-
Notifications
You must be signed in to change notification settings - Fork 15
gitian building setup gitian fedora
In this section we will be setting up the Fedora installation for Gitian building.
We assume that a user gitianuser
was previously created and added to the wheel
group.
To repeat ths step, log in as root
and type:
usermod gitianuser -a -G wheel
Log in as root
and set up the required dependencies.
Type/paste the following in the terminal:
dnf install git python ruby apt-cacher-ng qemu dpkg debootstrap python-cheetah gnupg tar rsync wget curl lxc libvirt
Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds:
# Enable the apt-cacher-ng service
systemctl enable apt-cacher-ng.service
# the version of lxc-start in Fedora needs to run as root, so make sure
# that the build script can execute it without providing a password
echo "%wheel ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc
echo "%wheel ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc
# make /etc/rc.d/rc.local script that sets up bridge between guest and host
echo '#!/bin/sh -e' > /etc/rc.d/rc.local
echo 'brctl addbr br0' >> /etc/rc.d/rc.local
echo 'ip addr add 10.0.3.2/24 broadcast 10.0.3.255 dev br0' >> /etc/rc.d/rc.local
echo 'ip link set br0 up' >> /etc/rc.d/rc.local
echo 'firewall-cmd --zone=trusted --add-interface=br0' >> /etc/rc.d/rc.local
echo 'exit 0' >> /etc/rc.d/rc.local
# mark executable so that the rc.local-service unit gets pulled automatically
# into multi-user.target
chmod +x /etc/rc.d/rc.local
# make sure that USE_LXC is always set when logging in as gitianuser,
# and configure LXC IP addresses
echo 'export USE_LXC=1' >> /home/gitianuser/.bash_profile
echo 'export GITIAN_HOST_IP=10.0.3.2' >> /home/gitianuser/.bash_profile
echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/gitianuser/.bash_profile
reboot
At the end Fedora is rebooted to make sure that the changes take effect. The steps in this section only need to be performed once.
Login as the user gitianuser
that was created during installation.
The rest of the steps in this guide will be performed as that user.
There is no python-vm-builder
package in Fedora, so we need to install it from source ourselves,
wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz
echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c
# (verification -- must return OK)
tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz
cd vm-builder-0.12.4+bzr494
sudo python setup.py install
cd ..
Note: When sudo asks for a password, enter the password for the user gitianuser
not for root
.
Clone the git repositories for ion and Gitian.
git clone https://github.com/devrandom/gitian-builder.git
git clone https://github.com/cevap/ion
git clone https://github.com/cevap/gitian.sigs.git
git clone https://github.com/cevap/ion-detached-sigs.git
Gitian needs a virtual image of the operating system to build in. Currently this is Ubuntu Trusty x86_64. This image will be copied and used every time that a build is started to make sure that the build is deterministic. Creating the image will take a while, but only has to be done once.
Execute the following as user gitianuser
:
cd gitian-builder
git checkout 686a00ad712e30ba3a7850c16ef32f650df5b5dc # This version seems to work better than master
bin/make-base-vm --lxc --arch amd64 --suite trusty
There will be a lot of warnings printed during the build of the image. These can be ignored.
Note: When sudo asks for a password, enter the password for the user gitianuser
not for root
.