123 lines
4.6 KiB
Markdown
123 lines
4.6 KiB
Markdown
# Packaging
|
|
|
|
This is a guide for creating Debian packages for ceo. The instructions below
|
|
probably do not follow best practices, but at least I am confident that they
|
|
work.
|
|
|
|
## Prerequisites
|
|
Make sure your GPG key is in /srv/debian/gpg on potassium-benzoate. See
|
|
[here](https://wiki.csclub.uwaterloo.ca/Debian_Repository#Step_1:_Add_to_Uploaders)
|
|
for instructions.
|
|
|
|
Make sure you are in the `csc-mirror` group too.
|
|
|
|
## Creating the package
|
|
Use Docker/Podman to avoid screwing up your main system.
|
|
For example, to create a package for bullseye (replace `podman` with `docker` in all instances below if you're using Docker):
|
|
```sh
|
|
podman run -it --name pyceo-packaging -v "$PWD":"$PWD":z -w "$PWD" --security-opt="label=disable" debian:bookworm bash
|
|
# if disconnected from shell, reconnect with:
|
|
podman start pyceo-packaging
|
|
podman exec -it pyceo-packaging bash
|
|
```
|
|
**Important**: Make sure to use a container image for the same distribution which you're packaging.
|
|
For example, if you're creating a package for bullseye, you should be using the debian:bullseye
|
|
Docker image (this is because the virtualenv symlinks python to the OS' version of python).
|
|
|
|
Here are some of the prerequisites you'll need to build the deb files
|
|
(run this inside the container):
|
|
```sh
|
|
apt update
|
|
apt install -y devscripts debhelper git-buildpackage vim
|
|
apt install -y python3-dev python3-venv libkrb5-dev libpq-dev libaugeas0 scdoc # dependencies for building ceo
|
|
```
|
|
Make sure to also install all of the packages in the 'Build-Depends' section in debian/control.
|
|
|
|
Update VERSION.txt to the next version, and do a git commit (or `dpkg-source --commit`).
|
|
|
|
Now run `dch -i` and edit the changelog (update version, add your uploader name/email, add changes).
|
|
|
|
Now you will build a signed package. Place your key ID after the `-k` argument, e.g.
|
|
```sh
|
|
# (pre-requisite) if container doesn't have your gpg key
|
|
## step 1: export from host/another computer with your keyring
|
|
gpg --armor --output private.key --export-secret-key <your pgp key's id email>
|
|
## step 2: import into build container
|
|
gpg --import private.key
|
|
## step 3: find your key's public key
|
|
gpg --list-secret-keys # get key id
|
|
## step 4: trust ids (before building)
|
|
gpg --edit <pub key id>
|
|
gpg> trust # run when gpg editing prompt appears
|
|
> 5 # "ultimate" trust
|
|
gpg> save # gpg will report no changes were made, but trust of ids should be changed
|
|
|
|
# alternatively, sign with `debsign` after creating unsigned package
|
|
|
|
# build (signed) package
|
|
gbp buildpackage --git-upstream-branch=master -k8E5568ABB0CF96BC367806ED127923BE10DA48DC --lintian-opts --no-lintian
|
|
```
|
|
This will create a bunch of files (deb, dsc, tar.gz, etc.) in the parent directory.
|
|
|
|
Now do another git commit (since you edited the changelog file).
|
|
|
|
To clean the packages (run this after uploading, ie. **do NOT run this if you just finished building**):
|
|
```sh
|
|
rm ../*.{xz,gz,dsc,build,buildinfo,changes,deb}
|
|
```
|
|
|
|
## Uploading the package
|
|
Inside the container, go up one directory, and create a tarball with all the package files:
|
|
```
|
|
cd .. # within the container, generated files are in the parent directory of your git repo
|
|
tar zcvf pyceo.tar.gz *.{xz,gz,dsc,build,buildinfo,changes,deb}
|
|
```
|
|
Outside of the container (i.e. on your personal machine), copy the tarball out of the
|
|
container into your current directory, e.g.
|
|
```
|
|
podman cp pyceo-packaging:/home/max/repos/pyceo.tar.gz .
|
|
# or generally, if you're in the pyceo repo:
|
|
podman cp pyceo-packaging:$(cd ../ && pwd)/pyceo.tar.gz .
|
|
```
|
|
(Replace `/home/max/repos` by the directory in the container with the tarball.)
|
|
Now upload the tarball to a CSC machine, e.g.
|
|
```
|
|
# on "HOST" machine
|
|
scp pyceo.tar.gz mannitol:~
|
|
```
|
|
SSH into that machine and extract the tarball into a separate directory:
|
|
```
|
|
ssh mannitol
|
|
mkdir pyceo-parent && mv pyceo.tar.gz pyceo-parent/ && cd pyceo-parent
|
|
rm -iv *.{xz,gz,dsc,build,buildinfo,changes,deb}
|
|
tar zxvf pyceo.tar.gz
|
|
```
|
|
At this point, you will need a dupload.conf file. Ask someone on syscom for a copy. Place the dupload config at `~/.dupload.conf` (as per manpage).
|
|
|
|
Now upload the package to potassium-benzoate:
|
|
```
|
|
kinit
|
|
dupload *.changes
|
|
```
|
|
|
|
Now SSH into potassium-benzoate and run the following:
|
|
```
|
|
# note: this is AUTOMATICALLY done (within 10-20 minutes by a cron job)
|
|
sudo /srv/debian/bin/rrr-incoming
|
|
```
|
|
|
|
To check if mirror has accepted the new package, visit: http://debian.csclub.uwaterloo.ca/dists/bookworm/
|
|
|
|
<<<<<<< Updated upstream
|
|
=======
|
|
To update CEO:
|
|
```
|
|
# repeat this for all systems, starting from ceod servers
|
|
sudo apt update
|
|
# NOTE: be careful of changing configs!!
|
|
sudo apt install --only-upgrade ceod
|
|
````
|
|
|
|
>>>>>>> Stashed changes
|
|
There, that wasn't so bad...right? :')
|