projects:package-building
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
projects:package-building [2013/04/14 09:01] – created siretart | projects:package-building [2013/07/14 08:31] (current) – notes on my lxc setup siretart | ||
---|---|---|---|
Line 10: | Line 10: | ||
For both, Debian and Ubuntu, I recommend installing in " | For both, Debian and Ubuntu, I recommend installing in " | ||
+ | |||
+ | ==== Installing LXC ==== | ||
+ | |||
+ | Ubuntu (I guess the same is true for debian) offers convenient means to create Debian and Ubuntu based LXC containers. Inside the container the network, filesystem, and processes are isolated, but disk space, disk i/o and cpu time is shared. It is also very lightweight as no extra kernel is involved. For details, see https:// | ||
+ | |||
+ | I recommend running the root filesystem on '' | ||
+ | |||
+ | Steps to create a container suitable for package building: | ||
+ | |||
+ | SUITE=wheezy lxc-create -t debian-build | ||
+ | ln -s / | ||
+ | |||
+ | Ubuntu confines the container with app-armor in order to limit the capability and permissions of processes inside the container, and thus, to limit the security risks of untrusted code " | ||
+ | |||
+ | - Run the container in with the unconfined profile | ||
+ | - Create and use the following profile: | ||
+ | |||
+ | < | ||
+ | # / | ||
+ | # | ||
+ | # Do not load this file. Rather, load / | ||
+ | # will source all profiles under / | ||
+ | |||
+ | profile lxc-container-schroot flags=(attach_disconnected, | ||
+ | #include < | ||
+ | #include < | ||
+ | | ||
+ | mount fstype=cgroup -> / | ||
+ | |||
+ | mount options in (ro, | ||
+ | mount fstype=proc, | ||
+ | mount fstype=sysfs, | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Unfortunately, | ||
+ | |||
+ | < | ||
+ | # Template used to create this container: debian | ||
+ | # Template script checksum (SHA-1): 33e3fc0cb7e2809453c36e81fe0fe4aa5542c208 | ||
+ | |||
+ | lxc.network.type = veth | ||
+ | lxc.network.link = lxcbr0 | ||
+ | lxc.network.flags = up | ||
+ | lxc.network.ipv4 = 10.0.3.200 | ||
+ | |||
+ | lxc.rootfs = / | ||
+ | lxc.tty = 4 | ||
+ | lxc.pts = 1024 | ||
+ | lxc.utsname = debian-build | ||
+ | |||
+ | # When using LXC with apparmor, uncomment the next line to run unconfined: | ||
+ | # | ||
+ | |||
+ | lxc.aa_profile = lxc-container-schroot | ||
+ | |||
+ | lxc.cgroup.devices.deny = a | ||
+ | # /dev/null and zero | ||
+ | lxc.cgroup.devices.allow = c 1:3 rwm | ||
+ | lxc.cgroup.devices.allow = c 1:5 rwm | ||
+ | # consoles | ||
+ | lxc.cgroup.devices.allow = c 5:1 rwm | ||
+ | lxc.cgroup.devices.allow = c 5:0 rwm | ||
+ | lxc.cgroup.devices.allow = c 4:0 rwm | ||
+ | lxc.cgroup.devices.allow = c 4:1 rwm | ||
+ | # / | ||
+ | lxc.cgroup.devices.allow = c 1:9 rwm | ||
+ | lxc.cgroup.devices.allow = c 1:8 rwm | ||
+ | lxc.cgroup.devices.allow = c 136:* rwm | ||
+ | lxc.cgroup.devices.allow = c 5:2 rwm | ||
+ | # rtc | ||
+ | lxc.cgroup.devices.allow = c 254:0 rwm | ||
+ | |||
+ | # found on http:// | ||
+ | # Allow to mknod all devices (but not using them) | ||
+ | lxc.cgroup.devices.allow | ||
+ | lxc.cgroup.devices.allow | ||
+ | |||
+ | # mounts point | ||
+ | lxc.mount.entry = proc proc proc nodev, | ||
+ | lxc.mount.entry = sysfs sys sysfs defaults | ||
+ | </ | ||
+ | |||
+ | |||
==== Preparing the environment ==== | ==== Preparing the environment ==== | ||
- | Install packages that are relevant for packaging. Note that I prefer '' | + | Install packages that are relevant for packaging. Note that I prefer |
The following command gets you started: | The following command gets you started: | ||
Line 28: | Line 112: | ||
Replace '' | Replace '' | ||
+ | |||
+ | Note that in this setup, your user needs to be in the group '' | ||
+ | |||
+ | Now enter the chroot and edit the package sources in ''/ | ||
+ | |||
+ | sudo schroot -c source: | ||
+ | sensible-editor / | ||
To install the latest update in that environment, | To install the latest update in that environment, | ||
Line 40: | Line 131: | ||
sbuild -A -d unstable hello.dsc | sbuild -A -d unstable hello.dsc | ||
- |
projects/package-building.1365930063.txt.gz · Last modified: 2013/04/14 09:01 by siretart