sbuild-setup - sbuild setup procedure
sbuild uses chroots to build packages within, to provide a minimal and
consistent build environment. This man page describes the procedure to
create a chroot by hand using debootstrap. These are only guidelines;
depending upon the setup required, several of the steps may be omitted
Simply running sbuild-createchroot will perform all the setup steps
described in detail below. See the section "sbuild-createchroot"
below, as well as sbuild-createchroot(1).
This guide sets up a lenny chroot on a powerpc machine. Adjust the
names for other suites and architectures.
1. Run debootstrap to create the chroot
# mkdir -p /srv/chroot/lenny
The author has each chroot as a separate LVM logical volume (LV).
Create and mount an LV here if required:
# lvcreate -L 4G -n lenny_chroot -Z y volume-group
Add to /etc/fstab and mount (see next section for full fstab example).
Finally, run debootstrap to create the chroot:
# debootstrap --variant=buildd lenny /srv/chroot/lenny
2. Set up additional mounts
An example /etc/fstab:
/srv/chroot/lenny ext3 defaults 0 2
/dev/pts /srv/chroot/lenny/dev/pts none rw,bind 0 0
tmpfs /srv/chroot/lenny/dev/shm tmpfs defaults 0 0
proc /srv/chroot/lenny/proc proc defaults 0 0
/srv/chroot/lenny/home ext3 quota 0 0
/tmp /srv/chroot/lenny/tmp none rw,bind 0 0
/etc/passwd /srv/chroot/lenny/etc/passwd none ro,bind 0 0
/etc/shadow /srv/chroot/lenny/etc/shadow none ro,bind 0 0
/etc/group /srv/chroot/lenny/etc/group none ro,bind 0 0
/etc/gshadow /srv/chroot/lenny/etc/gshadow none ro,bind 0 0
none ro,bind 0 0
If the bind mountpoints don't exist in the chroot, touch them:
# touch /srv/chroot/lenny/etc/resolv.conf
Next, mount them all.
Depending on your kernel version and security considerations, you may
wish to do this part slightly differently. With a Linux kernel, at
least version 2.6 is required for bind mounts, and devpts
(CONFIG_UNIX98_PTYS) for /dev/pts. Other guides recommend copying the
files, but this method keeps them up-to-date at no cost.
If using sbuild with schroot, passwd, shadow, group, gshadow and
resolv.conf can be updated automatically at the start of each build, so
no action is required here. schroot can also automatically mount all
of the extra filesystems, so all the other mounts may be omitted.
To disable networking, don't bind mount /etc/resolv.conf. This will
prevent APT from working inside the chroot, but prevents package
building from having working network access (no nameservers).
3. Edit sources.list
Create or edit /srv/chroot/lenny/etc/apt/sources.list, and add all the
APT sources required to obtain binary and source packages for your
deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main
deb http://ftp.uk.debian.org/debian/ lenny main
deb-src http://ftp.uk.debian.org/debian/ lenny main
4. Configure dchroot or schroot
This is entirely optional, but will make the chroot environment easier
to access and administer.
For dchroot, add the following line to /etc/dchroot.conf:
For schroot, add a group to /etc/schroot/schroot.conf (or a new file
/etc/schroot/chroot.d/lenny), for example:
description=Debian lenny (stable)
For sudo, add a symbolic link to the directory /etc/sbuild/chroot, for
# mkdir -p /etc/sbuild/chroot
# ln -s /srv/chroot/lenny /etc/sbuild/chroot/lenny
5. Log into chroot
# dchroot -c lenny
$ schroot -c lenny -u root
6. Set up packages for sbuild
While running as root inside the chroot:
# apt-get update
# apt-get dist-upgrade
# apt-get install debconf
# dpkg-reconfigure -plow debconf
Answer the debconf questions as follows:
You only need to run dpkg-reconfigure if you weren't asked the
questions during the debconf install. Next, install the packages
required for building packages:
# apt-get install debfoster fakeroot build-essential
# apt-get install makedev
# cd /dev/
# /sbin/MAKEDEV generic
# touch /etc/mtab
For some security, we don't bind mount /dev, so it can't access e.g.
7. sbuild setup
While running as root inside the chroot:
# mkdir /build
# chown root:sbuild /build
# chmod 02775 /build
# mkdir -p /var/lib/sbuild/srcdep-lock
# chown -R root:sbuild /var/lib/sbuild
# chmod -R 02775 /var/lib/sbuild
Note that when using sbuild with schroot, this setup is done at the
start of each build, so is not required here.
Congratulations! You should now have a fully configured and
This script will automatically perform a number of the steps described
o Running debootstrap.
o Setting up APT sources in /etc/apt/sources.list.
o Setting up a minimal /etc/passwd
o Setting up /build and /var/lib/sbuild with appropriate ownership
After it has done this, you do still need to do some manual setup,
completing the steps it missed out above, for example.
1. Group membership
As root, run:
# sbuild-adduser user
Alternatively, add the user to the sbuild group by hand:
# adduser user sbuild
Configure the user's ~/.sbuildrc:
$ cp /usr/share/doc/sbuild/examples/example.sbuildrc ~user/.sbuildrc
Edit to set the correct mail address to send log files to, and the
correct maintainer name and/or uploader name.
3. Build directories
Create directories to contain packages and log files. (.sbuildrc may
have configured different locations; the default build directory is the
current directory, and the default $log_dir is ~/logs):
$ mkdir ~/logs
4. sudo setup
This step not required if schroot is used (which is the default, set in
sbuild.conf). If using sbuild with sudo (chroot_mode "split"), sudo
needs configuring to give the user permission to install and remove
packages in the chroot, which requires root priveleges. Add the
following lines to /etc/sudoers:
username ALL=NOPASSWD: ALL
Defaults:username env_keep+="APT_CONFIG DEBIAN_FRONTEND SHELL"
where username is the name of the user who will run sbuild.
The user should now be able to run sbuild.
$ sbuild ...
Copyright (C) 2005-2008 Roger Leigh <firstname.lastname@example.org>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
debootstrap(1), sbuild(1), sbuild-adduser(1), sbuild-createchroot(1).