summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSean Whitton2016-08-25 19:12:30 -0700
committerSean Whitton2016-08-25 19:17:13 -0700
commit28d684b313a1cb2754ad72ca6f6364dce4b631f6 (patch)
tree3d57cc383e34b90c36c632810dbf94f45ac5d5cb
parentb1d7925d1634556439ed5edb8af5e651bf9a1398 (diff)
update Sbuild docs again re. building for stretch
Building for stretch requires newer sbuild.
-rw-r--r--debian/changelog16
-rw-r--r--src/Propellor/Property/Sbuild.hs23
2 files changed, 30 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog
index eeac0d4f..ce8d6e41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,12 +9,18 @@ propellor (3.1.2) UNRELEASED; urgency=medium
[ Sean Whitton ]
* Pass --allow-unrelated-histories to git merge when run with git 2.9 or
newer. This fixes the /usr/bin/propellor wrapper with this version of git.
- * Sbuild.built & Sbuild.builtFor no longer force Sbuild.keygenGenerated.
- This is only required for squeeze chroots, which we don't support anyway.
+ * Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated.
+ Transition guide: If you are using sbuild 0.70.0 or newer, you should
+ `rm -r /var/lib/sbuild/apt-keys`. Otherwise, you should add either
+ Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host.
* Sbuild haddock improvements:
- - State that we don't support squeeze and Buntish older than trusty
- - Update sample ~/.sbuildrc for sbuild 0.71.0
- - Add hint for customising chroots with propellor
+ - State that we don't support squeeze and Buntish older than trusty.
+ This is due to our enhancements, such as eatmydata.
+ - State that you need sbuild 0.70.0 or newer to build for stretch.
+ This is due to gpg2 hitting Debian stretch.
+ - Explain when a keygen is required.
+ - Update sample ~/.sbuildrc for sbuild 0.71.0.
+ - Add hint for customising chroots with propellor.
- Update example usage of System type.
-- Joey Hess <id@joeyh.name> Sun, 24 Jul 2016 13:34:37 -0400
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 16e21f55..b55b6e8c 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -7,9 +7,16 @@ Maintainer: Sean Whitton <spwhitton@spwhitton.name>
Build and maintain schroots for use with sbuild.
For convenience we set up several enhancements, such as ccache and
-eatmydata. This means we have to assume that you want to build
-packages for a Debian release strictly newer than squeeze, or for
-Buntish releases newer than or equal to trusty.
+eatmydata. This means we have to make several assumptions:
+
+1. you want to build for a Debian release strictly newer than squeeze,
+or for a Buntish release newer than or equal to trusty
+
+2. if you want to build for Debian stretch or newer, you have sbuild
+0.70.0 or newer (there is a backport to jessie)
+
+The latter is due to the migration from GnuPG v1 to GnuPG v2.1 in
+Debian stretch, which older sbuild can't handle.
Suggested usage in @config.hs@:
@@ -21,6 +28,10 @@ Suggested usage in @config.hs@:
> & Sbuild.shareAptCache
> & Schroot.overlaysInTmpfs
+If you are using sbuild older than 0.70.0, you also need:
+
+> & Sbuild.keypairGenerated
+
In @~/.sbuildrc@ (sbuild 0.71.0 or newer):
> $run_piuparts = 1;
@@ -46,7 +57,7 @@ Nevertheless, the chroot that @sbuild-createchroot(1)@ creates might
not meet your needs. For example, you might need to enable an apt
cacher. In that case you can do something like this in @config.hs@:
-> & Sbuild.built (System (Debian Unstable) X86_32) `before` mySetup
+> & Sbuild.built (System (Debian Linux Unstable) X86_32) `before` mySetup
> where
> mySetup = Chroot.provisioned myChroot
> myChroot = Chroot.debootstrapped
@@ -344,6 +355,8 @@ usableBy :: User -> Property DebianLike
usableBy u = User.hasGroup u (Group "sbuild") `requires` installed
-- | Generate the apt keys needed by sbuild
+--
+-- You only need this if you are using sbuild older than 0.70.0.
keypairGenerated :: Property DebianLike
keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go
`requires` installed
@@ -369,6 +382,8 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
-- > `onChange` Systemd.started "my-rngd-service"
--
-- Useful on throwaway build VMs.
+--
+-- You only need this if you are using sbuild older than 0.70.0.
keypairInsecurelyGenerated :: Property DebianLike
keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
where