Initialising a dak database schema
==================================
-The following packages are needed:
+The following packages are needed for the database:
* postgresql-9.0 postgresql-client-9.0 postgresql-plperl-9.0 postgresql-plpython-9.0 postgresql-9.0-debversion
+and the following packages for dak itself:
+ * python-psycopg2 python-sqlalchemy python-apt gnupg dpkg-dev lintian
+ binutils-multiarch python-yaml less python-ldap python-pyrss2gen python-rrdtool
+ symlinks python-debian
(the schema assumes at least postgresql 9.0; ftpmaster in Debian currently uses
the squeeze postgresql 9.0 backport)
For the purposes of this document, we'll be working in /srv/dak
Set up the dak user on both the system and in postgres:
-# sudo adduser dak
-# sudo addgroup ftpmaster
-# sudo addgroup dak ftpmaster
+# sudo addgroup --system ftpmaster
+# sudo adduser --system dak --ingroup ftpmaster --shell /bin/bash
# sudo -u postgres createuser -s dak
Set up the dak directory:
# createuser -S -R -D ftpmaster
# createuser -S -R -D ftpteam
# createuser -S -R -D ftptrainee
+# psql -d projectb -c "ALTER GROUP ftpteam ADD USER ftpmaster"
+# psql -d projectb -c "ALTER GROUP ftptrainee ADD USER ftpmaster"
+# psql -d projectb -c "ALTER GROUP ftptrainee ADD USER ftpteam"
Create an empty database with SQL_ASCII encoding:
# createdb -T template0 -E SQL_ASCII -O dak projectb
-Import the schema:
-# psql -f current_schema.sql -d projectb
+Import the schema. We redirect STDOUT to /dev/null as otherwise it's
+impossible to see if something fails.
+# psql -1 -f current_schema.sql -d projectb >/dev/null
Set up some core data in projectb to get started (read the init_vars file if
you wish to customise various aspects):
# cp templates/* /srv/dak/templates/
Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg. Guard this key carefully
+pass one through to gpg. Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
# gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
Remember the signing key id for when creating the suite below.
Here we'll pretend it is DDDDDDDD for convenience