseCcache
& Sbuild.updatedFor (System (Debian Linux Unstable) X86_32) period Weekly 1
& Sbuild.usableBy (User "spwhitton")
& Schroot.overlaysInTmpfs

If you are using sbuild older than 0.70.0, you also need:

 & Sbuild.keypairGenerated

In ~/.sbuildrc (sbuild 0.71.0 or newer):

 $run_piuparts = 1;$piuparts_opts = [
'--no-eatmydata',
'--schroot',
'%r-%a-sbuild',
];

$run_autopkgtest = 1;$autopkgtest_root_args = "";
\$autopkgtest_opts = ["--", "schroot", "%r-%a-sbuild"];

We use sbuild-createchroot(1) to create a chroot to the specification of sbuild-setup(7). This avoids running propellor inside the chroot to set it up. While that approach is flexible, a propellor spin pulls in a lot of dependencies. This could defeat using sbuild to determine if you've included all necessary build dependencies in your source package control file.

Nevertheless, the chroot that sbuild-createchroot(1) creates might not meet your needs. For example, you might need to enable apt's https support. In that case you can do something like this in config.hs:

 & Sbuild.built (System (Debian Linux Unstable) X86_32) before mySetup
where
mySetup = Chroot.provisioned myChroot
myChroot = Chroot.debootstrapped
Debootstrap.BuilddD "/srv/chroot/unstable-i386"
-- the extra configuration you need:
& Apt.installed ["apt-transport-https"]

Synopsis

# Creating and updating sbuild schroots

An sbuild schroot, such as would be listed by schroot -l

Parts of the sbuild toolchain cannot distinguish between schroots with both the same suite and the same architecture, so neither do we

Constructors

 SbuildSchroot Suite Architecture

Instances

 Source # Methods

data UseCcache Source #

Whether an sbuild schroot should use ccache during builds

ccache is generally useful but it breaks building some packages. This data types allows you to toggle it on and off for particular schroots.

Constructors

 UseCcache NoCcache

Build and configure a schroot for use with sbuild

Ensure that an sbuild schroot's packages and apt indexes are updated

Build and configure a schroot for use with sbuild using a distribution's standard mirror

This function is a convenience wrapper around built, allowing the user to identify the schroot and distribution using the System type

Ensure that an sbuild schroot's packages and apt indexes are updated

This function is a convenience wrapper around updated, allowing the user to identify the schroot using the System type

# Global sbuild configuration

Ensure that sbuild is installed

Generate the apt keys needed by sbuild

You only need this if you are using sbuild older than 0.70.0.

Generate the apt keys needed by sbuild using a low-quality source of randomness

Note that any running rngd will be killed; if you are using rngd, you should arrange for it to be restarted after this property has been ensured. E.g.

 & Sbuild.keypairInsecurelyGenerated
onChange Systemd.started "my-rngd-service"

Useful on throwaway build VMs.

You only need this if you are using sbuild older than 0.70.0.

Add an user to the sbuild group in order to use sbuild