From 28d684b313a1cb2754ad72ca6f6364dce4b631f6 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Thu, 25 Aug 2016 19:12:30 -0700 Subject: update Sbuild docs again re. building for stretch Building for stretch requires newer sbuild. --- debian/changelog | 16 +++++++++++----- src/Propellor/Property/Sbuild.hs | 23 +++++++++++++++++++---- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/debian/changelog b/debian/changelog index eeac0d4f..ce8d6e41 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,12 +9,18 @@ propellor (3.1.2) UNRELEASED; urgency=medium [ Sean Whitton ] * Pass --allow-unrelated-histories to git merge when run with git 2.9 or newer. This fixes the /usr/bin/propellor wrapper with this version of git. - * Sbuild.built & Sbuild.builtFor no longer force Sbuild.keygenGenerated. - This is only required for squeeze chroots, which we don't support anyway. + * Sbuild.built & Sbuild.builtFor no longer require Sbuild.keypairGenerated. + Transition guide: If you are using sbuild 0.70.0 or newer, you should + `rm -r /var/lib/sbuild/apt-keys`. Otherwise, you should add either + Sbuild.keypairGenerated or Sbuild.keypairInsecurelyGenerated to your host. * Sbuild haddock improvements: - - State that we don't support squeeze and Buntish older than trusty - - Update sample ~/.sbuildrc for sbuild 0.71.0 - - Add hint for customising chroots with propellor + - State that we don't support squeeze and Buntish older than trusty. + This is due to our enhancements, such as eatmydata. + - State that you need sbuild 0.70.0 or newer to build for stretch. + This is due to gpg2 hitting Debian stretch. + - Explain when a keygen is required. + - Update sample ~/.sbuildrc for sbuild 0.71.0. + - Add hint for customising chroots with propellor. - Update example usage of System type. -- Joey Hess Sun, 24 Jul 2016 13:34:37 -0400 diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs index 16e21f55..b55b6e8c 100644 --- a/src/Propellor/Property/Sbuild.hs +++ b/src/Propellor/Property/Sbuild.hs @@ -7,9 +7,16 @@ Maintainer: Sean Whitton Build and maintain schroots for use with sbuild. For convenience we set up several enhancements, such as ccache and -eatmydata. This means we have to assume that you want to build -packages for a Debian release strictly newer than squeeze, or for -Buntish releases newer than or equal to trusty. +eatmydata. This means we have to make several assumptions: + +1. you want to build for a Debian release strictly newer than squeeze, +or for a Buntish release newer than or equal to trusty + +2. if you want to build for Debian stretch or newer, you have sbuild +0.70.0 or newer (there is a backport to jessie) + +The latter is due to the migration from GnuPG v1 to GnuPG v2.1 in +Debian stretch, which older sbuild can't handle. Suggested usage in @config.hs@: @@ -21,6 +28,10 @@ Suggested usage in @config.hs@: > & Sbuild.shareAptCache > & Schroot.overlaysInTmpfs +If you are using sbuild older than 0.70.0, you also need: + +> & Sbuild.keypairGenerated + In @~/.sbuildrc@ (sbuild 0.71.0 or newer): > $run_piuparts = 1; @@ -46,7 +57,7 @@ Nevertheless, the chroot that @sbuild-createchroot(1)@ creates might not meet your needs. For example, you might need to enable an apt cacher. In that case you can do something like this in @config.hs@: -> & Sbuild.built (System (Debian Unstable) X86_32) `before` mySetup +> & Sbuild.built (System (Debian Linux Unstable) X86_32) `before` mySetup > where > mySetup = Chroot.provisioned myChroot > myChroot = Chroot.debootstrapped @@ -344,6 +355,8 @@ usableBy :: User -> Property DebianLike usableBy u = User.hasGroup u (Group "sbuild") `requires` installed -- | Generate the apt keys needed by sbuild +-- +-- You only need this if you are using sbuild older than 0.70.0. keypairGenerated :: Property DebianLike keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go `requires` installed @@ -369,6 +382,8 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec" -- > `onChange` Systemd.started "my-rngd-service" -- -- Useful on throwaway build VMs. +-- +-- You only need this if you are using sbuild older than 0.70.0. keypairInsecurelyGenerated :: Property DebianLike keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go where -- cgit v1.2.3