ReleaseEngineering/PuppetAgain/HowTo/Build DEBs

From MozillaWiki
Jump to: navigation, search

Within PuppetAgain, Debian packages are built from an expanded debian/ directory kept in version control and an .orig.tar.bz2 kept in the data directories. This surfaces changes to the debian build scripts as diffs in the puppetagain repo, although it also requires some custom build scripts.

Those build scripts, however, are implemented on hosts with the toplevel::server::pkgbuilder class. This class helpfully creates a cowbuilder image and provides the pupppetagain-build-deb script to build a package from a debian directory.

Upstream Upgrades

If the new package requires lots of other packages that aren't in our repo, then that would be a problem and we should probably find a way to recompile instead. But if just the desired package plus one or two others needs to be upgraded, then it should be OK.


Log in to a package builder host (a node that includes toplevel::server::pkgbuilder; see your org's nodes.pp to find the hostname) as yourself (not root), and get a checkout of the puppetagain repo. See moco instructions.

For the package you want, find or create the appropriately-named orig tarball in the same directory as the package-debian dir, e.g., modules/packages/manifests/mozilla. Then run puppetagain-build-deb with the path to the package-debian dir:

   puppetagain-build-deb precise amd64 modules/packages/manifests/nodejs-debian

This will build the package using cowbuilder and tell you the location of the results at the end. You'll probably need to build for both amd64 and i386. And in the future, you may need different distributions than just "precise".


To modify an existing package, do the same, but make the necessary changes in the package-debian directory beforehand. Note that you will need to update package-debian/changelog to update the version number.

To modify an existing package that is not already part of PuppetAgain, copy its debian/ directory into the source tree, make any necessary modifications, and build it.

Note: Do not check in the orig tarball, but do be sure to copy the orig tarball into the data tree along with the .deb packages!)


Note that the chroot environment only pulls dependencies from the active PuppetAgain repositories. If you are building a chain of dependent packages, you'll need to either adjust the chroot to include a temporary directory, or add each dependent package to the repositories before proceeding.


To create a brand-new package with no base package, it's probably easiest to begin with a "normal" debian packaging process, and copy the resulting debian/ directory into the PuppetAgain source tree. Then proceed as above.


See ReleaseEngineering/PuppetAgain/Packages#Ubuntu: Landing Custom Repository Changes.

Other Approaches

In addition to the instructions below, these bugs also have package building pointers relevant to their specific situation:

  • bug 975034 - Patch our current version of Mesa (8.0.2) for our EC2 test machines
  • bug 975216 - Please update libxcb on the linux test slaves to a more recent release
  • bug 961279 - Comment 31 contains detailed instructions about how deb packages for hg 3.1.2 have been built.

You can read how to generate a "debian" directory with what you need for "puppetagain-build-deb" by reading this comment by rail.

You can also read this blog post to understand the whole picture:


You can use Ubuntu 12.04 based VM on your laptop or ubuntu64packager1.

To build a package in clean-room environment use pbuilder. It uses precreated images to build DEBs in chroot.

Create pbuilder images

Use the following command to create pbuilder environments.

  • Ubuntu 12.04 Precise 64 bit
sudo pbuilder --create --distribution precise --architecture amd64 \
    --components "main restricted universe multiverse" \
    --override-config \
    --debootstrapopts --variant=buildd \
    --basetgz /var/cache/pbuilder/base-precise-amd64.tgz \
    --mirror \
    --othermirror "deb precise-updates main restricted universe multiverse|deb precise-security main restricted universe multiverse"
  • Ubuntu 12.04 Precise 32 bit
sudo pbuilder --create --distribution precise --architecture i386 \
    --components "main restricted universe multiverse" \
    --debootstrapopts --variant=buildd \
    --basetgz /var/cache/pbuilder/base-precise-i386.tgz \
    --mirror \
    --othermirror "deb precise-updates main restricted universe multiverse|deb precise-security main restricted universe multiverse"
  • Ubuntu 14.04 Trusty 32 bit
sudo pbuilder --create --distribution trusty --architecture i386 \
    --components "main restricted universe multiverse" \
    --override-config \
    --debootstrapopts --variant=buildd \
    --basetgz /var/cache/pbuilder/base-trusty-i386.tgz \
    --mirror \
    --othermirror "deb trusty-updates main restricted universe multiverse|deb trusty-security main restricted universe multiverse"
  • Ubuntu 14.04 Trusty 64 bit
sudo pbuilder --create --distribution trusty --architecture amd64 \
    --components "main restricted universe multiverse" \
    --override-config \
    --debootstrapopts --variant=buildd \
    --basetgz /var/cache/pbuilder/base-trusty-amd64.tgz \
    --mirror \
    --othermirror "deb trusty-updates main restricted universe multiverse|deb trusty-security main restricted universe multiverse"

Building a package

There are some different ways to build a binary package

Building from orig.tar.gz, debian.tar.gz and dsc

sudo pbuilder --build --distribution precise --architecture amd64 \
--basetgz /var/cache/pbuilder/base-precise-amd64.tgz --buildresult ./out *.dsc

"out" directory will be populated with files you'll need to import into the repo.

By default if the same upstream version has 2 entries in debian/changelog, packaging tools don't add orig.tar.gz in the *.changes files (used when you import the package). If for some reason you need to add the upstream source into the "changes" file (for example, when you backport some package) pass "-sa" to the packaging tools:

sudo pbuilder --build --distribution precise --architecture amd64 \
--basetgz /var/cache/pbuilder/base-precise-amd64.tgz --buildresult out --debbuildopts "-sa" *.dsc

Building using git-buildpackage

git-buildpackage allows you to have everything related to a package under version control. Your git checkout contains the following branches needed to build the package:

  • upstream: upstream sources
  • debian: debianization work
  • pristine-tar (optional): binary information needed to recreate orig.tar.gz from git with a proper final checksum

The following config (~/.gbp.conf) file is used:

cleaner = fakeroot debian/rules clean
pristine-tar = True
color = auto

export-dir = ../build-area/
tarball-dir = ../tarballs/
pbuilder = True
dist = precise

dch = False

The following scenario used to rebuild puppet-2.7.17:

# get Debian's package (apt-cache showsrc puppet|grep ^Vcs-Git:)
git clone git://
cd puppet
git co -b pristine-tar origin/pristine-tar
git co -b mozilla upstream/2.7.17 # checkout upstream version we need, by tag
git merge debian/2.7.17-1 # merge debian changes for that version, by tag
dch --local mozilla --distribution precise # bump debian/changelog with proper version suffix
git commit -va
# build it
ARCH=amd64 BUILDER=pbuilder git-buildpackage --git-upstream-branch=origin/upstream --git-debian-branch=mozilla  # add -sa to include source)
# once you're happy with the package, tag it
ARCH=amd64 BUILDER=pbuilder git-buildpackage --git-upstream-branch=origin/upstream --git-debian-branch=mozilla --git-tag
# to build i386 specific package you need to pass -B to avoid adding orig/debian.tar/gz files into the changes file
ARCH=i386 BUILDER=pbuilder git-buildpackage --git-upstream-branch=origin/upstream --git-debian-branch=mozilla  -B

Building multiple dependent packages

Sometimes you may need to build a package which requires a fresher dependency (library). In this case you need to build the library first and use a temporary local repo. Packaging nodejs is a good example.

Pbuilder can use hooks to run some actions.

  • Add the following entries to your ~/.pbuilderrc
OTHERMIRROR="deb file://$HOME/debs/packages ./"
  • Add a hook to generate package indexes
mkdir ~/.pbuilder-hooks
  • .pbuilder-hooks/D05deps contents:
(cd /home/rail/debs/packages && apt-ftparchive packages . > Packages)
apt-get update
  • chmod 755 .pbuilder-hooks/D05deps
  • edit existing images
sudo pbuilder --login --basetgz /var/cache/pbuilder/base-precise-amd64.tgz --save-after-login
# inside the subshell
apt-get install apt-utils
echo "deb file:///home/rail/debs/packages ./" >> /etc/apt/sources.list
echo 'APT::Get::AllowUnauthenticated "true";' > /etc/apt/apt.conf.d/90mozilla
  • repeat for the i386 image
  • build the library
  • copy the resulting debs into $HOME/debs/packages
  • build the application


At the moment there is no testing repo. You need to manually install packages to test them.