X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=setup%2FREADME;h=d53fb229a945a48a39a3819340c402aea889e5ff;hb=4f3c7874fd19d380b106a9d4bbab0403ed089359;hp=37d0be4460f18f5a4075100d6b6a472fcff0d3a8;hpb=fc2af3fbf5327b1e83e2df0dcba7703d563fdcd5;p=dak.git diff --git a/setup/README b/setup/README index 37d0be44..d53fb229 100644 --- a/setup/README +++ b/setup/README @@ -1,11 +1,15 @@ Initialising a dak database schema ================================== -The following packages are needed: - * postgresql-9.0 postgresql-client-9.0 postgresql-plperl-9.0 postgresql-plpython-9.0 postgresql-9.0-debversion +The following packages are needed for the database: + * postgresql-9.4 postgresql-client-9.4 postgresql-9.4-debversion +and the following packages for dak itself: + * python-psycopg2 python-sqlalchemy python-apt gnupg dpkg-dev lintian + binutils-multiarch python-yaml less python-ldap python-pyrss2gen python-rrdtool + symlinks python-debian python-debianbts -(the schema assumes at least postgresql 9.0; ftpmaster in Debian currently uses -the squeeze postgresql 9.0 backport) +(the schema assumes at least postgresql 9.1; ftpmaster in Debian currently uses +the postgresql 9.4 version from Debian 8) The following roles are assumed to exist: * dak: database superuser: needs to be an actual user @@ -15,50 +19,78 @@ The following roles are assumed to exist: For the purposes of this document, we'll be working in /srv/dak -Set up the dak user on both the system and in postgres: -# sudo adduser dak +Set up the dak user: # sudo addgroup ftpmaster -# sudo addgroup dak ftpmaster -# sudo -u postgres createuser -s dak +# sudo adduser dak --disabled-login --ingroup ftpmaster --shell /bin/bash + +Create postgres roles and database: +# sudo -u postgres psql + CREATE USER dak CREATEROLE; + CREATE ROLE ftpmaster WITH ROLE dak; + CREATE ROLE ftpteam WITH ROLE ftpmaster; + CREATE ROLE ftptrainee WITH ROLE ftpmaster, ftpteam; + + CREATE DATABASE projectb WITH OWNER dak TEMPLATE template0 ENCODING 'SQL_ASCII'; + \c projectb + CREATE EXTENSION IF NOT EXISTS plpgsql; + CREATE EXTENSION IF NOT EXISTS debversion; Set up the dak directory: +# sudo mkdir /etc/dak # sudo mkdir /srv/dak # sudo chown dak:ftpmaster /srv/dak # sudo chmod 2775 /srv/dak +Create a symlink to /srv/dak/dak.conf in /etc/dak +(we'll create the config file in a bit) +# sudo ln -s /srv/dak/dak.conf /etc/dak/dak.conf + Become the dak user: # sudo -u dak -s -H -Create the additional roles: -# createuser -S -R -D ftpmaster -# createuser -S -R -D ftpteam -# createuser -S -R -D ftptrainee - -Create an empty database with SQL_ASCII encoding: -# createdb -T template0 -E SQL_ASCII -O dak projectb - -Import the schema: -# psql -f current_schema.sql -d projectb +Import the schema. We redirect STDOUT to /dev/null as otherwise it's +impossible to see if something fails. +# psql -1 -f current_schema.sql -d projectb >/dev/null Set up some core data in projectb to get started (read the init_vars file if you wish to customise various aspects): # ./init_core Create a minimal dak.conf -# ./init_minimal_conf -# cp dak-minimal.conf /etc/dak/dak.conf +# ./init_minimal_conf > /srv/dak/dak.conf Set up a symlink somewhere # mkdir ~dak/bin # ln -s /path/to/dak.py ~dak/bin/dak -Set up a private signing key +At this point, you should be able to test that the database schema is +up-to-date +# dak update-db + +Run dak init-dirs to set up the initial /srv/dak tree +# dak init-dirs + +Copy the email templates into the /srv/dak tree. +WARNING: Please check these templates over and customise as necessary +# cp templates/* /srv/dak/templates/ + +Set up a private signing key: don't set a passphrase as dak will not +pass one through to gpg. Guard this key carefully! +The key only needs to be able to sign, it doesn't need to be able +to encrypt. # gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key Remember the signing key id for when creating the suite below. Here we'll pretend it is DDDDDDDD for convenience -Import some developer keys (here AAAAAAAA) +Import some developer keys. +Either import from keyservers (here AAAAAAAA): # gpg --no-default-keyring --keyring /srv/dak/keyrings/upload-keyring.gpg --recv-key AAAAAAAA +or import from files: +# gpg --no-default-keyring --keyring /srv/dak/keyrings/upload-keyring.gpg --import /path/to/keyfile + +Import the developer keys into the database +The -U '%s' tells dak to add UIDs automatically +# dak import-keyring -U '%s' /srv/dak/keyrings/upload-keyring.gpg Add some architectures you care about: # dak admin architecture add i386 "Intel x86 port" @@ -68,3 +100,117 @@ Add a suite (origin=, label= and codename= are optional) signingkey= will ensure that Release files are signed # dak admin suite add-all-arches unstable x.y.z origin=MyDistro label=Master codename=sid signingkey=DDDDDDDD +Add the components to the suite +# dak admin s-c add unstable main contrib non-free + +Re-run dak init-dirs to add new suite directories to /srv/dak +# dak init-dirs + +####################################################################### +# Example package flow +####################################################################### + +For this example, we've grabbed and built the hello source package +for AMD64 and copied it into /srv/dak/queue/unchecked. + +We start by performing initial package checks which will +result in the package being moved to NEW +# dak process-upload -d /srv/dak/queue/unchecked + +----------------------------------------------------------------------- +hello_2.6-1_amd64.changes + +hello (2.6-1) unstable; urgency=low + . + * New upstream release. + * Drop unused INSTALL_PROGRAM stuff. + * Switch to 3.0 (quilt) source format. + * Standards-Version: 3.9.1 (no special changes for this). + +source:hello +binary:hello + +binary:hello is NEW. +source:hello is NEW. + +[N]ew, Skip, Quit ? N +ACCEPT-TO-NEW +Installed 1 package set, 646 KB. +----------------------------------------------------------------------- + +We can now look at the NEW queue-report +# dak queue-report +----------------------------------------------------------------------- +NEW +--- + +hello | 2.6-1 | source amd64 | 42 seconds old + +1 new source package / 1 new package in total / 0 new package to be processed. +----------------------------------------------------------------------- + +And we can then process the NEW queue: +# dak process-new + +----------------------------------------------------------------------- +hello_2.6-1_amd64.changes +------------------------- + + Target: unstable + Changed-By: Santiago Vila + +NEW + +hello optional devel +dsc:hello extra misc +Add overrides, Edit overrides, Check, Manual reject, Note edit, Prod, [S]kip, Quit ?A +PENDING ACCEPT +----------------------------------------------------------------------- + +At this stage, the package has been marked as ACCEPTed from NEW. +We now need to process the NEW policy queue: + +# dak process-policy new +----------------------------------------------------------------------- +Processing changes file: hello_2.6-1_amd64.changes + ACCEPT +----------------------------------------------------------------------- + +We can now see that dak knows about the package: +# dak ls -S hello + +----------------------------------------------------------------------- + hello | 2.6-1 | unstable | source, amd64 +----------------------------------------------------------------------- + +# dak control-suite -l unstable + +----------------------------------------------------------------------- +hello 2.6-1 amd64 +hello 2.6-1 source +----------------------------------------------------------------------- + +Next, we can generate the packages and sources files: +# dak generate-packages-sources2 +(zcat /srv/dak/ftp/dists/unstable/main/binary-amd64/Packages.gz for instance) + +And finally, we can generate the signed Release files: +# dak generate-release + +----------------------------------------------------------------------- +Processing new +Processing byhand +Processing unstable +----------------------------------------------------------------------- +(Look at /srv/dak/ftp/dists/unstable/Release, Release.gpg and InRelease) + + +####################################################################### +# Next steps +####################################################################### + +The debian archive automates most of these steps in jobs called +cron.unchecked, cron.hourly and cron.dinstall. + +TODO: Write example (simplified) versions of these cronjobs which will +do for most installs.