Preparing security uploads for Debian stable requires a slightly different packaging workflow as the one required for unstable, especially when it comes to building packages. In fact, security updates and backports should necessarily be built and tested in the environment they are prepared for.
In this blog post we'll speak about a specific pbuilder configuration which makes build of backports and security uploads easier.
Command line arguments
pbuilder already allows you to set up several system tarballs, which you can build via
$ pbuilder create --basetgz <path for the tarball> --distribution <distribution>
e.g.
$ pbuilder create --basetgz /var/cache/pbuilder/oldoldstable-amd64-base.tgz --distribution oldoldstable
to build a Wheezy system tarball.
These tarballs can be updated via pbuilder update --basetgz <tarball path>.
That way, you can create a tarball for each version of Debian you want to build
for, and specify the path of the tarball via the --basetgz option when building
packages.
Configuration
Naturally, you don't have to pass --basetgz for every single build. With a bit of
configuration, pbuilder can choose the right tarball for you!
The Debian wiki already suggests a
configuration file which enables automatic detection of the goal distribution in the
general case. My changes allow the support of -security archives for security uploads
as well the support for oldoldstable (useful for LTS work) and UNRELEASED
targets.
# Codenames for Debian suites according to their alias. Update these when
# needed.
UNSTABLE_CODENAME="sid"
TESTING_CODENAME="buster"
STABLE_CODENAME="stretch"
OLDSTABLE_CODENAME="jessie"
OLDOLDSTABLE_CODENAME="wheezy"
STABLE_BACKPORTS_SUITE="$STABLE_CODENAME-backports"
STABLE_SECURITY_SUITE="$STABLE_CODENAME-security"
OLDSTABLE_SECURITY_SUITE="$OLDSTABLE_CODENAME-security"
OLDOLDSTABLE_SECURITY_SUITE="$OLDOLDSTABLE_CODENAME-security"
# List of Debian suites.
DEBIAN_SUITES=($UNSTABLE_CODENAME $TESTING_CODENAME $STABLE_CODENAME
$OLDSTABLE_CODENAME $OLDOLDSTABLE_CODENAME
$STABLE_BACKPORTS_SUITE $STABLE_SECURITY_SUITE
$OLDSTABLE_SECURITY_SUITE $OLDOLDSTABLE_SECURITY_SUITE
"unstable" "testing" "stable" "oldstable" "oldoldstable")
# Mirrors to use. Update these to your preferred mirror.
DEBIAN_MIRROR="ftp.de.debian.org"
# Optionally use the changelog of a package to determine the suite to use
# if none set.
if [ -z "${DIST}" ] && [ -r "debian/changelog" ]; then
DIST=$(dpkg-parsechangelog --show-field=Distribution)
# Use the unstable suite for Debian experimental packages.
if [ "${DIST}" == "experimental" ]; then
DIST="unstable"
fi
# Use the unstable suite for unreleased packages.
if [ "${DIST}" == "UNRELEASED" ]; then
DIST="unstable"
fi
fi
# Optionally set a default distribution if none is used. Note that you can
# set your own default (i.e. ${DIST:="unstable"}).
: ${DIST:="$(lsb_release --short --codename)"}
# Optionally change Debian codenames in $DIST to their aliases.
case "$DIST" in
$UNSTABLE_CODENAME)
DIST="unstable"
;;
$TESTING_CODENAME)
DIST="testing"
;;
$STABLE_CODENAME)
DIST="stable"
;;
$STABLE_SECURITY_SUITE)
DIST="stable"
;;
$OLDSTABLE_CODENAME)
DIST="oldstable"
;;
$OLDSTABLE_SECURITY_SUITE)
DIST="oldstable"
;;
$OLDOLDSTABLE_CODENAME)
DIST="oldoldstable"
;;
$OLDOLDSTABLE_SECURITY_SUITE)
DIST="oldoldstable"
;;
esac
# Optionally set the architecture to the host architecture if none set.
# Note that you can set your own default (i.e. ${ARCH:="i386"}).
: ${ARCH:="$(dpkg --print-architecture)"}
NAME="$DIST"
if [ -n "${ARCH}" ]; then
NAME="$NAME-$ARCH"
DEBOOTSTRAPOPTS=("--arch" "$ARCH" "${DEBOOTSTRAPOPTS[@]}")
fi
BASETGZ="/var/cache/pbuilder/$NAME-base.tgz"
DISTRIBUTION="$DIST"
BUILDRESULT="/var/cache/pbuilder/$NAME/result/"
APTCACHE="/var/cache/pbuilder/$NAME/aptcache/"
BUILDPLACE="/var/cache/pbuilder/build/"
if $(echo ${DEBIAN_SUITES[@]} | grep -q $DIST); then
# Debian configuration
MIRRORSITE="http://$DEBIAN_MIRROR/debian/"
COMPONENTS="main contrib non-free"
if $(echo "$STABLE_CODENAME stable" | grep -q $DIST); then
OTHERMIRROR=
"$OTHERMIRROR | deb $MIRRORSITE $STABLE_BACKPORTS_SUITE $COMPONENTS"
fi
else
echo "Unknown distribution: $DIST"
exit 1
fi