Initialising a dak database schema
==================================
-The following packages are needed:
- * postgresql-9.0 postgresql-client-9.0 postgresql-plperl-9.0 postgresql-plpython-9.0 postgresql-9.0-debversion
+The following packages are needed for the database:
+ * postgresql-9.1 postgresql-client-9.1 postgresql-9.1-debversion
+and the following packages for dak itself:
+ * python-psycopg2 python-sqlalchemy python-apt gnupg dpkg-dev lintian
+ binutils-multiarch python-yaml less python-ldap python-pyrss2gen python-rrdtool
+ symlinks python-debian
(the schema assumes at least postgresql 9.0; ftpmaster in Debian currently uses
the squeeze postgresql 9.0 backport)
For the purposes of this document, we'll be working in /srv/dak
-Set up the dak user on both the system and in postgres:
+Set up the dak user:
# sudo addgroup --system ftpmaster
# sudo adduser --system dak --ingroup ftpmaster --shell /bin/bash
-# sudo -u postgres createuser -s dak
+
+Create postgres roles and database:
+# sudo -u postgres psql
+ CREATE USER dak CREATEROLE;
+ CREATE ROLE ftpmaster;
+ CREATE ROLE ftpteam WITH ROLE ftpmaster;
+ CREATE ROLE ftptrainee WITH ROLE ftpmaster, ftpteam;
+
+ CREATE DATABASE projectb WITH OWNER dak TEMPLATE template0 ENCODING 'SQL_ASCII';
+ \c projectb
+ CREATE EXTENSION IF NOT EXISTS plpgsql;
+ CREATE EXTENSION IF NOT EXISTS debversion;
Set up the dak directory:
# sudo mkdir /etc/dak
Become the dak user:
# sudo -u dak -s -H
-Create the additional roles:
-# createuser -S -R -D ftpmaster
-# createuser -S -R -D ftpteam
-# createuser -S -R -D ftptrainee
-
-Create an empty database with SQL_ASCII encoding:
-# createdb -T template0 -E SQL_ASCII -O dak projectb
-
-Import the schema:
-# psql -f current_schema.sql -d projectb
+Import the schema. We redirect STDOUT to /dev/null as otherwise it's
+impossible to see if something fails.
+# psql -1 -f current_schema.sql -d projectb >/dev/null
Set up some core data in projectb to get started (read the init_vars file if
you wish to customise various aspects):
# cp templates/* /srv/dak/templates/
Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg. Guard this key carefully
+pass one through to gpg. Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
# gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
Remember the signing key id for when creating the suite below.
Here we'll pretend it is DDDDDDDD for convenience