[buildd-tools-devel] sbuild 0.62.0 released
Roger Leigh
rleigh at codelibre.net
Wed Mar 16 19:59:39 UTC 2011
I have released sbuild version 0.62.0. This version includes a large
number of changes. From NEWS and the Debian changelog:
* Major changes in 0.62.0:
1) 'apt' is now the default build dependency resolver. Users should
not see any significant changes compared with the old 'internal'
resolver. Please note that you may need to generate a GPG key
for the local archive created for dependency package
installation, if one does not already exist; see sbuild-update
(--keygen) for further details.
2) The 'internal' build dependency resolver is deprecated. It is
not recommended for future use, and will be removed once it is no
longer used by the buildd infrastructure. Please use the 'apt'
resolver as a drop-in replacement.
3) The 'aptitude' build dependency resolver will, unlike 'apt' and
'internal', consider alternative dependencies by default, rather
than only using the first alternative. This is intended to both
preserve backward compatibility, and make the 'aptitude' resolver
the preferred choice for more complex situations, such as
building for experimental.
4) sbuild.conf and buildd.conf are now automatically generated from
the help text and defaults in the source code. This means that
the examples will always be syntactically correct, the help text
will always be current, and the defaults will always match the
defaults in the source code.
5) All of the allowed values in sbuild.conf and buildd.conf are now
documented in the new sbuild.conf(5) and buildd.conf(5) manual
pages, respectively. Like sbuild.conf, this is entirely
generated from the source code, so will always match the defaults
for the same sbuild version.
6) Non-scalar (or reference) types are deprecated in sbuild.conf.
This is because it is not possible to tell the difference between
an empty and an undefined value. Values using array or hash
types should use the equivalent array reference or hash
reference, which have been supported for some time. The old
style array and hash values will remain supported for now, but
will be removed in a future release.
7) sbuild now performs an apt dist-upgrade at the start of each
build by default, rather than an upgrade. This is to reduce the
amount of manual administration required to keep chroots up to
date, and is not much more risky than upgrade in this context.
8) A new option, --keep-session, has been added. This prevents the
automatic removal of session-managed snapshot chroots.
Previously, snapshots would not be deleted if purging of the
build directory or build dependencies was disabled, but this was
not always desirable, hence it is now configurable separately.
9) Internally, building and other actions in the chroot are
performed by the 'sbuild' system user, where previously the user
invoking sbuild would be used instead. The aim of this change is
to separate privileges to increase security and reduce the chance
of accidental or deliberate tampering of the build environment.
While the latter is not addressed by these changes, this will be
taken care of during future architectural changes.
10) In order to handle errors more robustly, the build code now has
initial support for exception handling. Normal operation will
not be affected, but fatal errors may be logged in a different
order than seen previously. Fatal errors will now be seen at the
end of the build log, which should make it easier to spot
problems.
11) sbuild now always cleans up fully when receiving a termination
signal such as SIGINT or SIGTERM. Note that you may need to wait
while the cleanup actions are performed, or the current task is
completed prior to initiating cleanup. When running
interactively, hitting Ctrl-C will sent SIGINT to the entire
process group; doing this while apt-get or aptitude are running
will potentially leave dpkg in an inconsistent state, so aborting
at this point is not recommended. Sending a SIGTERM to the
sbuild process will always work cleanly.
12) Long paths such as the chroot location and the build directory
inside the chroot are now filtered in the build log and replaced
with small, constant, abbreviations. This makes the build logs
comparable between builds with tools such as diff(1).
13) Logging messages have been improved, and important messages are
now coloured when running interactively (does not affect log
files). Errors, warnings and informational messages are coloured
red, yellow and green, respectively. Build status is coloured
green for success and red for all failure conditions.
14) The sbuild package build directory created inside the chroot now
has a reduced name length. It's now /build/packagename-XXXXXX
where XXXXXX are random characters. This helps reduce the chance
of hitting path length restrictions on some architectures,
particularly when using sockets.
15) Build log mails are now compressed and mailed in MIME format by
default, together with a copy of the .changes file. The old
behaviour (plain mailing of uncompressed logs) may be restored by
setting $mime_build_log_mails=0 in the configuration, and
compression may also be disabled in the MIME mails by setting
$compress_build_log_mails=0. Note that it is no longer possible
to send compressed log mails unless MIME mailing is enabled.
16) The wanna-build database has been removed entirely. This part of
the sbuild package was not used, and was not maintained for some
time. Users wishing to use wanna-build should investigate the
version in the wanna-build.git repository used by the Debian
autobuilding infrastructure. This version is actively maintained
and in continual use.
* New release.
* debian/control:
- Build-Depend upon libexception-class-perl.
* sbuild:
- Resolvers:
+ 'apt' is now the default build dependency resolver. Users should
not see any significant changes compared with the old 'internal'
resolver. Please note that you may need to generate a GPG key
for the local archive created for dependency package
installation, if one does not already exist; see sbuild-update
(--keygen) for further details.
+ The 'internal' build dependency resolver is deprecated. It is
not recommended for future use, and will be removed once it is no
longer used by the buildd infrastructure. Please use the 'apt'
resolver as a drop-in replacement.
+ The 'aptitude' build dependency resolver will, unlike 'apt' and
'internal', consider alternative dependencies by default, rather
than only using the first alternative. This is intended to both
preserve backward compatibility, and make the 'aptitude'
resolver the preferred choice for more complex situations, such
as building for experimental.
+ The aptitude resolver can resolve complex dependencies, e.g.
A | B, where A is uninstallable now correctly falls back to B.
This is not the case for the internal or apt resolvers, which by
intent do not make use of alternatives (they use the first
alternative only. sbuild now has full support for resolving
alternatives, but this is not the default behaviour
(Closes: #403246). Please see #614807 for a proposed description
of autobuilder-imposed build dependency restrictions in Policy.
+ All build dependency resolvers run dpkg with --force-confold.
This means packages with modified conffiles in the chroot to not
cause build failure. This includes /etc/services and
/etc/protocols from netbase (Closes: #576508).
- Logging:
+ Long paths such as the chroot location and the build directory
inside the chroot are now filtered in the build log and replaced
with small, constant, abbreviations (Closes: #605763). This makes
the build logs comparable between builds with tools such as
diff(1).
+ Logging messages have been improved, and important messages are
now coloured when running interactively (does not affect log
files). Errors, warnings and informational messages are coloured
red, yellow and green, respectively. Build status is coloured
green for success and red for all failure conditions.
+ Build log mails are now compressed and mailed in MIME format by
default, together with a copy of the .changes file. The old
behaviour (plain mailing of uncompressed logs) may be restored by
setting $mime_build_log_mails=0 in the configuration, and
compression may also be disabled in the MIME mails by setting
$compress_build_log_mails=0. Note that it is no longer possible
to send compressed log mails unless MIME mailing is enabled.
Thanks to Philipp Kern for implementing this.
- Error handling:
+ In order to handle errors more robustly, the build code now has
initial support for exception handling. Normal operation will
not be affected, but fatal errors may be logged in a different
order than seen previously. Fatal errors will now be seen at the
end of the build log, which should make it easier to spot
problems.
+ sbuild now always cleans up fully when receiving a termination
signal such as SIGINT or SIGTERM. Note that you may need to wait
while the cleanup actions are performed, or the current task is
completed prior to initiating cleanup. When running
interactively, hitting Ctrl-C will sent SIGINT to the entire
process group; doing this while apt-get or aptitude are running
will potentially leave dpkg in an inconsistent state, so aborting
at this point is not recommended. Sending a SIGTERM to the
sbuild process will always work cleanly.
- General:
+ sbuild now performs an apt dist-upgrade at the start of each
build by default, rather than an upgrade. This is to reduce the
amount of manual administration required to keep chroots up to
date, and is not much more risky than upgrade in this context.
+ A new option, --keep-session, has been added (Closes: #609658).
This prevents the automatic removal of session-managed snapshot
chroots. Previously, snapshots would not be deleted if purging
of the build directory or build dependencies was disabled, but
this was not always desirable, hence it is now configurable
separately.
+ Internally, building and other actions in the chroot are
performed by the 'sbuild' system user, where previously the user
invoking sbuild would be used instead. The aim of this change is
to separate privileges to increase security and reduce the chance
of accidental or deliberate tampering of the build environment.
While the latter is not addressed by these changes, this will be
taken care of during future architectural changes.
+ The sbuild package build directory created inside the chroot now
has a reduced name length. It's now /build/packagename-XXXXXX
where XXXXXX are random characters. This helps reduce the chance
of hitting path length restrictions on some architectures,
particularly when using sockets.
* wanna-build:
- The wanna-build database has been removed entirely. This part of
the sbuild package was not used, and was not maintained for some
time. Users wishing to use wanna-build should investigate the
version in the wanna-build.git repository used by the Debian
autobuilding infrastructure. This version is actively maintained
and in continual use.
* sbuild.conf:
- sbuild.conf is now automatically generated from the help text and
defaults in the source code. This means that the examples will
always be syntactically correct, the help text will always be
current, and the defaults will always match the defaults in the
source code (Closes: #609932, #610995).
- Non-scalar (or reference) types are deprecated in sbuild.conf.
This is because it is not possible to tell the difference between
an empty and an undefined value. Values using array or hash
types should use the equivalent array reference or hash
reference, which have been supported for some time. The old
style array and hash values will remain supported for now, but
will be removed in a future release.
* buildd.conf:
- Automatically generated like sbuild.conf. As for sbuild.conf,
non-scalar types are deprecated.
* sbuild.conf.5:
- All of the allowed values in sbuild.conf are now documented in a
new sbuild.conf(5) manual page. Like sbuild.conf, this is
entirely generated from the source code, so will always match the
defaults for the same sbuild version.
* buildd.conf.5:
- New manual page. Like sbuild.conf(5), this documents all allowed
values.
This release contains rather more changes than recent releases. The
resolver changes are well tested now, so should be trouble free. The
privilege separation changes have been tested in a number of different
configurations, and there are no known issues. However, if you do
encounter any permissions-related errors, this may be due to doing
something in the wrong security context or not setting the correct
owner/group/permissions. Please do file bugs. There should be no
surprises with the logging changes, which were straightforward. The
other internal changes (signal and exception handling) are working
well and robustly.
Regards,
Roger
Philipp Kern (16):
[Buildd::Mail] check_state: check w-b pipe exit status
[Buildd::Mail] also import exitstatus from Buildd
[Buildd::Mail] check_state: back off for 0..120s on db query failure
Merge branch 'buildd-0.60.0'
[Buildd::Mail] add more logging for check_state retries
Merge branch 'buildd-0.60.0'
sbuild: implement build log mail compression
Allow MIME encoded build logs.
Merge branch 'buildd-0.60.0'
[Buildd::Daemon] configuration loading is now implicit
[Sbuild::Chroot] guard ENVIRONMENT_FILTER usage
Merge branch 'buildd-0.61.0'
[Buildd::Uploader] drop unused Sbuild module usage
[Buildd::Daemon] only push NICE_LEVEL to sbuild_args if not zero
etc/25nssdatabases: exit cleanly if 20nssdatabases is found
Merge branch 'buildd-0.61.0'
Roger Leigh (130):
debian: Enable compatibility features on buildds
debian: Bump version to 0.61.0buildd0
NEWS: Bump version to 0.61.1
debian: Bump version to 0.61.1-1
sbuild-update.1: Add additional guidance for --keygen
Sbuild::Conf: Make apt the default resolver
sbuild.1: Document resolver default
sbuild.conf: Document resolver default
NEWS: apt is the default resolver, internal is deprecated
debian: Document resolver changes from NEWS
Sbuild::Conf: Fix typo in deprecation warning
Sbuild::Conf: Resolve alternatives by default with the aptitude resolver
sbuild.1: Document alternative resolving defaults
NEWS: Document alternative resolving defaults
debian: Document alternative resolving defaults
debian: Close #403246
Sbuild::Conf: Add help text for all settings
Sbuild::Conf: Add additional key tags
tools: Add sbuild-dumpconfig
sbuild-dumpconfig: Add support for buildd.conf, and man output
build: Distribute sbuild-dumpconfig
man: All manpages source definitions in defs.man
man: Add sbuild.conf.5 manual page
Ignore sbuild.conf.man
debian: sbuild includes sbuild.conf.5
man: sbuild.1 references sbuild.conf.5
NEWS: Document sbuild.conf and sbuild.conf.5 autogeneration
debian: Document sbuild.conf and sbuild.conf.5 autogeneration
Sbuild::ConfBase: Add GET handler for VERBOSE
Sbuild::Conf: Use dynamically generated script to parse configuration
NEWS: Deprecate non scalar types in sbuild.conf
debian: Deprecate non scalar types in sbuild.conf
debian: Close #576508 and #609932
debian: Close #610995
Sbuild::Conf: Run apt-get dist-upgrade by default
NEWS: Document dist-upgrade change
debian: Document dist-upgrade change
Sbuild::Build: Purge options do not affect session ending.
NEWS: Document --keep-session
debian: Close #609658
Sbuild::ConfBase: Add _get method to get value or default
Sbuild::Conf: Don't directly set LOG_DIR_AVAILABLE
Sbuild::Conf: Add GET handler for MAILTO
Sbuild::Conf: Use _get where defaults are useful
Sbuild::Conf: Handle VERBOSE correctly in interactive sessions
Sbuild::ConfBase: Add GET handler for OVERRIDE_DISTRIBUTION
NEWS: Fix typo
debian: Fix typo
sbuild-dumpconfig: Allow defaults to be ignored
Sbuild::DB::ClientConf: Annotate all configuration keys
Buildd::Conf: Annotate all configuration keys
Buildd::Conf: Ignore correct keys
sbuild-dumpconfig: Don't dump ignored defaults for manpages
man: Add buildd.conf.5 manpage (generated)
build: Automatically generate sbuild.conf and buildd.conf
Merge branch 'master' of ssh+git://git.debian.org/git/buildd-tools/sbuild
Sbuild::ConfBase: Add generic read function
Sbuild::Conf: Use Sbuild::ConfBase generic read
Build::Conf: Add metadata and use generic Sbuild::Conf read
build: Use absolute paths when running scripts
NEWS: Document buildd.conf and buildd.conf(5) generation
debian: Install buildd.conf(5)
debian: Document buildd.conf and buildd.conf(5)
sbuild-apt: Run apt via the resolver
Merge branch 'master' of ssh+git://git.debian.org/git/buildd-tools/sbuild
Sbuild::Exception: New exception classes
debian: Build-Depend upon libexception-class-perl
Sbuild::Build: Add exceptions to run()
Sbuild::Build: set_dsc throws exception on failure
sbuild: Add exception handler around Sbuild::Build::run
Sbuild::Exception: Add status field
Sbuild::Build: Log exceptions prior to closing build log
Sbuild::Build: Remove unused 'Pkg Fail Stage' setting
Sbuild::Build: Add exceptions for arch and space checks
Sbuild::Build: Split source packing and chroot update from run()
Sbuild::Build: chroot_arch throws exception on failure
Sbuild::Build: Throw exceptions in open_build_log and build
Sbuild::Build: build does not remove build tree
Sbuild::Build: Throw exception in build version check
Sbuild::Build: Throw exceptions doing hack binNMU
Sbuild::Build: Fail Stage only set in run() functions
wrapper: Wrap schroot invocation to run as sbuild user
build: Use datadir rather than libexecdir for scripts
debian: libexecdir is /usr/lib
Sbuild::Conf: Allow consistency checks to be avoided for dumpconfig
debian: Install sbuild-schroot wrapper
sbuild: Use sbuild user for building
NEWS: Document sbuild user and privilege separation
debian: Document sbuild user and privilege separation
Merge branch 'master' into exception-handling
NEWS: Document exceptions and logging
debian: Document exceptions and logging
sbuild: Add safe signal handling
NEWS: Document signal handling
debian: Document signal handling
Sbuild::Build Rename abort to request_abort
Sbuild::Build: Minor logging enhancements
Sbuild::Build: Filter log messages
NEWS: Document log filtering
debian: Close #605763
Sbuild::Build: Colourise logs when logging to a TTY
NEWS: Document coloured messages
debian: Document coloured messages
Sbuild::AptitudeResolver: Don't use Dpkg::Deps
Sbuild::Build: Only send mail after the build log has been closed
build: Add uninstall logic
debian: Remove wanna-build
wanna-build: Remove
etc: Remove wanna-build.conf
Sbuild::DB::Client*: Rename to Buildd::Client*
NEWS: Document wanna-build removal
debian: Amend wanna-build removal comments
Sbuild::Build: Shorted chroot build directory.
NEWS: Document build dir name change
debian: Document build dir name change
NEWS: Tidy
debian: Tidy changelog
NEWS: Bump version to 0.62.0
debian: Bump version to 0.62.0-1
debian: Fix buildd sbuild dependency for binNMU now it's arch-any
debian: Add lintian override for sbuild setuid wrapper
Sbuild::Build: Remove log compression without MIME
sbuild-update: Create only one ChrootRoot object
Sbuild::ChrootSetup: Enable privilege separation for generating keys
Sbuild::Chroot: Don't run sudo with -p
Sbuild::Conf: Make MIME and log compression the default
NEWS: Document MIME and compression of log mails
debian: Document MIME and compression of log mails
debian: Add missing perl modules for autobuilding
Sbuild::ConfBase: Really permit check disabling during build
Makefile.am | 2 +-
NEWS | 112 ++-
bin/Makefile.am | 38 +-
bin/sbuild | 124 +--
bin/sbuild-apt | 9 +-
bin/sbuild-update | 11 +-
bin/wanna-build | 82 --
bin/wanna-build-catdb | 73 --
bin/wanna-build-dump | 40 -
bin/wanna-build-mail | 45 -
bin/wanna-build-merge-packages | 158 ---
bin/wanna-build-merge-quinn | 134 --
bin/wanna-build-statistics | 161 ---
configure.ac | 73 +-
debian/buildd.install | 1 +
debian/changelog | 127 ++
debian/control | 53 +-
debian/rules | 36 +-
debian/sbuild.install | 2 +
debian/sbuild.lintian-overrides | 1 +
debian/sbuild.postinst | 17 +-
debian/wanna-build.docs | 2 -
debian/wanna-build.install | 6 -
etc/25nssdatabases | 7 +
etc/Makefile.am | 23 +-
etc/buildd.conf | 188 ---
etc/sbuild.conf | 365 ------
etc/wanna-build.conf | 113 --
lib/Buildd/Base.pm | 2 +-
lib/Buildd/Client.pm | 127 ++
lib/Buildd/ClientConf.pm | 168 +++
lib/Buildd/Conf.pm | 643 ++++++----
lib/Buildd/Daemon.pm | 13 +-
lib/Buildd/DistConf.pm | 14 +-
lib/Buildd/Mail.pm | 43 +-
lib/Buildd/Makefile.am | 18 +-
lib/Buildd/UploadQueueConf.pm | 12 +-
lib/Buildd/Uploader.pm | 2 -
lib/Makefile.am | 2 +-
lib/Sbuild.pm | 69 +-
lib/Sbuild/AptitudeResolver.pm | 1 -
lib/Sbuild/Build.pm | 925 ++++++++++-----
lib/Sbuild/Chroot.pm | 26 +-
lib/Sbuild/ChrootPlain.pm | 2 +-
lib/Sbuild/ChrootSetup.pm | 35 +-
lib/Sbuild/ChrootSudo.pm | 2 +-
lib/Sbuild/Conf.pm | 889 +++++++++-----
lib/Sbuild/ConfBase.pm | 268 ++++-
lib/Sbuild/DB/Base.pm | 154 ---
lib/Sbuild/DB/Client.pm | 127 --
lib/Sbuild/DB/ClientConf.pm | 133 --
lib/Sbuild/DB/Info.pm | 61 -
lib/Sbuild/DB/MLDBM.pm | 307 -----
lib/Sbuild/DB/Makefile.am | 38 -
lib/Sbuild/DB/Postgres.pm | 215 ----
lib/Sbuild/Exception.pm | 34 +
lib/Sbuild/InternalResolver.pm | 4 +-
lib/Sbuild/LogBase.pm | 2 +-
lib/Sbuild/Makefile.am | 3 +-
lib/Sbuild/Options.pm | 3 +
lib/Sbuild/ResolverBase.pm | 51 +-
lib/Sbuild/Sysconfig.pm.in | 6 +-
lib/WannaBuild/Conf.pm | 294 -----
lib/WannaBuild/Database.pm | 2294 -----------------------------------
lib/WannaBuild/Mail.pm | 431 -------
lib/WannaBuild/Makefile.am | 36 -
lib/WannaBuild/Options.pm | 219 ----
man/.gitignore | 5 +
man/Makefile.am | 56 +-
man/buildd-mail.1.in | 3 +-
man/buildd-uploader.1.in | 3 +-
man/buildd-vlog.1.in | 3 +-
man/buildd-watcher.1.in | 3 +-
man/buildd.1.in | 4 +-
man/buildd.conf.5.in | 75 ++
man/defs.man.in | 28 +
man/sbuild-abort.1.in | 3 +-
man/sbuild-adduser.8.in | 3 +-
man/sbuild-apt.1.in | 3 +-
man/sbuild-checkpackages.1.in | 3 +-
man/sbuild-createchroot.8.in | 3 +-
man/sbuild-debuild.1.in | 3 +-
man/sbuild-hold.1.in | 3 +-
man/sbuild-setup.7.in | 3 +-
man/sbuild-shell.1.in | 3 +-
man/sbuild-stats.1.in | 3 +-
man/sbuild-update.1.in | 10 +-
man/sbuild.1.in | 28 +-
man/sbuild.conf.5.in | 74 ++
man/wanna-build-catdb.1.in | 70 --
man/wanna-build-mail.1.in | 112 --
man/wanna-build-merge-packages.1.in | 59 -
man/wanna-build-statistics.1.in | 63 -
man/wanna-build.1.in | 770 ------------
tools/Makefile.am | 28 +
tools/sbuild-dumpconfig | 158 +++
wrapper/Makefile.am | 33 +
wrapper/util.cc | 250 ++++
wrapper/util.h | 194 +++
wrapper/wrapper.cc | 188 +++
100 files changed, 3897 insertions(+), 8026 deletions(-)
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20110316/0a8db786/attachment-0001.pgp>
More information about the Buildd-tools-devel
mailing list