123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 |
- Initialising a dak database schema
- ==================================
- The following packages are needed for the database:
- * postgresql-9.4 postgresql-client-9.4 postgresql-9.4-debversion
- and the following packages for dak itself:
- * python-psycopg2 python-sqlalchemy python-apt gnupg dpkg-dev lintian
- binutils-multiarch python-yaml less python-ldap python-pyrss2gen python-rrdtool
- symlinks python-debian
- (the schema assumes at least postgresql 9.1; ftpmaster in Debian currently uses
- the postgresql 9.4 version from Debian 8)
- The following roles are assumed to exist:
- * dak: database superuser: needs to be an actual user
- * ftpmaster: role which should be given to archive administrators
- * ftpteam: people who can do NEW processing, overrides, removals, etc
- * ftptrainee: people who can add notes to packages in NEW
- For the purposes of this document, we'll be working in /srv/dak
- Set up the dak user:
- # sudo addgroup ftpmaster
- # sudo adduser dak --disabled-login --ingroup ftpmaster --shell /bin/bash
- Create postgres roles and database:
- # sudo -u postgres psql
- CREATE USER dak CREATEROLE;
- CREATE ROLE ftpmaster WITH ROLE dak;
- CREATE ROLE ftpteam WITH ROLE ftpmaster;
- CREATE ROLE ftptrainee WITH ROLE ftpmaster, ftpteam;
- CREATE DATABASE projectb WITH OWNER dak TEMPLATE template0 ENCODING 'SQL_ASCII';
- \c projectb
- CREATE EXTENSION IF NOT EXISTS plpgsql;
- CREATE EXTENSION IF NOT EXISTS debversion;
- Set up the dak directory:
- # sudo mkdir /etc/dak
- # sudo mkdir /srv/dak
- # sudo chown dak:ftpmaster /srv/dak
- # sudo chmod 2775 /srv/dak
- Create a symlink to /srv/dak/dak.conf in /etc/dak
- (we'll create the config file in a bit)
- # sudo ln -s /srv/dak/dak.conf /etc/dak/dak.conf
- Become the dak user:
- # sudo -u dak -s -H
- Import the schema. We redirect STDOUT to /dev/null as otherwise it's
- impossible to see if something fails.
- # psql -1 -f current_schema.sql -d projectb >/dev/null
- Set up some core data in projectb to get started (read the init_vars file if
- you wish to customise various aspects):
- # ./init_core
- Create a minimal dak.conf
- # ./init_minimal_conf > /srv/dak/dak.conf
- Set up a symlink somewhere
- # mkdir ~dak/bin
- # ln -s /path/to/dak.py ~dak/bin/dak
- At this point, you should be able to test that the database schema is
- up-to-date
- # dak update-db
- Run dak init-dirs to set up the initial /srv/dak tree
- # dak init-dirs
- Copy the email templates into the /srv/dak tree.
- WARNING: Please check these templates over and customise as necessary
- # cp templates/* /srv/dak/templates/
- Set up a private signing key: don't set a passphrase as dak will not
- pass one through to gpg. Guard this key carefully!
- The key only needs to be able to sign, it doesn't need to be able
- to encrypt.
- # gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
- Remember the signing key id for when creating the suite below.
- Here we'll pretend it is DDDDDDDD for convenience
- Import some developer keys.
- Either import from keyservers (here AAAAAAAA):
- # gpg --no-default-keyring --keyring /srv/dak/keyrings/upload-keyring.gpg --recv-key AAAAAAAA
- or import from files:
- # gpg --no-default-keyring --keyring /srv/dak/keyrings/upload-keyring.gpg --import /path/to/keyfile
- Import the developer keys into the database
- The -U '%s' tells dak to add UIDs automatically
- # dak import-keyring -U '%s' /srv/dak/keyrings/upload-keyring.gpg
- Add some architectures you care about:
- # dak admin architecture add i386 "Intel x86 port"
- # dak admin architecture add amd64 "AMD64 port"
- Add a suite (origin=, label= and codename= are optional)
- signingkey= will ensure that Release files are signed
- # dak admin suite add-all-arches unstable x.y.z origin=MyDistro label=Master codename=sid signingkey=DDDDDDDD
- Add the components to the suite
- # dak admin s-c add unstable main contrib non-free
- Re-run dak init-dirs to add new suite directories to /srv/dak
- # dak init-dirs
- #######################################################################
- # Example package flow
- #######################################################################
- For this example, we've grabbed and built the hello source package
- for AMD64 and copied it into /srv/dak/queue/unchecked.
- We start by performing initial package checks which will
- result in the package being moved to NEW
- # dak process-upload -d /srv/dak/queue/unchecked
- -----------------------------------------------------------------------
- hello_2.6-1_amd64.changes
- hello (2.6-1) unstable; urgency=low
- .
- * New upstream release.
- * Drop unused INSTALL_PROGRAM stuff.
- * Switch to 3.0 (quilt) source format.
- * Standards-Version: 3.9.1 (no special changes for this).
- source:hello
- binary:hello
- binary:hello is NEW.
- source:hello is NEW.
- [N]ew, Skip, Quit ? N
- ACCEPT-TO-NEW
- Installed 1 package set, 646 KB.
- -----------------------------------------------------------------------
- We can now look at the NEW queue-report
- # dak queue-report
- -----------------------------------------------------------------------
- NEW
- ---
- hello | 2.6-1 | source amd64 | 42 seconds old
- 1 new source package / 1 new package in total / 0 new package to be processed.
- -----------------------------------------------------------------------
- And we can then process the NEW queue:
- # dak process-new
- -----------------------------------------------------------------------
- hello_2.6-1_amd64.changes
- -------------------------
- Target: unstable
- Changed-By: Santiago Vila <sanvila@debian.org>
- NEW
- hello optional devel
- dsc:hello extra misc
- Add overrides, Edit overrides, Check, Manual reject, Note edit, Prod, [S]kip, Quit ?A
- PENDING ACCEPT
- -----------------------------------------------------------------------
- At this stage, the package has been marked as ACCEPTed from NEW.
- We now need to process the NEW policy queue:
- # dak process-policy new
- -----------------------------------------------------------------------
- Processing changes file: hello_2.6-1_amd64.changes
- ACCEPT
- -----------------------------------------------------------------------
- We can now see that dak knows about the package:
- # dak ls -S hello
- -----------------------------------------------------------------------
- hello | 2.6-1 | unstable | source, amd64
- -----------------------------------------------------------------------
- # dak control-suite -l unstable
- -----------------------------------------------------------------------
- hello 2.6-1 amd64
- hello 2.6-1 source
- -----------------------------------------------------------------------
- Next, we can generate the packages and sources files:
- # dak generate-packages-sources2
- (zcat /srv/dak/ftp/dists/unstable/main/binary-amd64/Packages.gz for instance)
- And finally, we can generate the signed Release files:
- # dak generate-release
- -----------------------------------------------------------------------
- Processing new
- Processing byhand
- Processing unstable
- -----------------------------------------------------------------------
- (Look at /srv/dak/ftp/dists/unstable/Release, Release.gpg and InRelease)
- #######################################################################
- # Next steps
- #######################################################################
- The debian archive automates most of these steps in jobs called
- cron.unchecked, cron.hourly and cron.dinstall.
- TODO: Write example (simplified) versions of these cronjobs which will
- do for most installs.
|