How to create a packaging environment with sbuild

Requirements

• Dedicated VM/server
  • CPU – The more CPU you have the faster the builds will run;
  • Mem – The more you have, the better. With enough RAM, you can run the chroot overlay in memory. This is particularly useful to speed up build process and prolong the life of your SSD.
  • Disk – preferably SSD, with enough capacity.
  • OS – Ubuntu server (minimal install).

Setting up the environment

These guidelines enable you to create a debian build environment with sbuild. If you intend to enter the schroot environments for building or debugging directly in the working directory, please review the notes at the end of this guide.

Steps

Preliminary configuration

1. Fully update the system

sudo apt update && sudo apt full-upgrade

2. Optional – Get rid of snap since you won’t need it: How to remove snap from Ubuntu.
3. Optional – Install my favourite editor

sudo apt install vim

4. Optional – Avoid typing your password to run sudo

sudo tee /etc/sudoers.d/myChanges<<EOF
${USER} ALL=(ALL:ALL) NOPASSWD: ALL
EOF

Setup package caching

5. Install apt-cacher-ng squid-deb-proxy to cache downloaded packages between builds.

# apt-cacher-ng is not working properly, using squid-deb-proxy instead
#sudo DEBIAN_FRONTEND=noninteractive apt install -yq apt-cacher-ng
sudo apt install -y squid-deb-proxy

Install required tooling

6. Install the minimal set of tools.

sudo apt install -y sbuild debhelper ubuntu-dev-tools appstream

Setup your GPG key

7. Generate a GPG key according to GnuPrivacyGuardHowto (in case you didn’t already):
   1. Generating an OpenPGP Key;
   2. Setting the key to be the default – export it, but don’t set it in your profile, we will do that later;
   3. Uploading the key to Ubuntu keyserver;
   4. Wait a few minutes before importing it on LaunchPad…
   5. Validation with Launchpad.
      
8. Otherwise, import your pre-existing key:
   1. Backing up and restoring your keypair
      
9. Optional – Configure gpg agent to keep credentials cached for longer

tee ~/.gnupg/gpg-agent.conf<<EOF
default-cache-ttl 1209600
max-cache-ttl 31536000
EOF

Configure environment

10. Set session defaults. Do not forget to adjust: DEBEMAIL, DEBFULLNAME and GPGKEY.

tee ~/.bash_aliases<<EOF
export EDITOR=vim
export HISTSIZE=5000
export HISTFILESIZE=5000
export DEBEMAIL='<user@example.org>'
export DEBFULLNAME='<Your Name>'
export GPGKEY=<YourKeyID>
EOF

11. Create the directory structure.

mkdir -p ~/workspace/xtradeb/{apps,play,logs}

Configure sbuild

12. Ensure our user can run ‘sbuild’.

sudo sbuild-adduser ${USER}

13. To make the previous permission effective, you need to logout and login again or execute newgrp sbuild in our current shell.
    
14. Create “~/.sbuildrc”. You may want to update the “distribution”.

tee ~/.sbuildrc<<EOF
\$maintainer_name='${DEBFULLNAME} <${DEBEMAIL}>';
\$distribution = 'jammy';
\$resolve_alternatives = 1;
\$build_arch_all = 1;
\$purge_build_directory= 'successful';
\$purge_session = 'successful';
\$purge_build_deps = 'successful';
1;
EOF

15. Create “~/.mk-sbuild.rc”.

tee ~/.mk-sbuild.rc<<EOF
SCHROOT_CONF_SUFFIX="source-root-users=root,sbuild,admin
source-root-groups=root,sbuild,admin
preserve-environment=true"
#DEBOOTSTRAP_PROXY=http://127.0.0.1:3142
DEBOOTSTRAP_PROXY=http://127.0.0.1:8000
EOF

16. Optional – Perform the builds in memory. Please keep in mind that the amount of memory you have available may limit the execution of specific and/or concurrent builds. You might also want to adjust the overlay size (“85%”) to a value more suitable to your environment.

sudo tee -a /etc/fstab<<EOF
# for schroots overlay
none /var/lib/schroot/session        tmpfs uid=root,gid=root,mode=0755 0 0
none /var/lib/schroot/union/overlay  tmpfs uid=root,gid=root,mode=0755,size=85% 0 0
none /var/lib/sbuild/build           tmpfs uid=sbuild,gid=sbuild,mode=2770 0 0
EOF

sudo mount -a

17. Create a chroot for jammy (by default amd64 will be chosen). You might want to create other chroots…

mk-sbuild jammy

Rebuilding a package (hello)

Steps

1. Enable sources

sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
sudo apt update

2. Get into the build directory and create a new directory for the package we want to rebuild.

cd ~/WorkSpace/xtradeb/apps
mkdir hello
cd hello

3. Retrieve the source code of hello

apt source hello

4. Enter the package source

cd hello-*

5. Optional – Doing some changes

sed -i -- 's/Hello/Goodbye/g' src/hello.c
sed -i -- 's/Hello/Goodbye/g' tests/hello-1
dpkg-source --commit

6. Minor fixes to this specific package/version (hello_2.10-2ubuntu3)

# Missing dependency
#sed -i 's/debhelper-compat (= 9)/&, texinfo/' debian/control
sed -i 's/debhelper-compat (= 9)/debhelper-compat (= 12), texinfo/' debian/control

# Minor adjustments to the maintainers
sed -i '/^Maintainer/d' debian/control
sed -i 's/^XSBC-Original-//' debian/control

# Remove old rules file
rm debian/rules-old

# Remove old rule
sed -i '/^override_dh_builddeb:/,$d' debian/rules

7. Update the maintainer

# update-maintainer
# When the previous does not work..
sed -i "s/Maintainer/Maintainer: ${DEBFULLNAME} <${DEBEMAIL}>\nXSBC-Original-Maintainer/" debian/control

8. Create a new version

dch -i Rebuild for xtradeb with/out some changes.

9. Fixing the changelog version

sed -i 's/-\([0-9]*\)ubuntu[0-9]*) UNRELEASED/-\1~xtradeb1) jammy/' debian/changelog

10. Building

sbuild -d jammy

11. Signing (“-d” – do not check dependencies). Append --lintian-opts --no-lintian to skip lintian.

debuild -d -S -sa

Notes

schroot

• List chroots

schroot -l

• Entering a schroot

schroot -c jammy-amd64 -p

• List all schroot sessions

schroot -l --all-sessions

• Enter a specific schroot session

schroot -r -c <session ID>

• Remove a specific schroot session

schroot -e -c <session ID>

• Remove all schroot sessions

schroot -e --all-sessions

sbuild

• Build from the current working directory. This directory must contain the source code and the debian directory

sbuild -d jammy

• Build from a debian source control file (.dsc)

sbuild -d jammy <package>.dsc

• Build with additional package sources. Include --no-run-lintian to skip lintian.

sbuild -d jammy --extra-repository="deb [trusted=yes] http://ppa.launchpad.net/xtradeb/apps/ubuntu jammy main"

• Update chroots (jammy and kinetic)

sbuild-update -udcar jammy kinetic

• Instructions to delete a chroot

sbuild-destroychroot jammy-amd64

Debuild

• Building

debuild -us -uc -b | tee ../build_log

• Signing (“-d” – do not check dependencies | “-sd” – alternative versions. Upload package without source. Assuming you already did it.)

debuild -d -S -sa

• Re-make orig tar. One use case, is when you added some exclusions to the copyright and you wnat the orig tar to be automatically updated. Do this inside the source tree directory, where the debian directory is.

mk-origtargz ../<upstream tar>

Chroot with /home and build tools

Before proceeding, keep in mind that if you follow the instructions below, we will no longer have a pristine clean chroot. Furthermore, your home will be mounted within it, which may result in some caveats. This is not an exhaustive list, just a few things that come to my mind: you might accidentally change or delete your home contents; the package build process might use home and if/when you push it to launchpad, the build process breaks because this is not allowed. Ideally, you should create another shcroot for this purpose.

To ensure a clean environment, mk-sbuild sets the schroot default profile to sbuild. However, for development purposes it might be convenient to have your home available inside the schroot. To do so, we have two options:

• Reverting that setting in the schroot configuration

sudo sed -i 's/^\(profile=\)sbuild/\1default/' /etc/schroot/chroot.d/sbuild-jammy-amd64

• Appending the following parameter into “~/.mk-sbuild.rc” before creating the schroot

SCHROOT_PROFILE="default"

In such case, it is also useful to have the development tools available inside the schroot. To do that, you have several options. We present two of them here (one or the other):

• Install directly into the schroot (notice the “source:“)

schroot -c source:jammy-amd64 -u root -p -- apt -y -o DPkg::Options::="--force-confdef" install devscripts equivs sudo vim quilt

• Appending the following parameter into “~/.mk-sbuild.rc” before creating the schroot

DEBOOTSTRAP_INCLUDE="devscripts,equivs,sudo,vim,quilt"

At this point, it is probably also useful to have an alias to install the package dependencies

alias getSchrootBuildDeps='sudo mk-build-deps -i -r -t '\''apt -y --no-install-recommends'\''; rm -fv *.{changes,buildinfo}'

Putting it all together, if you want to develop inside the schroot, these are the complete steps 10 and 15 of the Setting up the environment section:

10. Set session defaults. Adjust accordingly, in particular: DEBEMAIL, DEBFULLNAME and GPGKEY.

tee ~/.bash_aliases<<EOF
export EDITOR=vim
export HISTSIZE=5000
export HISTFILESIZE=5000
export DEBEMAIL='<user@example.org>'
export DEBFULLNAME='<Your Name>'
export GPGKEY=<YourKeyID>
alias getSchrootBuildDeps='sudo mk-build-deps -i -r -t '\''apt -y --no-install-recommends'\''; rm -fv *.{changes,buildinfo}'
EOF

15. Create “~/.mk-sbuild.rc”

tee ~/.mk-sbuild.rc<<EOF
SCHROOT_CONF_SUFFIX="source-root-users=root,sbuild,admin
source-root-groups=root,sbuild,admin
preserve-environment=true"
#DEBOOTSTRAP_PROXY=http://127.0.0.1:3142
DEBOOTSTRAP_PROXY=http://127.0.0.1:8000
SCHROOT_PROFILE="default"
#DEBOOTSTRAP_INCLUDE="devscripts,equivs,sudo,vim,quilt"
# Due to bug https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/86536
# we need to explicitly add perl-openssl-defaults in order to successfuly install devscripts
DEBOOTSTRAP_INCLUDE="perl-openssl-defaults,devscripts,equivs,sudo,vim,quilt"
EOF

References

Tested on: Ubuntu 22.04, 23.10

• Gnu Privacy Guard Howto
• Simple sbuild
• Setting up sbuild
• sbuild
• BuildEnvironment
• BuildingASourcePackage

 How to