On Monday, November 25, 2024 4:57:50 PM MST Soren Stoutner wrote: > On Saturday, November 23, 2024 2:20:45 PM MST Philipp Kern wrote: > > The news are collected on https://wiki.debian.org/DeveloperNews > > Please contribute short news about your work/plans/subproject. > > > > In this issue: > > + Debian buildds are using sbuild with unshare now > > + sbuild chroot manager for unshare backend users > > + Building packages with make --shuffle > > + debian.org: Support for Security Key-backed SSH keys > > > > Debian buildds are using sbuild with unshare now > > ------------------------------------------------ > > > > The wanna-build team switched all buildds to the sbuild unshare backend > > for trixie/sid/experimental plus *-backports. This means that official > > Debian builds now run as non-root user and rely on user namespaces > > instead of schroot. In addition this blocks any network access during > > the build as per Debian policy 4.9. > > > > Prior to the switch Santiago Vila did test rebuilds of all packages and > > bugs have been filed: > > > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=unshare;users=debian-wb-t > > ea > > > > [email protected] > > > > Help is welcome to fix the remaining bugs. > > > > We recommend all developers to use sbuild with unshare as well. > > Notes on how to set it up as well as hints for custom usage are collected > > on the Wiki: > > > > https://wiki.debian.org/sbuild > > I am not able to get the example unshare .sbuildrc to work with piuparts. > > 0m0.0s DEBUG: Unpacking /home/soren/.cache/sbuild/unstable-amd64.tar.xz into / > tmp/tmplbhnn26l > 0m0.0s DEBUG: Starting command: ['tar', '-C', '/tmp/tmplbhnn26l', '--auto- > compress', '-xf', '/home/soren/.cache/sbuild/unstable-amd64.tar.xz'] > 0m0.5s DUMP: > tar: ./dev/console: Cannot mknod: Operation not permitted > tar: ./dev/full: Cannot mknod: Operation not permitted > tar: ./dev/null: Cannot mknod: Operation not permitted > tar: ./dev/ptmx: Cannot mknod: Operation not permitted > tar: ./dev/random: Cannot mknod: Operation not permitted > tar: ./dev/tty: Cannot mknod: Operation not permitted > tar: ./dev/urandom: Cannot mknod: Operation not permitted > tar: ./dev/zero: Cannot mknod: Operation not permitted > tar: Exiting with failure status due to previous errors > > Does anyone have any pointers as to the root of the problem?
I suppose I should note that I have made a few modifications to the example
file
because it wasn’t behaving as expected. Specifically, I disabled the
mmdebstgrap auto create because otherwise it was ignoring the tarball I had
created in the previous steps (including the apt-cacher-ng setting) and
creating a new tarball pulling straight from the internet at each build, at
each run of lintian, and at each run of piuparts. I also had to specify the
distribution or things didn’t work when building against a changelog that
targeting UNRELEASED.
Piuparts is fine if I let it generate its own tarball on each run. But it
doesn’t like using the tarball previously created.
# Set the chroot mode to be unshare.
$chroot_mode = 'unshare';
# Exit to a shell on command failures.
$external_commands = { "build-failed-commands" => [ [ '%SBUILD_SHELL' ] ] };
# Specify the distribution, -d
$distribution = 'unstable';
# Use an existing tarball instead of creating one each time.
$unshare_mmdebstrap_auto_create = 0;
## run lintian after every build (in the same chroot as the build): use --no-
run-lintian to override
$run_lintian = 1;
# pass any lintian options
$lintian_opts=['--info', '--display-info', '--verbose', '--fail-
on','error,warning'];
## run autopkgtest after every build (in a new, clean, chroot): use --no-run-
autopkgtest to override
$run_autopkgtest = 1;
# use 'unshare' for autopkgtests
$autopkgtest_root_args = [''];
$autopkgtest_opts = ['--apt-upgrade', '--', 'unshare', '--release', '%r', '--
arch', '%a' ];
## run piuparts after every build (in a new, clean, chroot): use --no-run-
piuparts to override
# this does not work in bookworm
$run_piuparts = 1;
$piuparts_root_args = ['PATH=/usr/sbin:/usr/bin', 'unshare', '--pid', '--
fork', '--mount-proc', '--map-root-user', '--map-auto'];
$piuparts_opts = ["--basetgz=$HOME/.cache/sbuild/%r-%a.tar.xz", '--no-
eatmydata', '--fake-essential-packages=systemd-sysv', '--distribution=%r'];
--
Soren Stoutner
[email protected]
signature.asc
Description: This is a digitally signed message part.
